I logged on and was told my password was OVER 365 days old!!!
OMG
and I HAD TO CHANGE IT!!
so I changed it
then logged on
and changed it back
why am I changing my password?
how does changing password help "protect" me account?
the myth of CHANGE YOUR PASSWORD TO PROTECT YOU
is DEbunked!
https://www.ftc.gov/news-events/blog...ssword-changes
People complain about having so many passwords to remember and having to change them all so frequently. Often, they tell me their passwords (please, don’t!) and ask me how strong they are. But my favorite question about passwords is: “How often should people change their passwords?” My answer usually surprises the audience: “Not as often as you might think.” I go on to explain that there is a lot of evidence to suggest that users who are required to change their passwords frequently select weaker passwords to begin with, and then change them in predictable ways that attackers can guess easily. Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases. (And even if a password has been compromised, changing the password may be ineffective, especially if other steps aren’t taken to correct security problems.)
Mandated password changes are a long-standing security practice designed to periodically lock out unauthorized users who have learned users’ passwords. While some experts began questioning this practice (link is external) at least a decade ago, it was only in the past few years that published research provided evidence that this practice may be less beneficial than previously thought, and sometimes even counterproductive. Let’s take a look at two excellent peer-reviewed papers that address this issue.
What actually happens when users are required to change their passwords?
In The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis (link is external), researchers at the University of North Carolina at Chapel Hill present the results of a 2009-2010 study of password histories from defunct accounts at their university.
The UNC researchers obtained the passwords to over 10,000 defunct accounts belonging to former university students, faculty, and staff. Users were required to change the password for these accounts every 3 months. For each account, the researchers were given a sequence of 4 to 15 of the user’s previous passwords – their total data set contained 51,141 passwords. The passwords themselves were scrambled using a mathematical function called a “hash.” In most password systems, passwords are stored in hashed form to protect them against attackers. When a user types in a password, the system runs it through the same mathematical function to produce a hashed version of the password they just typed. If it matches the hashed password that was previously stored for the user, then the user is able to log in.
The UNC researchers used password cracking tools to attempt to crack as many hashed passwords as they could in an “offline” attack. Offline attackers are not limited to a small number of guesses before being locked out. Attackers first gain access to a system and steal the hashed password file. They take that file to another computer and make as many guesses as they can. Rather than guessing every possible password in alphabetical order, cracking tools use sophisticated approaches to guess the highest probability passwords first (link is external), then hash each guess and check to see whether it matches one of the hashed passwords. The UNC researchers’ password cracking system ran for several months and eventually cracked about 60% of the passwords. For 7,752 accounts, the researchers were able to crack at least one password that was not the last password the user created for that account. The researchers used the passwords for this set of accounts to conduct the rest of their study.
- timmystool
- 08-13-2017, 07:30 PM
- Wizard of Ahhhhs
- 08-13-2017, 07:40 PM
That reminds me.... I need to change my HVAC filters! 
- dumars
- 08-13-2017, 08:38 PM
Timmy, are you talking about eccie PW? I've had the same password for 6 years (I think). Never had a reason to change it!
Other sites, Mutual Funds, Banks, Amazon, etc, I get passwords from password generator sites and put them in a notebook. Gets to be a pain in the ass but it works. When I log into T. Roe Price, they send me a code I type in, then I enter my PW. I feel warm and fuzzy with that.
I'm of the attitude some sites over rate their importance with their PW changes. I get pissed sometimes and tell these people "you people operate like you're the CIA or NSA or something!" Or I ask them why there's no check box to see what you're typing in. Them: "For your security sir!" Me: "There's nobody around me, who's going to see?" "Think I'm going to enter a password in the Walmart checkout line?" I never win the argument of course.
Another thing to think about is you might have a virus! Get you to log in/change in order to get you to type in your password. Then it's too late. If it looks stupid, it might very well be!
Another 2˘!
Other sites, Mutual Funds, Banks, Amazon, etc, I get passwords from password generator sites and put them in a notebook. Gets to be a pain in the ass but it works. When I log into T. Roe Price, they send me a code I type in, then I enter my PW. I feel warm and fuzzy with that.
I'm of the attitude some sites over rate their importance with their PW changes. I get pissed sometimes and tell these people "you people operate like you're the CIA or NSA or something!" Or I ask them why there's no check box to see what you're typing in. Them: "For your security sir!" Me: "There's nobody around me, who's going to see?" "Think I'm going to enter a password in the Walmart checkout line?" I never win the argument of course.
Another thing to think about is you might have a virus! Get you to log in/change in order to get you to type in your password. Then it's too late. If it looks stupid, it might very well be!
Another 2˘!
- Unique_Carpenter
- 08-13-2017, 09:25 PM
- timmystool
- 08-13-2017, 09:38 PM
- timmystool
- 08-13-2017, 09:45 PM
" Me: "There's nobody around me, who's going to see?" "Think I'm going to enter a password in the Walmart checkout line?" I never win the argument of course.˘! Originally Posted by dumarsYes I cannot see what pw I'm typing in much less the PW to confirm what I typed in
WHY NOT?
there is NO one behind me
l'm smart enough to use the same pW for most stuff,. ENGORGED65
and I Use the same answer to every "hint " question,,,"cock"
as in:
"what was your pets name?
answer--> COCK
"what was your highschool mascot?"?
answer--> COCK
"what city were you born in?"
answer--> COCK
- Wizard of Ahhhhs
- 08-14-2017, 12:06 AM
Wiz, don't forget to clean the glass on that Timex. Originally Posted by Unique_CarpenterI let the ladies polish that themselves....
...I Use the same answer to every "hint " question,,,"cock" as in:So.... I'm guessing you don't pick the security question "what is your favorite food?"....?
"what was your pets name?
answer--> COCK
"what was your highschool mascot?"?
answer--> COCK
"what city were you born in?"
answer--> COCK Originally Posted by timmystool
- timmystool
- 08-14-2017, 01:22 AM
I... I'm guessing you don't pick the security question "what is your favorite food?"....? Originally Posted by Wizard of AhhhhsI dont always look at the question
I know some sites dont let every answer be the same
what??
who cares if they are all the same answers?
I dont see how any of this shit helps "protect" me
I'll have fun at the casheir, I will cover the keypad and look at the guy behind me
DONT LOOK IT!! as I type in 3434 My atm code
usually gets a laugh
- Guest090920
- 08-14-2017, 08:03 AM
Moved from Coed Discussions; not hobby related.