And my point is...

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #185,773 by Yendor 12/1/04 8:03:26 PM Reply	And my point is... The difference is that most users will still choose easily-guessable questions and answers. You and I may not, but we're exceptional people. ;) I really don't give a rat's ass if anyone else chooses "What color is the sky?" with a response of "blue" to that question. If you let them choose the question and provide the answer, and they do something as downright stupid as that, why should I give a flying fuck? Why should Scott give a flying fuck, either? I know plenty of people, both friends and cow-orkers, who choose things like their child's name for their password. I'd be willing to bet that at least some people here are guilty of same. Hell, even I have been known to reuse passwords from one website to the next. Every person is responsible for their own account's security under this method. That's the point. -YendorMike "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759 Historical Review of Pennsylvania
Post #185,791 by folkert 12/1/04 10:20:06 PM Reply	I have a standard formula I use for passwords. Expendable accounts that are nice to have but nothing to important that I can't replace if compromised. Expendable accounts that are very important to me, but not irreplacable Important stuff that would be a troublesome to replicate or recover>/li> Critical stuff that, I will not be able to recover or replace or is so important to me that losing it would be very very bad. Of course there are combinations of those levels. I still like my idea. I very much prefer it. Even compared to /. and the mechanism used. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Here is an example: [link\|http://www.greymagic.com/security/advisories/gm001-ie/\|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]
Post #185,794 by daemon 12/1/04 10:40:44 PM Reply	I also have a standard formula I assume that the web is open for all to review so have reused thae same password combo for years as I dont give too much of a rats if one gets compromised. I dont use ebay or other ecommerce sites. I do bank on the web so have a completely separate line for that. Knowing my generic work/web login would give no clues to my financials. regards, daemon that way too many Iraqis conceived of free society as little more than a mosh pit with grenades. ANDISHEH NOURAEE clearwater highschool marching band [link\|http://www.chstornadoband.org/\|http://www.chstornadoband.org/]
Post #185,797 by folkert 12/1/04 11:06:54 PM Reply	Ding, Ding, Ding. If you fingered out my expendable passwords... you are completely in the wrong secotr of the galaxy to try to relate to my "secure" passwords. So it sounds like you are the same kind. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Here is an example: [link\|http://www.greymagic.com/security/advisories/gm001-ie/\|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]

zIWT meta: Which is better: - (admin) - (66) - Nov. 30, 2004, 09:02:55 PM EST

3) -NT - (mmoffitt) - Nov. 30, 2004, 02:43:44 PM EST

1) - (jb4) - (3) - Nov. 30, 2004, 02:50:26 PM EST

Not for long, at least... -NT - (admin) - (2) - Nov. 30, 2004, 02:51:30 PM EST

Is that a threat?!? -NT - (jb4) - (1) - Nov. 30, 2004, 05:27:37 PM EST

You should know by now... - (admin) - Nov. 30, 2004, 05:31:06 PM EST

3, with verification - (Arkadiy) - (29) - Nov. 30, 2004, 02:52:40 PM EST

Seconded. -NT - (Yendor) - Nov. 30, 2004, 02:54:26 PM EST

NO - (FuManChu) - (27) - Nov. 30, 2004, 02:57:04 PM EST

Er, buh? - (admin) - (3) - Nov. 30, 2004, 02:58:41 PM EST

That's enough of a detriment not to warrant the risk IMO -NT - (FuManChu) - (2) - Nov. 30, 2004, 04:13:16 PM EST

? -NT - (admin) - (1) - Nov. 30, 2004, 04:16:38 PM EST

?? -NT - (drewk) - Nov. 30, 2004, 05:46:20 PM EST

Yeah - (Yendor) - (11) - Nov. 30, 2004, 03:01:36 PM EST

How is that insecure? - (FuManChu) - (2) - Nov. 30, 2004, 04:17:29 PM EST

You're unclear on this. - (admin) - (1) - Nov. 30, 2004, 04:18:26 PM EST

See below. -NT - (FuManChu) - Nov. 30, 2004, 04:22:21 PM EST

You only need one field labeled "Hint" - (tuberculosis) - (7) - Aug. 21, 2007, 06:13:52 AM EDT

Sure... - (Yendor) - (6) - Dec. 1, 2004, 02:06:55 PM EST

Bah. - (admin) - Dec. 1, 2004, 02:10:59 PM EST

Not quite - (FuManChu) - (4) - Dec. 1, 2004, 04:35:59 PM EST

And my point is... - (Yendor) - (3) - Dec. 1, 2004, 08:03:26 PM EST

I have a standard formula I use for passwords. - (folkert) - (2) - Dec. 1, 2004, 10:20:06 PM EST

I also have a standard formula - (daemon) - (1) - Dec. 1, 2004, 10:40:44 PM EST

Ding, Ding, Ding. - (folkert) - Dec. 1, 2004, 11:06:54 PM EST

It's only insecure if the user is allowed to proceed - (imric) - (10) - Nov. 30, 2004, 03:13:54 PM EST

