Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: Strong passwords defeated by weak Web sites?
14 views
Skip to first unread message
Message has been deleted
Nomen Nescio
Jun 2, 2013, 6:09:11 PM6/2/13
to
In article <iabtp85nmk5rlrrns...@4ax.com>
mo...@alsdjf.com wrote:
>
> What good is it to go weird making up and remembering weird multi
> character passwords when the dang Web sites allow themselves to be
> hacked left and right and give away my password plus other info?
>
> How many times have you seen someone begging in the groups for a way
> to retrieve access to their comps and the info on them because they
> used those complicated passwords and forgot or lost them?
>
> Another question I have is why in the $#@&^%& do not Web sites
> encrypt what is on their servers? Again and again I read about credit
> card numbers, SS numbers, etc., stolen because they were just sitting
> on these servers bare butt naked waiting to be taken? This especially
> applies to the idiots we have who are responsible for government
> servers. If I, a non-tech know-nothing, knows enuf to encrypt
> important stuff on my machine, what in the hell is the matter with
> this tech gurus who run these commercial and government computer
> systems?
>
> I don't get it.
A lot of programmers just aren't very good when it comes to
security.
They may be great at putting the product together, but they're not
thinking about all the possible pitfalls. Although, that problem
goes
both ways. You can't always expect a computer security expert to
program everything as well as they do the security aspect.
It doesn't help that a lot of these companies have 'good enough'
mentalities. They don't expect that the worst can happen, so they
don't
prepare for it. That's why you'll see companies will simply hash
important information. They think that it's good enough.
A good read is http://arstechnica.com/security/2013/05/how-crackers-
make-minced-meat-out-of-your-passwords/
mo...@alsdjf.com wrote:
>
> What good is it to go weird making up and remembering weird multi
> character passwords when the dang Web sites allow themselves to be
> hacked left and right and give away my password plus other info?
>
> How many times have you seen someone begging in the groups for a way
> to retrieve access to their comps and the info on them because they
> used those complicated passwords and forgot or lost them?
>
> Another question I have is why in the $#@&^%& do not Web sites
> encrypt what is on their servers? Again and again I read about credit
> card numbers, SS numbers, etc., stolen because they were just sitting
> on these servers bare butt naked waiting to be taken? This especially
> applies to the idiots we have who are responsible for government
> servers. If I, a non-tech know-nothing, knows enuf to encrypt
> important stuff on my machine, what in the hell is the matter with
> this tech gurus who run these commercial and government computer
> systems?
>
> I don't get it.
A lot of programmers just aren't very good when it comes to
security.
They may be great at putting the product together, but they're not
thinking about all the possible pitfalls. Although, that problem
goes
both ways. You can't always expect a computer security expert to
program everything as well as they do the security aspect.
It doesn't help that a lot of these companies have 'good enough'
mentalities. They don't expect that the worst can happen, so they
don't
prepare for it. That's why you'll see companies will simply hash
important information. They think that it's good enough.
A good read is http://arstechnica.com/security/2013/05/how-crackers-
make-minced-meat-out-of-your-passwords/
Message has been deleted
Nomen Nescio
Jun 3, 2013, 8:45:32 AM6/3/13
to
In article <9p0oq8hmgsd9lkvif...@4ax.com>
mo...@alsdjf.com wrote:
> Well, that article showed me that the Diceware site had it right all
> along. I've used their method for years. Unfortunately, too many
> sites will not allow the spacing necessary to create passphrases.
>
> http://world.std.com/~reinhold/diceware.html
>
> http://world.std.com/~reinhold/dicewarefaq.html#howlong
>
> It really ticks me off that even a no-tech dummy such as myself has
> learned this years ago from sites like the Diceware site, but these
> hot shots who design major sites are either ignorant as hell or don't
> give a damn about this problem. It an absolute insult for those
> "professional boobs" to disallow me such simple protection.
>
> I'm going save that article and the others it linked to for posterity
> and pass them along in the future.
>
> Much Thanks!
Have you given KeePass a shot? It'll create long random passwords
for you, then you only need to know the master password for the
database. There are things you can do to keep the database from
being brute forced. Well, slow it down.
mo...@alsdjf.com wrote:
> along. I've used their method for years. Unfortunately, too many
> sites will not allow the spacing necessary to create passphrases.
>
> http://world.std.com/~reinhold/diceware.html
>
> http://world.std.com/~reinhold/dicewarefaq.html#howlong
>
> It really ticks me off that even a no-tech dummy such as myself has
> learned this years ago from sites like the Diceware site, but these
> hot shots who design major sites are either ignorant as hell or don't
> give a damn about this problem. It an absolute insult for those
> "professional boobs" to disallow me such simple protection.
>
> I'm going save that article and the others it linked to for posterity
> and pass them along in the future.
>
> Much Thanks!
Have you given KeePass a shot? It'll create long random passwords
for you, then you only need to know the master password for the
database. There are things you can do to keep the database from
being brute forced. Well, slow it down.
0 new messages