Arthur T Knackerbracket has found the following story:
Even seeing data breaches in the news, more than half of consumers are still reusing passwords.
More than half of people haven't changed their password in the last year – even after they've heard about a data breach in the news.
That’s according to a recent survey, “Psychology of Passwords: The Online Behavior That’s Putting You At Risk,” that examined the online security and password behaviors of 3,250 global respondents – and found that people still employ an alarming number of very common and very risky habits, even though they know better.
Researchers said that password reuse was the biggest security faux pas being committed by respondents. In fact, password reuse has actually gotten worse over the years: When asked how frequently they use the same password or a variation, 66 percent answered “always” or “mostly” – which is up 8 percent from the same survey in 2018.
Worse, 91 percent of respondents said they know using the same (or a variation of the same) password is a risk. They still do so anyways.
“Our survey shows that most people believe they are knowledgeable about the risks of poor password security; however, they are not using that knowledge to protect themselves from cyber threats,” said researchers with LastPass by LogMeIn, in a recent report.
[...] “People seem to be numb to the threats that weak passwords pose,” said researchers. “Technology like biometrics is making it easier for them to avoid text passwords all together and many people are simply comfortable using the ‘forgot password’ link whenever they get locked out of their accounts.”
(Score: 5, Insightful) by Arik on Tuesday May 26 2020, @04:10AM
If laughter is the best medicine, who are the best doctors?
(Score: 2, Insightful) by Anonymous Coward on Tuesday May 26 2020, @04:22AM (26 children)
Keep this list in a safe place, such as under lock and key or on your person.
(Score: 2, Disagree) by krishnoid on Tuesday May 26 2020, @05:02AM (4 children)
Lastpass is a pretty good [lastpass.com] option for this, actually, and they provide in-browser JavaScript tools to audit all your stored accounts/passwords against known breaches and for strength and duplication.
(Score: 1, Insightful) by Anonymous Coward on Tuesday May 26 2020, @02:20PM
Except for the number of times that they've had vulnerabilities exposed, the last one being in September of 2019.
(Score: 3, Interesting) by Freeman on Tuesday May 26 2020, @03:36PM
Hmm...., actually, looking at it, it's probably not any worse than storing your password in your browser using the built-in tools. In fact, it might be safer. I'm not a fan of storing my passwords digitally, though. You're less likely to be hacked by keeping a physical copy of your password. Unless you do something dumb, like put it on a sign on your front lawn or the like. Even then, someone would need to have enough interest to mess with it.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2, Informative) by DECbot on Tuesday May 26 2020, @04:45PM
Lastpass has an online element that is vulnerable to compromise in one way or another. There's the backend database and over the wire. Granted, they would be nerd shamed if they didn't perform at least the minimum security efforts to protect against breaches, but the most secure crypto is often breached by shortcomings in the implementation. Exposing your encrypted password database to the internet increases the attack surface area--or so the argument goes when promoting an offline password manager, like....
Mooltipass [themooltipass.com]1 is an offline password keeper that connects to your computing device via USB. Your encrypted password database is stored on the Mooltipass device. The smartcard with the private key to the database is inserted into the Mooltipass, which prompts the user to punch in the 4-digit key into the Mooltipass to unlock the private key. If an attacker gains control of your Mooltipass and smartcard, they will only have three attempts to unlock the smartcard. After 3 failed attempts, Mooltipass will remove the private key from the card to prevent unauthorized access. (note to self: I should really consider making a backup card). Mooltipass management software is available for Linux, Windows, and even Mac and extensions for Firefox and Chrome to facilitate password generation and retrieval for web browsers. If using Mooltipass on a device without the Mooltipass application installed, like a guest PC or an Android device with OTG USB, the Mooltipass will be recognized by the OS as a USB keyboard, allowing you to still retrieve passwords. (I really should be getting paid for this) Granted, your passwords are still vulnerable to the $5 wrench, but an attacker would need the Mooltipass device with the encrypted passwords and the Mooltipass card to gain access to your passwords. If you can survive the wrench three times, you can trick your attacker to lock the smartcard and protect your passwords. Mootipass is open source and available on github [github.com]. Early device development was facilitated by the hackaday [hackaday.com] community and launched as a kickstarter [kickstarter.com]. Besides keeping all my various internet passwords on the device, I keep the 65-character, randomly generated wifi password on my Mooltipass. It was a joke among my family about getting my password as you would have to spend 20 minutes typing out the long string of numbers and characters on all your devices to connect to my wifi when visiting. Now, it takes mere seconds between connecting my Mooltipass to my guests accessing wifi.