Bah. Risk is the issue. - (FuManChu) - (9) - Nov. 30, 2004, 04:22:03 PM EST

So what's YOUR suggestion? -NT - (admin) - (4) - Nov. 30, 2004, 04:23:51 PM EST

Unfortunately for you #1 ;) - (FuManChu) - (3) - Nov. 30, 2004, 04:39:05 PM EST

WTF? - (admin) - (2) - Nov. 30, 2004, 04:41:00 PM EST

Sorry. You're right. I didn't read carefully. - (FuManChu) - (1) - Nov. 30, 2004, 04:44:04 PM EST

So how does that change your answer? - (admin) - Nov. 30, 2004, 04:48:36 PM EST

Same risk than we have now during login. - (imric) - (2) - Nov. 30, 2004, 04:30:48 PM EST

Same outcome, different risk--the attack surface has doubled -NT - (FuManChu) - Nov. 30, 2004, 04:37:17 PM EST

Not mine. - (CRConrad) - Dec. 1, 2004, 02:33:03 AM EST

Can we please weight the risks - (Arkadiy) - Dec. 1, 2004, 02:04:43 PM EST

3) with some safeguards? - (Another Scott) - Nov. 30, 2004, 02:55:35 PM EST

4) WikiWay: everything wide open ... muuuaaaahahahahahaha -NT - (drewk) - (1) - Nov. 30, 2004, 03:29:24 PM EST

Shaddap wid' yer shaddin' ap... -NT - (admin) - Nov. 30, 2004, 03:30:31 PM EST

3 with a "what is your dog's name?" thingie -NT - (Silverlock) - Nov. 30, 2004, 03:44:54 PM EST

I'll join Ark, Scott(2), Don(Silverback), and YendorMike: 3+ - (CRConrad) - (2) - Nov. 30, 2004, 04:07:55 PM EST

<raises hand> on that last bit. :-) -NT - (Another Scott) - Nov. 30, 2004, 04:12:16 PM EST

Aye - 3) with - (imric) - Nov. 30, 2004, 04:24:18 PM EST

Another few options: - (admin) - (9) - Nov. 30, 2004, 04:50:29 PM EST

I'd rather not vote on solutions until we discuss risks - (FuManChu) - (8) - Nov. 30, 2004, 05:43:54 PM EST

Re: I'd rather not vote on solutions until we discuss risks - (admin) - (7) - Nov. 30, 2004, 05:53:17 PM EST

Okay, start with costs of current proposals - (FuManChu) - (3) - Nov. 30, 2004, 07:39:31 PM EST

Missed the point. :-) - (admin) - (2) - Nov. 30, 2004, 08:53:54 PM EST

Understood, but you're use case #1 - (FuManChu) - (1) - Nov. 30, 2004, 10:29:59 PM EST

I can do private keys... - (folkert) - Nov. 30, 2004, 10:40:15 PM EST

What do you want the software to do? - (Another Scott) - (2) - Nov. 30, 2004, 09:10:22 PM EST

Nope, wrong - (drewk) - (1) - Nov. 30, 2004, 09:35:34 PM EST

Yes, a *good* challenge question would be needed. - (Another Scott) - Nov. 30, 2004, 11:26:03 PM EST

how about 4, the way we do it now - (daemon) - (3) - Nov. 30, 2004, 05:18:15 PM EST

Which is? - (Another Scott) - Nov. 30, 2004, 05:21:17 PM EST

And what would that be? - (admin) - (1) - Nov. 30, 2004, 05:21:46 PM EST

the way it works now - (daemon) - Nov. 30, 2004, 05:34:53 PM EST

How about 5... - (jb4) - Nov. 30, 2004, 05:32:45 PM EST

16) Storing them encrypted with a "reset my password" featur - (folkert) - Nov. 30, 2004, 06:38:09 PM EST

A variation on 2) - (altmann) - Nov. 30, 2004, 07:36:03 PM EST

3), with a question 1st. -NT - (broomberg) - Nov. 30, 2004, 08:03:43 PM EST

3 with a proviso - (ChrisR) - (1) - Nov. 30, 2004, 08:23:21 PM EST

I like that! -NT - (Arkadiy) - Dec. 1, 2004, 02:10:44 PM EST

3. Puts the onus of keeping valid email address on user. -NT - (a6l6e6x) - Nov. 30, 2004, 09:08:12 PM EST

3 -NT - (pwhysall) - Dec. 1, 2004, 07:52:52 AM EST

6. - (static) - Dec. 5, 2004, 08:45:34 PM EST

"zIWT meta: Which is better:" Voting/Ratification (new thread) - (folkert) - Dec. 5, 2004, 09:59:30 PM EST

iwethey.org

\o/
247 ms