Slashdot Mirror


Ask Slashdot: Changing Passwords For the New Year?

New submitter windcask asks "Every New Year's Day, I assemble and memorize a random collection of seven to ten mixed-case alphanumeric characters and proceed to change every password I have on the interwebs to these characters (plus a few extra characters unique to the site). The problem is I only change them on the sites I visit. Once in a while, I'll come across a site I haven't visited for a few years, and I may end up not being able to guess the password before the try-lockout takes effect. What are your password-changing rituals, and how do they deal with situations like mine? I do use Keepass for work, but it is sometimes impractical for times I'm at other computers."

2 of 339 comments (clear)

  1. Lastpass by Anonymous Coward · · Score: 5, Interesting

    https://lastpass.com/

  2. Re:http://xkcd.com/936/ by plover · · Score: 4, Interesting

    Be cautious. If www.poorlysecuredforum.com keeps your password in the database, and I hack them and see someone with the user name of DMUTPeregrine and the password of 1CorrectHorseBatteryStaple+poorlysecuredforum.com? I'm going to try logging in here as DMUTPeregrine / 1CorrectHorseBatteryStaple+slashdot.org. And I'll try logging in to wellsfargo.com and citibank and usbank and chase all the same way.

    Your suggestion of using a hash as the password is much more secure, assuming you actually use it. But next time you create a hash, try a little trick: google for it. Google is like the world's largest and fastest distributed rainbow table. Last time I checked, googling for the MD5 digest of "12345" returned something like 11,000 hits, all of which said "12345" right there on the search results. Time to go change the hash on my luggage.

    --
    John