All joking aside, the site and video explaining the device is well done and I do use my Mooltipass daily. The wifi story is true too. And now, since it is so easy to input the password, I'm considering changing it more frequently than once every 15 or 20 years (or never, as the case may be).
1 - Mooltipass does not safeguard against keyloggers or other malware capable of capturing keyboard input, browser input, or other mechanisms on a compromised device.
cats~$ sudo chown -R us /home/base
(Score: 2) by krishnoid on Tuesday May 26 2020, @11:15PM
Sorry for responding to my own post, but you can also store a password *hint* in LastPass's password field instead. Then with a couple clicks in your browser you can view the hint, and enter the password itself until you remember it without needing the hint.
You lose a few features, but gain the ability to track per-account disposable email addresses [soylentnews.org], while making information gained by an actual breach/unattended browser generally unusable by attackers who aren't targeting you specifically.
(Score: 3, Insightful) by stormwyrm on Tuesday May 26 2020, @05:14AM (17 children)
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by captain normal on Tuesday May 26 2020, @05:44AM (3 children)
Ah...just write it on a post-it note and stick it on your computer.
https://www.businessinsider.com/hawaii-emergency-agency-password-discovered-in-photo-sparks-security-criticism-2018-1 [businessinsider.com]
Better yet just don't put anything valuable where it can be accessed online. Really you don't need to bank online, nor do you need to need an app on your phone that has all your credit card info.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @08:47AM (1 child)
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @12:21PM
You, AC are due for a good ole' fashioned,
WOOOSH!!!
(Score: 0) by Anonymous Coward on Wednesday May 27 2020, @12:10AM
(Score: 3, Insightful) by EJ on Tuesday May 26 2020, @07:13AM (12 children)
Username: stormwyrm
Password: MySoylentNewsPasswordHas8WordsInIt!
Easy to remember, and pretty hard to brute-force.
Mnemonics work too: !PleaseExcuseMyDearAuntSally#
(Score: -1, Troll) by Anonymous Coward on Tuesday May 26 2020, @07:30AM (2 children)
No-one is brute forcing your lame passwords ... /fucking cluebat
No-one is fucking brute-forcing even your shittest password. Get over that bullshit.
Password rules are theater and I hope you enjoy the show,
(Score: 3, Funny) by EJ on Tuesday May 26 2020, @07:36AM
You know how I know you didn't comprehend anything you read?
Try bopping yourself in the head a few times with that cluebat.
(Score: 2) by hendrikboom on Wednesday May 27 2020, @01:17AM
I regularly get thousands of failed attempts to remotely log into my home computer. Sounds like brute-forcing to me.
I also regularly get emails from a "hacker" revealing my computer's password to me and trying to shake me down for some money. Said hacker has my password, but it's not the one to access my computer -- it's the one I use for unimportant web sites.
-- hendrik
(Score: 2) by stormwyrm on Tuesday May 26 2020, @08:04AM (8 children)
Numquam ponenda est pluralitas sine necessitate.
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @08:54AM (1 child)
You lost 99.9% of the audience at "Doesn't".
Stop creating this mystique about passwords. Truly nobody is brute-forcing your shit unless you're Al-Quesadilla and your kebob delivery is late to the NSA guys.
(Score: 1, Insightful) by Anonymous Coward on Tuesday May 26 2020, @11:09AM
You're a jackass.
Lots of folks would *love* to crack my (and everyone else's) banking/credit card accounts. And if they can get their hands on the database, they'd start brute forcing in a hot minute.
So keep using 'password123' for *your* bank site login. And when they drain your bank account, I won't be there to say "I told you so," because I don't give a rat's ass about morons like you.
And it's no skin off my nose, because I use passwords that can't be brute forced until after our sun expands as a red giant to engulf this planet.
(Score: 2) by NotSanguine on Tuesday May 26 2020, @11:02AM (5 children)
Choosing a bunch of random words is a stupid way to choose a password, as it doesn't scale as you mention.
However, EJ's suggestion is *much* better, both in terms of security and scaling.
