IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Open Forum / You only need one field labeled "Hint"
Post #185,713
by tuberculosis
Picture of tuberculosis
12/1/04 1:55:04 PM
8/21/07 6:13:52 AM
Reply
New You only need one field labeled "Hint"
You can put a cryptic memory jogger that nobody else would figure out. I like that one. ie - "Your uncle's horse".

Precious few people are going to know my uncle's name, much less the name of his primary steed (he has half a dozen but one fave).



"The significant problems we face cannot be solved at the same level of thinking we were at when we created them."     --Albert Einstein

"This is still a dangerous world. It's a world of madmen and uncertainty and potential mental losses."     --George W. Bush
Collapse Edited by tuberculosis Aug. 21, 2007, 06:13:52 AM EDT
You only need one field labeled "Hint"
You can put a cryptic memory jogger that nobody else would figure out. I like that one. ie - "Your uncle's horse".

Precious few people are going to know my uncle's name, much less the name of his primary steed (he has half a dozen but one fave).



"The significant problems we face cannot be solved at the same level of thinking we were at when we created them."     --Albert Einstein

"This is still a dangerous world. It's a world of madmen and uncertainty and potential mental losses."     --George W. Bush
Collapse All History
Post #185,718
by Yendor
12/1/04 2:06:55 PM
Reply
New Sure...
...That's the smart-man's way of handling a user-enterable "hint" and "hint response" type of field. You could just as easily enter "Glarble fark?" for the hint, and "Farkin-a!" for the response. Who the hell would think of that response to such gibberish?

The main point is that a user-enterable password hint and response are more secure than choosing from a list of questions, with a corresponding pre-chosen list of answers.

PS- Sorry if I've now ruined your response to some website. Farkin-a! :)
-YendorMike

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759 Historical Review of Pennsylvania
Post #185,720
by admin
Picture of admin
12/1/04 2:10:59 PM
Reply
New Bah.
Now I need a new one...
Regards,

-scott anderson

"Welcome to Rivendell, Mr. Anderson..."
Post #185,741
by FuManChu
Picture of FuManChu
12/1/04 4:35:59 PM
Reply
New Not quite
1. Never get involved in a land war in Asia.
2. Never confuse "secure" with "securable"--that is, "potentially secure".

The main point is that a user-enterable password hint and response are more secure than choosing from a list of questions, with a corresponding pre-chosen list of answers.


That should be:

The main point is that a user-enterable password hint and response are more securable than choosing from a list of questions, with a corresponding pre-chosen list of answers.


The difference is that most users will still choose easily-guessable questions and answers. You and I may not, but we're exceptional people. ;)
Post #185,773
by Yendor
12/1/04 8:03:26 PM
Reply
New And my point is...
The difference is that most users will still choose easily-guessable questions and answers. You and I may not, but we're exceptional people. ;)
I really don't give a rat's ass if anyone else chooses "What color is the sky?" with a response of "blue" to that question. If you let them choose the question and provide the answer, and they do something as downright stupid as that, why should I give a flying fuck? Why should Scott give a flying fuck, either?

I know plenty of people, both friends and cow-orkers, who choose things like their child's name for their password. I'd be willing to bet that at least some people here are guilty of same. Hell, even I have been known to reuse passwords from one website to the next. Every person is responsible for their own account's security under this method. That's the point.
-YendorMike

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759 Historical Review of Pennsylvania
Post #185,791
by folkert
Picture of folkert
12/1/04 10:20:06 PM
Reply
New I have a standard formula I use for passwords.
  1. Expendable accounts that are nice to have but nothing to important that I can't replace if compromised.
  2. Expendable accounts that are very important to me, but not irreplacable
  3. Important stuff that would be a troublesome to replicate or recover>/li>
  4. Critical stuff that, I will not be able to recover or replace or is so important to me that losing it would be very very bad.
Of course there are combinations of those levels.

