Slashdot Mirror
Password Resets Worse Than Reusing Old password
narramissic writes "We all know well the perils of password reuse. But what about the information used to reset passwords? Many sites use a standard set of questions — your mother's maiden name, the name of your best friend, what city you grew up in, or what brand your first car was. And you probably have a standard set of responses, making them easy to remember but not very secure. 'The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car,' says security researcher Markus Jakobsson. But 'password reset does not have to be a weak link,' says Jakobsson. 'Psychologists know that people's preferences are stable — often more so than long term memory. And very few preferences are recorded in public databases.'"
Fooled them. My first car was a Chevy!
Bridgekeeper: Stop. What is your name?
Galahad: Sir Galahad of Camelot.
Bridgekeeper: What is your quest?
Galahad: I seek the Grail.
Bridgekeeper: What is your favourite colour?
Galahad: Blue. No, yel...
I am the richest astronaut ever to win the superbowl.
My mother's maiden name was 12345
My bank uses a PIN in additional to the login. This actually makes sense to me - as PINs are generally easier to remember than my 10 digits random char-lists, but moreover it's at least honest about the purpose of these extra fields - and doesn't dupe people into leaving their pants down when the DB gets hacked one day.
So you think someone is going to hack the login database for a bank and is going to be focusing on the fact that your first pet's name was Mittens?
Spelling mistakes, grammatical errors, and stupid comments are intentional.
Comment removed based on user account deletion
Or, "Where did you bury the body of your eleventh victim?"
He uses post-it notes stuck to his monitor.
Thats why I use random gibberish as a question, and rot13 that and use as the answer.
Posting anonymously because I don't want you to look into my accounts and attempt to get into them!
Check out Unsealed: Whispers of Wisdom! http://unsealed.k3rnel.net It's an action-RPG about Open Sourcerers.
OH, so I'm supposed to mark that checkbox up there?
Check out Unsealed: Whispers of Wisdom! http://unsealed.k3rnel.net It's an action-RPG about Open Sourcerers.
...but my password is always ); DROP TABLE user_accounts;
The game.
No one will ever guess that I just pick a question at random and give all the same answers.
Mother's Maiden Name: lando-calrissian
Favorite pet: lando-calrissian
Year you were born: lando-calrissian
Best friend: lando-calrissian
Guess that, suckers.
There's no place like
You're lucky. I'm still confused by what happened to me.
He said, "Mr. Wong, your confirmation question is, 'What did Eve first say, when she saw Adam?'.".
"Hmm, that's a tough 1."
"Yes, that is correct. Now, the deciphering question is, 'How does a foobar ask a question?'.".
"What?"
"Yes, that is correct. Will there be anything else for you today, Mr. Wong?".
testing out my trending skills
Well the easy solution is to use a random string of characters.
"My first pet was 4fgTY2k11."
Make sure you use numbers and both lower and upper case letters at least.
How are you gonna remember this in 10 years though? Easy! Store it in a file called "passwords.txt" in your My Documents folder. Works for me!
Seriously, I do reuse passwords -- I use the same pw for low-security sites (message boards, excluding slashdot)[...]
Why do you exclude Slashdot? People don't gain anything compromising your account here. I use the same pw on all sites...
HAHAHA Disregard that, I SUCK COCKS.