I go even further myself, by using well known (well at least to me) quotes, song lyrics and other phrases -- then I modify those in creative ways.
For example:
"This is my rifle, this is my gun." Can be modified to be "This is my wife, she likes my gun." which not only is long enough to defeat brute force attacks, but is different enough from the original quote to *also* defeat database attacks.
What's more, once you've created such a modified phrase it's easy to remember.
How about taking "In the town where I was born, there lived a man who sailed to sea." and turning it into "In the frond where I hid balls, there reeked a smell that made me hurl."
I've already memorized *both*. I can, and have, memorized many similar phrases. Good luck cracking a password like that.
Here's another one for you -- because the possibilities are *endless*:
"I'm not aware of too many things, I know what I know if you know what I mean." Can be "I'm well aware of all of the twinks. I see them and know, if you know what I mean."
Why don't you try a few. It'll make your passwords essentially uncrackable and easy to remember.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @01:36PM (4 children)
If you can reliably recall sentences that long with punctuation and all those prepositions EXACTLY... you're a better man than me. I can't when I have to create a NEW password every 3 months. My issues: There are only so many memorable sentences. You can forget your new sentence because your head is full of all those other expired sentences. At some point, I think you need to come up with a formula for a password postfix and keep using a constant password prefix if you can get away with it. Where that is not allowed because the site checks password similarity when creating a new password, you need to use a sequence referenced to some real world sequence. I don't use this personally, but an example would be name of atomic element with atomic number as a postfix.
(Score: 2) by NotSanguine on Tuesday May 26 2020, @02:21PM (3 children)
Exactly. A real world sequence like a song lyric. Two of which (Yellow Submarine [youtube.com] and What I Am [youtube.com]) I used in my examples.
In fact, song lyrics are ideal as a basis for such password phrases. We tend to remember them more easily than other forms of language [psychologytoday.com], as research confirms [phys.org].
I can't tell you exactly how many songs to which I know at least some of the lyrics, but there are enough for me to waste them giving examples to you and still have way more than I would ever need to use, modified, as passwords.
Here's one just about everyone knows:
"Dashing through the snow, in a one-horse open sleigh" can become "Sniffing all the blow, off a golden metal tray"
And since the lyric itself is quite memorable, as long as you keep the same rhyme/rhythm scheme with your modified phrase, it's easy to remember. Once the *modified phrase* is associated with the melody, Bob's your uncle, Fanny's your granny.
What's more, as you continue to use it, the association becomes *stronger*.
Note that, as mentioned in the links above, the auditory cortex is most responsible for storing lyrics along with the melodies, remembering such stuff is much, much easier than trying to use something like "Four score and seven years ago, our forefathers brought forth a new nation."
I suspect that many (if not most) folks could do the same with the songs they know. Which solves the password problem pretty completely.
Just for fun, here's a few more:
"Can you give me sanctuary, I must find a place to hide" becomes "Can you give me a sack of cherries, I must eat them all today" (The Soft Parade [youtube.com])
"I see a red door and I want to paint it black" becomes "I feed a dead sort and want to take it back" (Paint it Black [youtube.com]). As you can see, the modified lyric doesn't even need to make sense.
Assuming you enjoy music, I'm sure you can come up with dozens, if not hundreds, of these. If that doesn't work for you (have you even tried, or are you just rejecting the idea out of hand?), there's always LastPass [lastpass.com], KeePass [keepass.info] or a Sharpie on the inside of your eyelids.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by Barenflimski on Tuesday May 26 2020, @04:04PM (1 child)
That is all very interesting for sure. I am impressed that your brain works like that. Mine doesn't. I'd forget all my passwords and be logging onto every sight through the "forgot my password" button.
For instance, I sing songs all of the time to people, but still forget the lyrics to songs I've sung a hundred times before. I've become very good at making up lyrics on the fly though. While that works great for crowds, I can't imagine the password algorithm is going to let me bypass authentication because I'm being witty.
Lastpass has been my savior. Never a re-used password and no one can force a password from my head as I don't know any of them.
(Score: 2) by NotSanguine on Tuesday May 26 2020, @04:23PM
Fair enough.
I've been doing this for years and it works for me.
Note that I don't use that mechanism for all my logins. Only for the ones that *require* really strong passwords (those that could negatively impact me personally or financially).
I use other mechanisms for less important logins.
