Attention - Upcoming Password Changes - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Attention - Upcoming Password Changes

  1. #11
    Senior Member mrPPincer's Avatar
    Join Date
    Nov 2011
    Posts
    1,952
    Quote Originally Posted by agent99 View Post
    Actually, it seems that design of secure sites is more important than our passwords. Especially with a site like this where there is nothing to steal!

    This is an interesting password tutorial:

    https://nakedsecurity.sophos.com/201...ong-passwords/
    agent99 you're frikkiin awesome..
    only one quarter way through your link, but here's a quote,
    What this means for you

    The conclusion of the report is that there are effectively two kinds of passwords: those that can withstand one million guesses, and those that can withstand one hundred trillion guesses.

    According to the researchers, passwords that sit between those two thresholds are more than you need to be resilient to an online attack but not enough to withstand an offline attack.

    Users, they suggest, should shepherd their resources wisely and focus on high value sites.

    User effort available for managing password portfolios is finite. Users should spend less effort on password management issues ... for don't-care and lower consequence accounts, allowing more effort on higher consequence accounts.

    Systems administrators, they say, should stop worrying about getting users to create strong passwords and should focus instead on properly securing password databases and detecting leaks when they happen.

    The password strength meters and policies provided by systems administrators don’t work and putting the burden on users by asking them to create passwords long enough to withstand offline attacks is wasted effort – they simply won’t do it in large enough numbers.

    ...attempts to get users to choose passwords that will resist offline guessing, e.g., by composition policies, advice and strength meters, must largely be judged failures...

    Zero-user-burden mechanisms largely or entirely eliminating offline attacks exist, but are little-used...

    Demanding passwords that will withstand offline attack is a defense-in-depth approach necessary only when a site has failed both to protect the password file, and to detect the leak and respond suitably.

    If systems administrators did all that properly, they say, then you and I could happily stay secure with nothing more than a short pin code for each website.

    Unfortunately there’s no way for you to tell the good sites from the bad ones – do you know if the website you’ve just used stores its passwords in plain text or uses keyed hash functions? And if they told you, would you believe them?

    As a user, the only part of a security system you know anything about for sure is the bit you create, namely your password. Your password choice might not strengthen a weak system but it can certainly weaken a strong one.
    (bolding mine)
    a financial message board can cost you money.
    ^ bmoney, in TPH thread.

  2. #12
    Senior Member
    Join Date
    Apr 2009
    Location
    Victoria/Baja
    Posts
    221
    logged in for the last time by copying and pasting the temporary password you sent.
    And no, I will not be setting up a 10 character password.
    Member since 2009. Thank you for 8 years.

  3. #13
    Senior Member
    Join Date
    Sep 2013
    Location
    Ontario
    Posts
    967
    Quote Originally Posted by OnlyMyOpinion View Post
    Can log on ok with the PW you sent via email, but I cannot seem to change my password - nothing happens, and I have to continue to use the one you sent to logon.
    I assume the change PW page is expecting the PW you sent to be the "Current one"?
    Should a window pop up saying "password successfully changed or something?
    If it doesn't like the new PW you are trying to use how is that indicated?
    Thanks.

    Oh, and how long does CMF keep you logged in if you keep the browser page open but are inactive?
    You do have to enter the new one twice. I missed that the first time.

  4. Remove Advertisements
    CanadianMoneyForum.com
    Advertisements
     

  5. #14
    Senior Member
    Join Date
    Mar 2012
    Posts
    3,660
    I never got the email on your password reset. I just was told my login was no longer valid and had to go through the password reset manually.

    Can't say that I'm impressed.
    I'm not JustAGuy (without spaces), or Donald, or <insert name here>.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •