Slashdot Mirror
Password Resets Worse Than Reusing Old password
narramissic writes "We all know well the perils of password reuse. But what about the information used to reset passwords? Many sites use a standard set of questions — your mother's maiden name, the name of your best friend, what city you grew up in, or what brand your first car was. And you probably have a standard set of responses, making them easy to remember but not very secure. 'The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car,' says security researcher Markus Jakobsson. But 'password reset does not have to be a weak link,' says Jakobsson. 'Psychologists know that people's preferences are stable — often more so than long term memory. And very few preferences are recorded in public databases.'"
Fooled them. My first car was a Chevy!
Bridgekeeper: Stop. What is your name?
Galahad: Sir Galahad of Camelot.
Bridgekeeper: What is your quest?
Galahad: I seek the Grail.
Bridgekeeper: What is your favourite colour?
Galahad: Blue. No, yel...
I am the richest astronaut ever to win the superbowl.
I just use the current month and then the year.
I recently bought a domain+hosting space from a well known site, one that I don't ever recall buying domains from in the past (even searched through years worth of emails - nothing), and when signing up for a new account I was unexpectedly greeted with "that email address is already in use".
So I did went to the password retreival page, entered in my email address and it asked me the stupidest hint question (for me) ever: "What was the make of your first car?", it didn't make sense at all because I still haven't bought my first car!
To do something right, you often have to roll up your sleeves and get busy.
My mother's maiden name was 12345
Many websites allow you to use your own question, rather than a preset one. "What is the movie you'd most relate to your high school career?"
"What was the name of craziest teacher you had?"
Better yet, "On Tuesday mornings, which newspaper did you always use to cut out little robot people?"
My bank uses a PIN in additional to the login. This actually makes sense to me - as PINs are generally easier to remember than my 10 digits random char-lists, but moreover it's at least honest about the purpose of these extra fields - and doesn't dupe people into leaving their pants down when the DB gets hacked one day.
So you think someone is going to hack the login database for a bank and is going to be focusing on the fact that your first pet's name was Mittens?
Spelling mistakes, grammatical errors, and stupid comments are intentional.
Comment removed based on user account deletion
Yes, it is available through public record. But that isn't enough! What if your siblings like to play pranks on you, or if your mother is trying to get you to move out of your basement?
How do I protect myself from THEM?!
It's pretty hard for a virus to read what's beneath the desk. Not impossible if the virus can control your employer's security cameras, but difficult.
If they're under your desk I don't think those are security cameras.
Spelling mistakes, grammatical errors, and stupid comments are intentional.
He uses post-it notes stuck to his monitor.
Thats why I use random gibberish as a question, and rot13 that and use as the answer.
Posting anonymously because I don't want you to look into my accounts and attempt to get into them!
Check out Unsealed: Whispers of Wisdom! http://unsealed.k3rnel.net It's an action-RPG about Open Sourcerers.
OH, so I'm supposed to mark that checkbox up there?
Check out Unsealed: Whispers of Wisdom! http://unsealed.k3rnel.net It's an action-RPG about Open Sourcerers.
Dude, you don't get it ROFL
If you can't get logged in, when you call their help desk they ask you the questions! You have to give some soft spoken girl the answers... ROFLMFAO
I thought about 'eatshitcunt' as an answer, but that just wouldn't work out right
Support NYCountryLawyer RIAA vs People
...but my password is always ); DROP TABLE user_accounts;
The game.
I've got a great work around.
In fields like "Mother's maiden name:", just enter "mothersmaidenname".
Not derivable from any of your public records, and nobody would ever guess it.
Try it.
Support the FairTax
Just lie on these questions! Put in answers you would know, but aren't factually correct.. =)
I have enough trouble remembering the factually correct answers (when the hell is my birthday again?), nevermind the lies.
You're lucky. I'm still confused by what happened to me.
He said, "Mr. Wong, your confirmation question is, 'What did Eve first say, when she saw Adam?'.".
"Hmm, that's a tough 1."
"Yes, that is correct. Now, the deciphering question is, 'How does a foobar ask a question?'.".
"What?"
"Yes, that is correct. Will there be anything else for you today, Mr. Wong?".
testing out my trending skills
Well the easy solution is to use a random string of characters.
"My first pet was 4fgTY2k11."
Make sure you use numbers and both lower and upper case letters at least.
How are you gonna remember this in 10 years though? Easy! Store it in a file called "passwords.txt" in your My Documents folder. Works for me!
Seriously, I do reuse passwords -- I use the same pw for low-security sites (message boards, excluding slashdot)[...]
Why do you exclude Slashdot? People don't gain anything compromising your account here. I use the same pw on all sites...
HAHAHA Disregard that, I SUCK COCKS.