For unimportant ones, I just make something up and use the "forgot password" link if I ever need to log in again.
I suspect that if you tried* doing this (I believe in you -- so you should too! :) ), you'd be able to remember at least a few, given the special relationship that lyrics have to music and how your brain processes both.
I say that because remembering someone else's lyric may be difficult for you, but if *you* assign a similar (using the same rhyme/rhythm scheme) lyric and *use* it, remembering it would be much, much easier.
*They're your credentials and I certainly wouldn't try to tell you what do with them. That said, it couldn't hurt to try, could it? Not necessarily even using it as a password, just as a thought experiment. Or not.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by DECbot on Tuesday May 26 2020, @05:05PM
I like it. I think I'll start with this song:
Cookie Monster sings [youtube.com]
"C is for Cookie, that's good enough for me" can be come "C is for Kernel, that's good enough for me."
cats~$ sudo chown -R us /home/base
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @02:26PM (2 children)
Right where it can be discovered or exposed by warrant.
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @02:36PM (1 child)
I'm not on the run from the law.
The threat to me is hackers or forgetting my own passwords.
Besides, gmail will cough up my data when served with a warrant anyway.
(Score: 2) by hendrikboom on Wednesday May 27 2020, @01:25AM
Forgetting or losing a passphrase is a real security risk.
For me, far more serious than someone looking at the contents of my computer after stealing it.
So I deliberately went to some trouble to *not* encrypt my hard drive.
(I was unable to install Purism's OS without encrypting the entire hard drive. So I used a different Linux system)
-- hendrik
(Score: 4, Funny) by el_oscuro on Tuesday May 26 2020, @04:25AM (15 children)
I stopped reusing passwords for anything important after seeing this:
https://xkcd.com/792/ [xkcd.com]
A few years later, I joined our red team.
SoylentNews is Bacon! [nueskes.com]
(Score: 1, Interesting) by Anonymous Coward on Tuesday May 26 2020, @05:22AM (14 children)
Basically, this.
Password tiers:
1. Unique passwords for all of your banks.
2. A unique password for your e-mail (because it's password recovery).
3. A single password for Facebook, Instabook, Twitter -- and the other large social media platforms that are unlikely to leak your password, and unlikely to matter if it does (but it would be inconvenient...). Another password for shopping sites that forcibly store your credit card (Amz... I'm glaring at you.)
4. Then a tier for all the other crap that requires you to sign up. Your password might be "1234" for all anyone cares. You had to create an account on that forum to see an attachment? "Yeah my username is "unicorn" and my password is "pegasus"." Who cares. Maybe three or four passwords for the flurry of sites, depending on how you feel about the site.
All of these password-service providers are looking at breached passwords from random forums, dating sites, other unknown services -- and going "zOMG everyone is using the same password!!@#!" when.. yeah. No shit. For the worthless services that leak passwords, we are. And you know what else? If you use this user/pass combo to crack the _other_ site (that will probably eventually leak the password), I don't even care. Hell, I consider it good payback for requiring me to create an account in the first place. (Of course, no one actually does this because those other services are just worthless.)
Acknowledging that password-managers _could_ help with this, but they suck. One device, or cloud-storage, internet-connection dependent (are you using it to configure your router? Are you keeping it in mind for everything that would otherwise work without the internet? while you're in another country?), and just so much more -- password managers are a problem to fix a problem.
(Score: 4, Insightful) by captain normal on Tuesday May 26 2020, @06:05AM (5 children)
Or just put all your passwords in a folder on a thumb drive labeled "gotse", anyone with the savvy to look for passwords is not going to touch that.
Also..."all of your banks"? You must have a whole bunch of dough where you need it in $250K bits in lot of banks (Dodd–Frank Wall Street Reform and Consumer Protection Act). That or you need lots of offshore banks say in Switzerland or the Grand Cayman's. If you have that much moula you can afford to pay people to protect it.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 1, Interesting) by Anonymous Coward on Tuesday May 26 2020, @06:53AM (3 children)
A typical middle class person will have a checking account, two or three credit cards, a brokerage account or two, a car loan, and a mortgage, all of which might be under separate accounts.
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @08:57AM
AND a goatse account obviously - perhaps they can merge them after they get married.
