CHANGE PASSWORD

Current password: foxconn2

New password: foxconn3

Confirm new password: foxconn3

I saw no mention of Disney in the article.

ballistic123: CHANGE PASSWORD

Current password: foxconn2

New password: foxconn3

Confirm new password: foxconn3

Let me guess...next one is foxconn4. I see that pretty often. Of course, nothing tops the server with confidential personal data that had no administrator password at all.

/I miss when my job was just replacing bad hard drives, running backups...

ballistic123: CHANGE PASSWORD

Current password: foxconn2

New password: foxconn3

Confirm new password: foxconn3

Yep.

ballistic123: Confirm new password: foxconn3

This. After some of my sister's game accounts were broken into, she changed her password from "PASSWORD" to "DROWSSAP" - you can lead a horse to water but you can't make it turn on its motherfarking brain for five minutes.

Aww man, they increased the security requirements.

New password: Foxconn2

3foxconn

/yeah, I went there, biatches.

Fluorescent Testicle:
This. After some of my sister's game accounts were broken into, she changed her password from "PASSWORD" to "DROWSSAP" - you can lead a horse to water but you can't make it turn on its motherfarking brain for five minutes.

Is that a problem with the user or a problem with the system?

Enter password: Tesco Value Password

Error can not use spaces must be between 8 and 16 characters long.

Please reenter password: BiteMeBiteMe

Account created.

I find XKCD to be hit & miss but he was quite correct about the horse, battery and indeed the staple.

Rickenbacker: Of course, nothing tops the server with confidential personal data that had no administrator password at all.

No password or 50 characters of gibberish and a mandate of "sudo or GTFO"? Just curious.

I'm not going to give my actual passwording algorithm away here, but for me the best way to do it is have two parts to the password, one being based on a random string of numbers, letters and symbols, and the other being based of the name of the website. Have the first part be common to all your passwords, and there you go. Easy to remember, hard to guess.

eg.

VcXz$3@1karf
VcXz$3@1elgoog
VcXz$3@1nropuoy

ballistic123:
VcXz$3@1karf
VcXz$3@1elgoog
VcXz$3@1nropuoy

$ and @ will be rejected by a LOT of places due to filtering for SQL injection attacks (and other such things). I still think just allowing a undefined length of UTF-8 text (with some sanitising to stop Bobby Tables) is better.

I'm not saying your system won't work, just that I've seen a lot of sites that explicitly disallow control & 'special' characters.

Their new password...hunter2?

Fluorescent Testicle: ballistic123: Confirm new password: foxconn3

This. After some of my sister's game accounts were broken into, she changed her password from "PASSWORD" to "DROWSSAP" - you can lead a horse to water but you can't make it turn on its motherfarking brain for five minutes.

Drows don't have sap, dryads do.

Vaneshi: ballistic123:
VcXz$3@1karf
VcXz$3@1elgoog
VcXz$3@1nropuoy

$ and @ will be rejected by a LOT of places due to filtering for SQL injection attacks (and other such things). I still think just allowing a undefined length of UTF-8 text (with some sanitising to stop Bobby Tables) is better.

I'm not saying your system won't work, just that I've seen a lot of sites that explicitly disallow control & 'special' characters.

I've read articles recently that the best simple way to handle passwords is a long memorable phrase.

ala "FluffMarshmallowsInAJarFark"

..simply because every character you add increases brute force searching by an order of magnitude, and you don't have to worry about remember wacky strings of characters.

ZAZ: ballistic123

Secret+website is a memory-security compromise. It offers more protection than a single shared password but less than truly unique passwords.

It's a compromise, true, but realistically an insignificant one. If one site is compromised to a point where an intruder actually gets one of my unencrypted passwords, he will also have 10,000+ other passwords. The most likely use for this list will be to try the same username/password combo on other sites. The chances that the passwords will be analyzed for algorithms on a mass scale is very slim.

Plus, if you're doing it correctly, the website based portion should be unrecognizable as being based on the website (as to avoid giving any clues).

That being said, yes, it's true, having a true randomly generated password of 20+ length (and is not written down somewhere), unique to each login is the most secure way to go.

snowshovel:
I've read articles recently that the best simple way to handle passwords is a long memorable phrase.

The argument for password vs passphrase has been going on for quite a long time. I can see a need to disallow "The Quick Brown Fox Jumped Over The Lazy Dog" in all forms but beyond go for it.

It's reached the point in some companies where you have a password generator, feed the result in to the change password prompt, then write it down somewhere. As it's the only way to not spend 20min on this months password and get on with the job at hand.

LarryDan43: ballistic123: CHANGE PASSWORD

Current password: foxconn2

New password: foxconn3

Confirm new password: foxconn3

Yep.

Current password: foxconn3

New password: 3foxconn

Confirm new password: 3foxconn

/they'll never guess it!

