Barbarians at the password gate
-
Techcrunch[^]:
If you haven’t had your password hijacked, it’s really just a matter of time.
Here's my new idea: every login form will have a new checkbox, "Yes, it's really me, not a hacker." Bulletproof security!
-
Techcrunch[^]:
If you haven’t had your password hijacked, it’s really just a matter of time.
Here's my new idea: every login form will have a new checkbox, "Yes, it's really me, not a hacker." Bulletproof security!
What about the hacker then? There must be a constitutional founded legislation enabling even hacker-scumbacks to login now and then. Or otherwise you could just as well disable the checkmark to begin with if the current loged in user has a TRUE marking for Session.User.IsHacker <--- you know that one?
Michael Pauli
-
Techcrunch[^]:
If you haven’t had your password hijacked, it’s really just a matter of time.
Here's my new idea: every login form will have a new checkbox, "Yes, it's really me, not a hacker." Bulletproof security!
Crunsh wrote:
A hacker armed with the right password can get almost anything of yours
Imagine what a thief can do if they have the key :thumbsup:
Crunch wrote:
Hackers generally buy your password from data breaches.
..and the companies where passwords are "stolen" should be held financially liable for all consequences thereof. As long as it is not, there will not be an incentive (and hence, budget) to secure anything. Larger companies have proven this to be true. It's simply cheaper to do some marketing in case of fire, as opposed to prevention. Any system that "knows" your password (by mailing it to you, best proof that it is saved in the database in a readable form) is insecure. And no, there is NO EXCUSE for saving a password in your database.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^]
-
Crunsh wrote:
A hacker armed with the right password can get almost anything of yours
Imagine what a thief can do if they have the key :thumbsup:
Crunch wrote:
Hackers generally buy your password from data breaches.
..and the companies where passwords are "stolen" should be held financially liable for all consequences thereof. As long as it is not, there will not be an incentive (and hence, budget) to secure anything. Larger companies have proven this to be true. It's simply cheaper to do some marketing in case of fire, as opposed to prevention. Any system that "knows" your password (by mailing it to you, best proof that it is saved in the database in a readable form) is insecure. And no, there is NO EXCUSE for saving a password in your database.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^]
What about an Al-Queda-version instead?: If security is so insecure to begin with why not remove it all together? Therefore a name should be enough. Also passwords are so difficult to remember - right? On attempts to login on other peoples behalf a finger are chubbed off at the local police station and on following attempts another finger. On the 10'th attempt no more fingers are left and he/she can't login anymore. Set and done! Top security and as a result - over time - no more security are compromised.
Michael Pauli
-
Techcrunch[^]:
If you haven’t had your password hijacked, it’s really just a matter of time.
Here's my new idea: every login form will have a new checkbox, "Yes, it's really me, not a hacker." Bulletproof security!
-
Crunsh wrote:
A hacker armed with the right password can get almost anything of yours
Imagine what a thief can do if they have the key :thumbsup:
Crunch wrote:
Hackers generally buy your password from data breaches.
..and the companies where passwords are "stolen" should be held financially liable for all consequences thereof. As long as it is not, there will not be an incentive (and hence, budget) to secure anything. Larger companies have proven this to be true. It's simply cheaper to do some marketing in case of fire, as opposed to prevention. Any system that "knows" your password (by mailing it to you, best proof that it is saved in the database in a readable form) is insecure. And no, there is NO EXCUSE for saving a password in your database.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^]
I had joked that the way to keep your passwords secure is to never know them. Create some 100 character mess by mashing on the keyboard and then, just request a new password every time you sign in. I know. I know. GENIUS!!! well, as long as the email acct associated with the password recovery is good, then you are ok.
-
-
I had joked that the way to keep your passwords secure is to never know them. Create some 100 character mess by mashing on the keyboard and then, just request a new password every time you sign in. I know. I know. GENIUS!!! well, as long as the email acct associated with the password recovery is good, then you are ok.
-
You are right. I should've said that more clearly. I meant "send me a temporary generated one". Then I can forget about that one and get a new one next time.