I still like my idea. I very much prefer it. Even compared to /. and the mechanism used.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]
Here is an example: [link|http://www.greymagic.com/security/advisories/gm001-ie/|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]
Post #185,794
by daemon
12/1/04 10:40:44 PM
Reply
New I also have a standard formula
I assume that the web is open for all to review so have reused thae same password combo for years as I dont give too much of a rats if one gets compromised. I dont use ebay or other ecommerce sites. I do bank on the web so have a completely separate line for that. Knowing my generic work/web login would give no clues to my financials.
regards,
daemon
that way too many Iraqis conceived of free society as little more than a mosh pit with grenades. ANDISHEH NOURAEE
clearwater highschool marching band [link|http://www.chstornadoband.org/|http://www.chstornadoband.org/]
Post #185,797
by folkert
Picture of folkert
12/1/04 11:06:54 PM
Reply
New Ding, Ding, Ding.
If you fingered out my expendable passwords... you are completely in the wrong secotr of the galaxy to try to relate to my "secure" passwords.

So it sounds like you are the same kind.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]
Here is an example: [link|http://www.greymagic.com/security/advisories/gm001-ie/|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]
     zIWT meta: Which is better: - (admin) - (66) - Nov. 30, 2004, 09:02:55 PM EST
         3) -NT - (mmoffitt) - Nov. 30, 2004, 02:43:44 PM EST
         1) - (jb4) - (3) - Nov. 30, 2004, 02:50:26 PM EST
             Not for long, at least... -NT - (admin) - (2) - Nov. 30, 2004, 02:51:30 PM EST
                 Is that a threat?!? -NT - (jb4) - (1) - Nov. 30, 2004, 05:27:37 PM EST
                     You should know by now... - (admin) - Nov. 30, 2004, 05:31:06 PM EST
         3, with verification - (Arkadiy) - (29) - Nov. 30, 2004, 02:52:40 PM EST
             Seconded. -NT - (Yendor) - Nov. 30, 2004, 02:54:26 PM EST
             NO - (FuManChu) - (27) - Nov. 30, 2004, 02:57:04 PM EST
                 Er, buh? - (admin) - (3) - Nov. 30, 2004, 02:58:41 PM EST
                     That's enough of a detriment not to warrant the risk IMO -NT - (FuManChu) - (2) - Nov. 30, 2004, 04:13:16 PM EST
                         ? -NT - (admin) - (1) - Nov. 30, 2004, 04:16:38 PM EST
                             ?? -NT - (drewk) - Nov. 30, 2004, 05:46:20 PM EST
                 Yeah - (Yendor) - (11) - Nov. 30, 2004, 03:01:36 PM EST
                     How is that insecure? - (FuManChu) - (2) - Nov. 30, 2004, 04:17:29 PM EST
                         You're unclear on this. - (admin) - (1) - Nov. 30, 2004, 04:18:26 PM EST
                             See below. -NT - (FuManChu) - Nov. 30, 2004, 04:22:21 PM EST
                     You only need one field labeled "Hint" - (tuberculosis) - (7) - Aug. 21, 2007, 06:13:52 AM EDT
                         Sure... - (Yendor) - (6) - Dec. 1, 2004, 02:06:55 PM EST
                             Bah. - (admin) - Dec. 1, 2004, 02:10:59 PM EST
                             Not quite - (FuManChu) - (4) - Dec. 1, 2004, 04:35:59 PM EST
                                 And my point is... - (Yendor) - (3) - Dec. 1, 2004, 08:03:26 PM EST
                                     I have a standard formula I use for passwords. - (folkert) - (2) - Dec. 1, 2004, 10:20:06 PM EST
                                         I also have a standard formula - (daemon) - (1) - Dec. 1, 2004, 10:40:44 PM EST
                                             Ding, Ding, Ding. - (folkert) - Dec. 1, 2004, 11:06:54 PM EST
                 It's only insecure if the user is allowed to proceed - (imric) - (10) - Nov. 30, 2004, 03:13:54 PM EST
                     Bah. Risk is the issue. - (FuManChu) - (9) - Nov. 30, 2004, 04:22:03 PM EST
                         So what's YOUR suggestion? -NT - (admin) - (4) - Nov. 30, 2004, 04:23:51 PM EST