Vaneshi: Rickenbacker: Of course, nothing tops the server with confidential personal data that had no administrator password at all.

No password or 50 characters of gibberish and a mandate of "sudo or GTFO"? Just curious.

No password at all. Just hit enter. Niiiice.

I still have employees bring up the two days in a row that I went around and threw away their Post-It notes stuck to the monitor...which they had written their passwords on. They had done that before I took this job, why was I being so mean?

tortilla burger: Their new password...*******?

That's an odd choice, but I guess seven asterisks is somewhat less commonly guessed than the name of the company. Still pretty crappy, though.

no need for stupid password when little toy p0n1es works just fine.

Well, at least Fark is on top of their game. If you type your password, it's automatically changed into a bunch of asterisks! I'll type mine:

************

See?

I won a math debate: Well, at least Fark is on top of their game. If you type your password, it's automatically changed into a bunch of asterisks! I'll type mine:

************

See?

It does the same thing with Social Security numbers.

***-**-****

/Problem?



_{░░░░░░░░░░░░░░░░░░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒░░░░░░░░░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░▒██████████████████████████▓▓▓░░░░░░░░░░░░░░░░
░░░░░░░░░░░█░▓░░░░░░░░░▒▓▒▒▒▒▒▓▒▒░░▒▒▒▓▓▓████▓▒░░░░░░░░░░░
░░░░░░░░░░██▒░░░░░░░▓▓▓░░░░░░░░░░▒▒▓▒▒▒▒▓▒▒▓███▒░░░░░░░░░░
░░░░░░░░░▓█░░░░░░░▓▓░░▒▓▒▓▓▓▓▓▓▓▒░░░░░░░░▒▒▒▒▒░▓██░░░░░░░░
░░░░░░░░▒█▒░░░░░▓▓░▒▓▓░░░░░░░░░░░▒▒▒▒▒▒▒░░░░▒▒░░██▓░░░░░░░
░░░░░░░░██░░░░░▓░░▓░▒▓▒▓▒▒▒▒▓▓░░░░░░░░░░▒▒▒▒░░░░░░▓█▓░░░░░
░░░░░░░▓█░░░░▒░▓▒░▓▒░░░░░░░░▓░░░░░░░▓▒▒░░░▓▒░░░░░▓█░░░░░░░
░░░░░░░█▓░░░░▒░▓░▓▒░░░░░░░░░░▓░░░░░░░░▒░░░░░░░▓░░░░░█▒░░░░
░░░░░░▒█░░░░░░▓░▓▒░░░░░░░░░░░▒░░░░░░░▓░░░░░░░░▓░░░░░█▒░░░░
░░░░░░██░░░░░░░░▒░░▓██░████▒░░░░░░░░░▒░░░░░░░░░░░░░░█▓░░░░
░░░░░▓█░░░░░░░░░░███████▒███░░░░░░░░▒░░▒▓▓▓▓▒░░░░░░▓█░░░░░
░░░░██▓░▒░░░░░▒▒▒█▓▓████▓░░░██▒░░░░░░░▓███████▓░░░░░░██▓░░
░░░██▓▓▓▓▓▓░░█▓░▓██████████░░██░░░░▓▒█████████▓▒▓▓▓▓█░▓█▓░
░░██▓░░░▓▓▓▓▒░░▓░▒▒░░░▓░░▒████▓░░░░█████▓▒▒░░░░░░░░░░░▓█░░
░▓█▒▒░░███████▓░░░░░░██░░░░▒█▒░░░░░░▒█░░░░░░░░░░░░░▓▒▒░█▓░
▒█▒▓░░█▓░░░░░████▒▒███░░░░░░░░░░░░░░░█░░░░░░░░░█████░▓░▓█▓
▓█░▓░▓█░░░▓▓░░░▒████░░░░░░░░░░░░░░░░░█░░░░░██▒██░░░█▓▒░▒█▓
█▓░▓░█▒░░░███░░░░░░░░░░░░░░░░░░░░░░░░██▓░░░▒███▒▒▒░░░▒░▒█▓
▒▓░▓░█░░▒██▒███░░░░░░░░░░▒▒███▒░░░░░░░▓██░░░░░░░▓█░░░▒░▒█▓
░█░▓░█▒████░░▒███░░░░▓▒▒▒▒▓█░░░░░░░░░░░▓██░░░░░░▓█░░▒▒░▓█▒
░█░▓░▓█░░░█▓░░░▒███▓░░░░░░▓█░████▒░░░░░███▓▒░░░░██▓░░░▓██░
░▒▓▒░░█░░░██▒░░░▒█▓███▓░░░▒█▓█▒░▓▒░░░░██░░░░▓▒░▓███░▓▒░█▓░
░░█░▓▒░░░░▒███▒░▒█░░▒▓████▒░░░░░░░░█▓██░░░░░░░██▓█░░░▓█░░░
░░██░░▓░░░░▓████▒█▓░░░░░▒████▓░░░░▒█▓░░░░░░▓██▓▓██░░░█▒░░░
░░░██▓░░░░░░█▓░████▒░░░░░█▓▒▓███████▒▒▒▒▓████▒▒█░██░░▒█░░░
░░░░██░░░░░░▒█▒░▒█████▒░░█░░░░░░████████▒▒█▒░░█░██░░▓█░░░░
░░░░░██░░░░░░▓█░░█▒███████░░░░░░▓▓░░░▒█░░░░▓█░▓█▓██░░▓█░░░
░░░░░▒█▒░░░░░░██░█░░░▓██████▓░░░▓▓░░░░█░░░▓███████░░▓█░░░░
░░░░░░█▓░░░░░░░██▓░░░░░░███████████████████████████░░▓█░░░
░░░░░░▓█░░░░░░░░██░░░░░░█▒░▓███████████████████████░░▓█░░░
░░░░░░░██░░░░░░░░██▒░░░▒█▒░░░░▒██████████████████▓█░░▓█░░░
░░░░░░░░█▓░░░░░░░░▓██░░██░░░░░░█▒░▒▒▒███████▒█▒█▓█▓░░▓█░░░
░░░░░░░░▒██░░░░░░░░░██▓█░░░░░░░█▒░░░░█▒░░▓█░▓█░█▓█░░░▓█░░░
░░░░░░░░░░██░▓▒░▒▓░░░▒███▒░░░░░█▒░░░░█░░░█▒░█░██▓░░░▓█░░░░
░░░░░░░░░░░██░░█░░▒▓░░░▒████▓▓░█▒░░░█░░▓█░▓████▒░░░░▓█░░░░
░░░░░░░░░░░▒██▓░▒▓░░▓▓░░░░▒██████████████████▓░░░░░░░▒█░░░
░░░░░░░░░░░░░██▒░▒▓▒░▒▓▒░░░░░░░░░░░░░░░░░░░░░░░▓░░░░░█▒░░░
░░░░░░░░░░░░░░░▓██░░▓▓░░▓▓░░░░░▓▓▓▓▓▓▓▓▓▓░░░░░▓░░░▓░░█▒░░░
░░░░░░░░░░░░░░░░░███▓░░▒▓▒░▒▓▓▒░░░░░░░░░░░░░░▓▓░░░░▓░░█▒░░
░░░░░░░░░░░░░░░░░░░▓██▓░░░▒▒▒▓▒▓▒▒▒▒▒▓▒▒▒▒▒▓▒░░░░▒▓░░░█▒░░
░░░░░░░░░░░░░░░░░░░░░▒███░░░░░▒▒▓▓▓▒▒▒▒░░░░░░░░▒█░░░░░█▒░░
░░░░░░░░░░░░░░░░░░░░░░░▒██▓░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒░░░░░▒█░░░
░░░░░░░░░░░░░░░░░░░░░░░░░▒██▓░░░░░░░░░░░░░░░░░░░░░░░░█▓░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░▒█████▒░░░░░░░░░░░░░░░░░░██░░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▒▒████▓░░░░░░░░░░░░▓██░░░░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▓█████▓▓▓▓▓▓▓███▒░░░░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▓██████▓▓▒░░░░░░░░}