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @02:55PM
You're forgetting that the primary demographic here on SN isn't the middle class. It's almost all (temporarily embarrassed) billionaires [youtu.be]. So of course they have (or expect to, Real Soon Now™) dozens of bank and brokerage accounts, as well as ownership of multiple large corporations.
(Score: 2) by etherscythe on Tuesday May 26 2020, @05:52PM
Middle class? Are there enough of those left that we can statistically determine a common number of accounts?
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 2) by maxwell demon on Tuesday May 26 2020, @08:57AM
Unless you store your passwords in image form, I don't see how this would protect them. I mean, there's no danger in looking at text files on that drive.
Well, if one bank has a good offer, why should you deny it just because you've got money at another bank?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Interesting) by EJ on Tuesday May 26 2020, @07:23AM (6 children)
That's why your password shouldn't be a word. It should be a formula. You "encrypt" your password in your brain, and you use the site as the key to unlock it.
For example, let's say your base password is the names of your parents (Bob and Martha), your wife (Kelly), and your kids (Billy and Sarah): BobMarthaKellyBillySarah
Now, your formula is to scan through the site name to find the first letter that appears in your base password, which is S. Then you find the second letter, which is O. Now you replace each S with a 1 and each O with a 2. That gives you a password of B2bMarthaKellyBilly1arah for this site.
For Facebook, your password would be (a = 1, e = 2): BobM1rth1K2llyBillyS1r1h
The idea is that you don't have to remember the password. You just need to remember how to generate the password. You can easily change it by shifting the order, changing the key, etc.
(Score: -1, Troll) by Anonymous Coward on Tuesday May 26 2020, @07:34AM (1 child)
An algorithm! Genius. No computer could do that.
(Score: 2) by EJ on Tuesday May 26 2020, @07:40AM
We know you're a dumbass. It says it right up there to the right of "by" where you admit that what you have to say is so idiotic that you're too embarrassed to own up to it with your username.
(Score: 2) by TheRaven on Tuesday May 26 2020, @08:21AM (3 children)
Why do something that complicated? Memorise one long password. Concatenate it with the name of the site and a version number. Compute a sha256 hash of it. Use that as your password for the site. A compromise of any individual site doesn't leak your secret and, in the event of a compromise, you can just bump the version number for that site.
That said, there's little excuse for using passwords now that most browsers properly support WebAuthn. The TPM or secure element coprocessor stores the key (typically a root key that is combined using a key-derivation function with another key to generate a per-site key). The site sends a nonce, which you then encrypt using your private key. The site decrypts it with the public key that you shared during registration. The device can enforce strong policies on key unlock (e.g. exponential back-off for PIN entry attempts), so you can use a fairly short and memorable PIN (or biometrics or whatever) to protect it locally.
sudo mod me up
(Score: 5, Insightful) by maxwell demon on Tuesday May 26 2020, @09:57AM (1 child)
Try it. You'll soon find out that a vast number of web sites won't accept your sha256 hash because it doesn't conform to their arbitrary password rules. To start with, many sites have a maximum password length (how that is supposed to help with security, I don't know). Then, many sites require both uppercase and lowercase characters, or require at least one non-alphanumeric character, both of which will not be in your sha256 which generally is expressed in hexadecimal. Oh, and don't think you can evade the problems by base64-enconding and truncating the hash. Sure, it will have all the must-haves and not be too long, but you'll find that this way the hash will not fulfil all the arbitrary and pointless restrictions which (standard ASCII) characters not to use (and you are lucky if you are told beforehand which of those characters are allowed).
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @05:04PM
I would suggest that you run from any site with a max password length.
There is only one "valid" reason to set a max length, and that is because the data column for the passwords has a max length. Thus, this restriction points to the fact that this site is storing passwords in plain text.
(Ok, I can see setting a maximum length in the thousands of characters to prevent DOSing with arbitrarily long passwords, I guess.)
(Score: 2) by EJ on Tuesday May 26 2020, @02:16PM
Recite three different sha256 hashes from memory.
Most site leaks are gobbled up by bots and reused as-is. Unless you're being specifically targeted, it's not worth the effort to try to figure out your password algorithm as long as it is sufficiently complex.
Many things that are trivial for a human to do are not at all easy for a computer to reproduce. A password such as "GreenIsTheFourthColorOfTheSpectrum" isn't something a typical script is going to decipher, but it's really easy to remember. Then, all you need to remember is that green is the color of a particular website. Maybe orange is the color you assign to your bank's site.