                             Unfortunately for you #1 ;) - (FuManChu) - (3) - Nov. 30, 2004, 04:39:05 PM EST
                                 WTF? - (admin) - (2) - Nov. 30, 2004, 04:41:00 PM EST
                                     Sorry. You're right. I didn't read carefully. - (FuManChu) - (1) - Nov. 30, 2004, 04:44:04 PM EST
                                         So how does that change your answer? - (admin) - Nov. 30, 2004, 04:48:36 PM EST
                         Same risk than we have now during login. - (imric) - (2) - Nov. 30, 2004, 04:30:48 PM EST
                             Same outcome, different risk--the attack surface has doubled -NT - (FuManChu) - Nov. 30, 2004, 04:37:17 PM EST
                             Not mine. - (CRConrad) - Dec. 1, 2004, 02:33:03 AM EST
                         Can we please weight the risks - (Arkadiy) - Dec. 1, 2004, 02:04:43 PM EST
         3) with some safeguards? - (Another Scott) - Nov. 30, 2004, 02:55:35 PM EST
         4) WikiWay: everything wide open ... muuuaaaahahahahahaha -NT - (drewk) - (1) - Nov. 30, 2004, 03:29:24 PM EST
             Shaddap wid' yer shaddin' ap... -NT - (admin) - Nov. 30, 2004, 03:30:31 PM EST
         3 with a "what is your dog's name?" thingie -NT - (Silverlock) - Nov. 30, 2004, 03:44:54 PM EST
         I'll join Ark, Scott(2), Don(Silverback), and YendorMike: 3+ - (CRConrad) - (2) - Nov. 30, 2004, 04:07:55 PM EST
             <raises hand> on that last bit. :-) -NT - (Another Scott) - Nov. 30, 2004, 04:12:16 PM EST
             Aye - 3) with - (imric) - Nov. 30, 2004, 04:24:18 PM EST
         Another few options: - (admin) - (9) - Nov. 30, 2004, 04:50:29 PM EST
             I'd rather not vote on solutions until we discuss risks - (FuManChu) - (8) - Nov. 30, 2004, 05:43:54 PM EST
                 Re: I'd rather not vote on solutions until we discuss risks - (admin) - (7) - Nov. 30, 2004, 05:53:17 PM EST
                     Okay, start with costs of current proposals - (FuManChu) - (3) - Nov. 30, 2004, 07:39:31 PM EST
                         Missed the point. :-) - (admin) - (2) - Nov. 30, 2004, 08:53:54 PM EST
                             Understood, but you're use case #1 - (FuManChu) - (1) - Nov. 30, 2004, 10:29:59 PM EST
                                 I can do private keys... - (folkert) - Nov. 30, 2004, 10:40:15 PM EST
                     What do you want the software to do? - (Another Scott) - (2) - Nov. 30, 2004, 09:10:22 PM EST
                         Nope, wrong - (drewk) - (1) - Nov. 30, 2004, 09:35:34 PM EST
                             Yes, a *good* challenge question would be needed. - (Another Scott) - Nov. 30, 2004, 11:26:03 PM EST
         how about 4, the way we do it now - (daemon) - (3) - Nov. 30, 2004, 05:18:15 PM EST
             Which is? - (Another Scott) - Nov. 30, 2004, 05:21:17 PM EST
             And what would that be? - (admin) - (1) - Nov. 30, 2004, 05:21:46 PM EST
                 the way it works now - (daemon) - Nov. 30, 2004, 05:34:53 PM EST
         How about 5... - (jb4) - Nov. 30, 2004, 05:32:45 PM EST
         16) Storing them encrypted with a "reset my password" featur - (folkert) - Nov. 30, 2004, 06:38:09 PM EST
         A variation on 2) - (altmann) - Nov. 30, 2004, 07:36:03 PM EST
         3), with a question 1st. -NT - (broomberg) - Nov. 30, 2004, 08:03:43 PM EST
         3 with a proviso - (ChrisR) - (1) - Nov. 30, 2004, 08:23:21 PM EST
             I like that! -NT - (Arkadiy) - Dec. 1, 2004, 02:10:44 PM EST
         3. Puts the onus of keeping valid email address on user. -NT - (a6l6e6x) - Nov. 30, 2004, 09:08:12 PM EST
         3 -NT - (pwhysall) - Dec. 1, 2004, 07:52:52 AM EST
         6. - (static) - Dec. 5, 2004, 08:45:34 PM EST
         "zIWT meta: Which is better:" Voting/Ratification (new thread) - (folkert) - Dec. 5, 2004, 09:59:30 PM EST

It’s merely anecdotal, but someone who can severely misconstrue the meaning of “Green Eggs and Ham” has no business being considered smart.
84 ms