Rickenbacker: Vaneshi: Rickenbacker: Of course, nothing tops the server with confidential personal data that had no administrator password at all.

No password or 50 characters of gibberish and a mandate of "sudo or GTFO"? Just curious.

No password at all. Just hit enter. Niiiice.

I still have employees bring up the two days in a row that I went around and threw away their Post-It notes stuck to the monitor...which they had written their passwords on. They had done that before I took this job, why was I being so mean?

Yeah that's... well yeah. No actual password... damn.

I take it your junked the old 8 - 16 no special no control type stuff and jacked the password length up to maximum and told them to just use real words and phrases?

Vaneshi: Rickenbacker: Vaneshi: Rickenbacker: Of course, nothing tops the server with confidential personal data that had no administrator password at all.

No password or 50 characters of gibberish and a mandate of "sudo or GTFO"? Just curious.

No password at all. Just hit enter. Niiiice.

I still have employees bring up the two days in a row that I went around and threw away their Post-It notes stuck to the monitor...which they had written their passwords on. They had done that before I took this job, why was I being so mean?

Yeah that's... well yeah. No actual password... damn.

I take it your junked the old 8 - 16 no special no control type stuff and jacked the password length up to maximum and told them to just use real words and phrases?

Actually, I couldn't. Weird job I have, I am an IT person...but I don't work for IT. I had to wait for IT to get with the times and make those changes. Until they did, the old ladies here really didn't like me. Meh.

Argggh! I was trying to hack that sever but gave up after 'foxconn1'