Password rules?

23tony · Jul 8, 2020

I'm curious about the password rules. Being a programmer by trade, specifically with a lot of web experience, I suppose I'm a bit more sensitive than most on this:

I just recovered my account (haven't been on for years) and I have a couple concerns about how passwords are handled:

First, why only letters & numbers? I tried to enter a secure password with several special characters ( like % * # ! etc.) but that was not allowed.

Also, why not a reset link instead of mailing a plain-text replacement password? That password could be intercepted, and it also leaves me wondering if passwords are stored in plain-text as well?

Granted, this isn't a bank, but I would still like to keep my info secure.

John Smith_inFL · Jul 8, 2020

welcome back, Tony.
my rule of thumb is to never put anything on the web that I can not
afford to share with anyone else.
if the trolls want it - they'll get it.
I was getting a lot of spam in my email recently (due to the Covid, I suppose).
went to Yahoo to change my password and saw that I have not changed it in
five (5) years. yeah, my bad. hopefully the spam will subside soon.

.

Redoak49 · Jul 8, 2020

No it is not a bank and I do not have any personal information here. If my account is hacked, what is my risk?

SMP · Jul 8, 2020

No it is not a bank and I do not have any personal information here. If my account is hacked, what is my risk?

- Redoak49

Worst case somebody steals your pictures of projects and say they built them.

torus · Jul 8, 2020

...
I was getting a lot of spam in my email recently (due to the Covid, I suppose).
went to Yahoo to change my password and saw that I have not changed it in
five (5) years. yeah, my bad. hopefully the spam will subside soon.

- John Smith

This March huge database of passwords was released on the DarkNet.

Worst case somebody steals your pictures of projects and say they built them.

- SMP

Other posibilities: use your account for spamping and inevitable blocking;
Or for phishing "useful" information from your LJ buddies…..

RichT · Jul 8, 2020

Worst case somebody steals your pictures of projects and say they built them.

- SMP

That's happened already. All someone has to do is right-click the image on the project page, copy the image address, and paste it with exclamation points around it here on LJ. Copying the image to post on other forums is just as easy.

I called out someone recently who posted several photos in a forum topic that were taken from another LJ's project post without attribution, making it look like they were claiming it as their own work.

351923 · Jul 8, 2020

Worst case somebody steals your pictures of projects and say they built them.

- SMP

That s happened already. All someone has to do is right-click the image on the project page, copy the image address, and paste it with exclamation points around it here on LJ. Copying the image to post on other forums is just as easy.

I called out someone recently who posted several photos in a forum topic that were taken from another LJ s project post without attribution, making it look like they were claiming it as their own work.

- Rich

Where do you think I get my pictures to post from to make it look like I have done projects?
(I really work at Burger King)

GR8HUNTER · Jul 8, 2020

Worst case somebody steals your pictures of projects and say they built them.

- SMP

That s happened already. All someone has to do is right-click the image on the project page, copy the image address, and paste it with exclamation points around it here on LJ. Copying the image to post on other forums is just as easy.

I called out someone recently who posted several photos in a forum topic that were taken from another LJ s project post without attribution, making it look like they were claiming it as their own work.

- Rich

Where do you think I get my pictures to post from to make it look like I have done projects?
(I really work at Burger King)

- LeeRoyMan

I'LL have a double whopper LeeRoy :<))) oh and a strawberryshake

351923 · Jul 8, 2020

I LL have a double whopper LeeRoy :<))) oh and a strawberryshake

- GR8HUNTER

Tomatoes and onions?

SMP · Jul 8, 2020

Other posibilities: use your account for spamping and inevitable blocking;
Or for phishing "useful" information from your LJ buddies…..

- torus

Jokes on them, I don't have any LJ buddies, lol. It would be way more difficult to try to brute force attack my password than to just create a free account in 5 seconds like most spammers do. Unless they like to torture themselves, in which case they probably buy ryobi tools.

controlfreak · Jul 8, 2020

This is a good reason not to use the same password for multiple accounts, just saying.

My project are so bad people would make sure to attribute them to me for sure.

pottz · Jul 8, 2020

Worst case somebody steals your pictures of projects and say they built them.

- SMP

That s happened already. All someone has to do is right-click the image on the project page, copy the image address, and paste it with exclamation points around it here on LJ. Copying the image to post on other forums is just as easy.

I called out someone recently who posted several photos in a forum topic that were taken from another LJ s project post without attribution, making it look like they were claiming it as their own work.

- Rich

Where do you think I get my pictures to post from to make it look like I have done projects?
(I really work at Burger King)

- LeeRoyMan

i thought the guy behind the mask at the drive through looked familiar.i told you no pickles and you screwed it up ! ;-\

Ocelot · Jul 8, 2020

Don't reuse passwords.

On LJ, my password is **. Easy.

At least it looks something like that when I type it in. More or less.

My banking passwords I generate randomly. They are as unguessable as possible.

-Paul

MrUnix · Jul 8, 2020

First, why only letters & numbers? I tried to enter a secure password with several special characters ( like % * # ! etc.) but that was not allowed.
[...]
Granted, this isn't a bank, but I would still like to keep my info secure.

I have a couple of banks I access online… one only allows letters + numbers and no special characters, the other one does. So even some banks feel that you can generate a secure enough password with just letters/numbers.

Cheers,
Brad

23tony · Jul 9, 2020

Well, as I said, I'm more sensitive than most, as appears quite obvious by the replies here. I've worked in web development for many years and it just makes me sad to see rules like that, given how easy it is to have rules like "minimum of 8 characters, any character combination allowed" (which is how I write my own code) - that way you could have a password like "This is my Password for my #1 site LumberJocks! Yay!!".

It especially disappoints me when banks do this, as MrUnix mentions. Amex is a good example, can't help but wonder if that's the one you meant.

It's just that this has been a problem for so long and is SO easy to fix, I don't understand why it's NOT fixed. Not just here but anywhere.

As for this forum, yeah, I'm not that worried about anyone hacking it. But it just struck me as a bit limiting. Frankly, if it's a matter of the software, I'd be happy to help/fix it. But since it seems nobody is too concerned, I guess I'll let it go.

Mike_in_STL · Jul 9, 2020

Working in the tech sector makes me sensitive to passwords as well. LJ has a special LJ only password and I try to make sure no essential info is posted in my profile or other postings.

06132485 · Jul 9, 2020

Anyone who leaves real personal info online, on a phone, or a computer gets what they sew. There is no such thing as innernut security.

Lee Roy, you da Man, cookin burgers, and all that woodwork. When do you sleep.

Password rules?

Top Contributors this Month

Recommended Communities