SIGforum
Sick of passwords

This topic can be found at:
https://sigforum.com/eve/forums/a/tpc/f/230601935/m/9200051115

October 07, 2024, 02:01 PM
honestlou
Sick of passwords
Password protocols have long been a pet peeve of mine. Just make them a minimum of four alpha-numeric characters, with a lock out of 5 minutes after three incorrect attempts, an hour after 2 or 3 more, then a day, a week, etc.

I think it’s all bull shit anyway, as nobody is guessing my password. They hack in to a system through a code vulnerability, and then they get everybody’s password. The f they get your password for Target through a hack, what difference does it make how large the password is?
October 07, 2024, 03:26 PM
bronicabill
quote:
Originally posted by Pipe Smoker:
^^^^^
I have no such problems. Yes, I usually have my iPhone (with its password manager app) handy. My way to avoid the situation that you describe. Works good. Keeps things simple. I like simple.

My browser has a built-in password manager that normally takes care of things. It's the sites that I haven't used in ages that cause problems, or the ones that require me have my bloody phone with me all the time that piss me off!


____________________________
Bill R.
North Alabama

_____________________________
Classic West German P-Series Fan... Hammer-Fired Only!
October 07, 2024, 03:33 PM
dsiets
quote:
Originally posted by ArtieS:
Ok, wise guys. WHICH password manager? Huh?


I use KeePass since someone mentioned it here many years ago.
I'm a very basic user but very happy w/ it. But, it's also the only one I've ever used.

It looks a bit dated but very secure, as I understand it. And it's free.
I just use it's basic features w/ no problems but I guess beyond that, people find it to be quite technical.
https://youtu.be/EmCh2iRvOdY?si=TfV1ha0m9Fmlrwe1
October 07, 2024, 04:21 PM
Pipe Smoker
quote:
Originally posted by honestlou:
<snip>
I think it’s all bull shit anyway, as nobody is guessing my password. They hack in to a system through a code vulnerability, and then they get everybody’s password. The f they get your password for Target through a hack, what difference does it make how large the password is?

Reputable sites do NOT store your password. Rather, they store its MD5 or SHAx hash. It’s one-way – the hash can be generated from the password, but the password can’t be generated from the hash.

To create an account you enter your username (possibly an email address) and your chosen password. If they satisfy the site’s requirements your account is established with your username as its handle. A hash of your password is saved in your account.

On subsequent logins to that account you enter your username and password. The username is used to find your account info, including the saved password hash. If that matches the hash of the password that you used for the login attempt you’re in. Else try again.

This message has been edited. Last edited by: Pipe Smoker,


Serious about crackers.