Password Resets Worse Than Reusing Old password

← Back to Stories (view on slashdot.org)

Password Resets Worse Than Reusing Old password

Posted by samzenpus on Wednesday August 13, 2008 @12:26PM from the one-password-when-you're-born dept.

narramissic writes "We all know well the perils of password reuse. But what about the information used to reset passwords? Many sites use a standard set of questions — your mother's maiden name, the name of your best friend, what city you grew up in, or what brand your first car was. And you probably have a standard set of responses, making them easy to remember but not very secure. 'The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car,' says security researcher Markus Jakobsson. But 'password reset does not have to be a weak link,' says Jakobsson. 'Psychologists know that people's preferences are stable — often more so than long term memory. And very few preferences are recorded in public databases.'"

10 of 420 comments (clear)

Min score:

Reason:

Sort:

HA! by Dice · 2008-08-13 12:29 · Score: 5, Funny

Fooled them. My first car was a Chevy!
1. Re:HA! by CaptainPatent · 2008-08-13 12:51 · Score: 5, Funny
  
  Fooled them. My first car was a Chevy!
  *database updated*
  
  --
  Well, back to rejecting software patent applications.
Preferences are stable? by CorporateSuit · 2008-08-13 12:30 · Score: 5, Funny

Bridgekeeper: Stop. What is your name?
Galahad: Sir Galahad of Camelot.
Bridgekeeper: What is your quest?
Galahad: I seek the Grail.
Bridgekeeper: What is your favourite colour?
Galahad: Blue. No, yel...

--
I am the richest astronaut ever to win the superbowl.
Re:pff by jgtg32a · 2008-08-13 12:41 · Score: 5, Funny

My mother's maiden name was 12345
Re:'Other' Questions by quintessentialk · 2008-08-13 12:55 · Score: 5, Funny

Or, "Where did you bury the body of your eleventh victim?"
Re:Even worse... by Nushio · 2008-08-13 14:30 · Score: 5, Funny

OH, so I'm supposed to mark that checkbox up there?

--
Check out Unsealed: Whispers of Wisdom! http://unsealed.k3rnel.net It's an action-RPG about Open Sourcerers.
Re:Even worse... by eugene+ts+wong · 2008-08-13 17:10 · Score: 5, Funny

You're lucky. I'm still confused by what happened to me.
He said, "Mr. Wong, your confirmation question is, 'What did Eve first say, when she saw Adam?'.".
"Hmm, that's a tough 1."
"Yes, that is correct. Now, the deciphering question is, 'How does a foobar ask a question?'.".
"What?"
"Yes, that is correct. Will there be anything else for you today, Mr. Wong?".

--
testing out my trending skills
Re:Are there any good solutions? by Anonymous Coward · 2008-08-13 18:27 · Score: 5, Funny

Well the easy solution is to use a random string of characters.
"My first pet was 4fgTY2k11."
Make sure you use numbers and both lower and upper case letters at least.
How are you gonna remember this in 10 years though? Easy! Store it in a file called "passwords.txt" in your My Documents folder. Works for me!
Re:pff by Catil · 2008-08-13 21:11 · Score: 5, Funny

Seriously, I do reuse passwords -- I use the same pw for low-security sites (message boards, excluding slashdot)[...]
Why do you exclude Slashdot? People don't gain anything compromising your account here. I use the same pw on all sites...
Re:pff by Catil · 2008-08-13 21:12 · Score: 5, Funny

HAHAHA Disregard that, I SUCK COCKS.