Toss in a few things like number insertion and punctuation, and you're extra protected.
(Score: 2) by rigrig on Tuesday May 26 2020, @09:57AM
I use KeePassXC [keepassxc.org] with a cloud [nextcloud.com]-synced password file.
And the nice thing about open formats is that someone also made an Android app [github.com] which can open the same files.
No one remembers the singer.
(Score: 2) by Mykl on Tuesday May 26 2020, @06:02AM (3 children)
People still seem to think that Biometrics is the great savior of security. It is still a password that can't be changed.
(Score: 3, Funny) by EJ on Tuesday May 26 2020, @07:05AM (1 child)
My password is Pi. Nobody will EVER get into my accounts. Not even me. I'm still typing my password as we speak.
(Score: 2, Funny) by Anonymous Coward on Tuesday May 26 2020, @09:50AM
EJ
π
Ha. pwned.
(Score: -1, Troll) by Anonymous Coward on Tuesday May 26 2020, @07:38AM
Unwisely I set up the security biometrics in my department to require a full semen sample every time they log in. Only the young guys can manage it. The older guys (25+) top out at 5 a day then complain about wrist ache or some bullshit. I'm about to fire them for some negros.
(Score: 3, Funny) by EJ on Tuesday May 26 2020, @07:01AM (3 children)
Security "experts" are dumb. I don't have to change my password. I just change my email address.
I just use frank-soylentnews@aol.com / mypassword123 here
I use frank-facebook@aol.com / mypassword123 at Facebook
I use frank-netflix@aol.com / mypassword123 at Netflix
Doesn't matter if Netflix gets hacked. Nobody will ever get into my Facebook account.
(Score: 1) by r_a_trip on Tuesday May 26 2020, @07:51AM (2 children)
So do you generate an e-mail adress per service or is password recovery not a concern?
(Score: 2) by EJ on Tuesday May 26 2020, @07:54AM
I thought the @aol.com was obvious enough.
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @08:20AM
He forgot the <sarcasm> tags
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @10:28AM (1 child)
Can't we just have a single sign-on method (preferably under my control) that authorizes me for all those online things?
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @03:03PM
Who do you trust to run that single sign-on? Facebook? Google? Apple? Amazon? Anyone big enough to run something of that scale, will have reasons not to trust them.
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @11:10AM (6 children)
How is it so dumb? Why should I bother creating a long unique password for stuff like Soylentnews?
If a hacker pwns my SN account it's no big deal. Same for zillions of other sites.
My email and bank accounts on the other hand are a different matter.
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @01:46PM (2 children)
No need for a password when you post AC.
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @03:06PM
Actually, that's very true. I have an account here. Have from the beginning. But almost never use it. I post AC because I don't care about getting attribution for it, nor do I want to spend time voting on stuff. Works well. The password for this site is in an encrypted volume on a thumb drive. Somewhere. I know the passphrase for that volume, if I ever need to get the password fo my account here.
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @03:59PM
Thanks for ruining my "HA! I cracked your account dude" joke...
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @04:02PM
Came here to say something similar: requiring passwords everywhere is dumb. So people know reusing passwords is insecure, but so is creating a good password for every dumb site that requires one - its much easier to have a junk username password pair for all the dumb sites out there.
(Score: 0) by Anonymous Coward on Wednesday May 27 2020, @12:07AM (1 child)
(Score: 0) by Anonymous Coward on Wednesday May 27 2020, @01:40AM
(Score: 1) by WeekendMonkey on Tuesday May 26 2020, @02:40PM (3 children)
I would settle for forcing all websites to support the same password rules. My ISP still doesn't support special characters. Other sites allow special characters, but only one of the ones they chose (especially annoying are the ones that don't tell you this until you've typed in the password).
(Score: 3, Touché) by Freeman on Tuesday May 26 2020, @03:39PM
No, the likelihood is that, a dumb standard would be created. The standard would likely be worse than the better ones, while being just slightly better than the worst "password rules".
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Tuesday May 26 2020, @09:18PM (1 child)
Your best bet would be to write a library or whatever that plugs in to the most popular shit, give it away for free, and hope it becomes popular.
(Score: 2) by hendrikboom on Wednesday May 27 2020, @01:39AM
I don't understand this comment. Could you be more explicit?