LumberJocks

Password rules?

  • Advertise with us

« back to LumberJocks.com Site Feedback forum

Forum topic by 23tony posted 07-08-2020 11:45 AM 444 views 0 times favorited 16 replies Add to Favorites Watch
View 23tony's profile

23tony

42 posts in 974 days


07-08-2020 11:45 AM

I’m curious about the password rules. Being a programmer by trade, specifically with a lot of web experience, I suppose I’m a bit more sensitive than most on this:

I just recovered my account (haven’t been on for years) and I have a couple concerns about how passwords are handled:

First, why only letters & numbers? I tried to enter a secure password with several special characters ( like % * # ! etc.) but that was not allowed.

Also, why not a reset link instead of mailing a plain-text replacement password? That password could be intercepted, and it also leaves me wondering if passwords are stored in plain-text as well?

Granted, this isn’t a bank, but I would still like to keep my info secure.


16 replies so far

View John Smith's profile (online now)

John Smith

2511 posts in 968 days


#1 posted 07-08-2020 11:55 AM

welcome back, Tony.
my rule of thumb is to never put anything on the web that I can not
afford to share with anyone else.
if the trolls want it – they’ll get it.
I was getting a lot of spam in my email recently (due to the Covid, I suppose).
went to Yahoo to change my password and saw that I have not changed it in
five (5) years. yeah, my bad. hopefully the spam will subside soon.

.

-- there is no educational alternative to having a front row seat in the School of Hard Knocks. --

View Redoak49's profile

Redoak49

4802 posts in 2794 days


#2 posted 07-08-2020 01:25 PM

No it is not a bank and I do not have any personal information here. If my account is hacked, what is my risk?

View SMP's profile

SMP

2250 posts in 711 days


#3 posted 07-08-2020 01:29 PM



No it is not a bank and I do not have any personal information here. If my account is hacked, what is my risk?

- Redoak49

Worst case somebody steals your pictures of projects and say they built them.

View torus's profile

torus

465 posts in 1218 days


#4 posted 07-08-2020 02:05 PM


...
I was getting a lot of spam in my email recently (due to the Covid, I suppose).
went to Yahoo to change my password and saw that I have not changed it in
five (5) years. yeah, my bad. hopefully the spam will subside soon.

- John Smith

This March huge database of passwords was released on the DarkNet.


Worst case somebody steals your pictures of projects and say they built them.

- SMP

Other posibilities: use your account for spamping and inevitable blocking;
Or for phishing “useful” information from your LJ buddies…..

-- "It's getting better..." - put this on my RIP stone!

View Rich's profile

Rich

5689 posts in 1394 days


#5 posted 07-08-2020 02:08 PM


Worst case somebody steals your pictures of projects and say they built them.

- SMP

That’s happened already. All someone has to do is right-click the image on the project page, copy the image address, and paste it with exclamation points around it here on LJ. Copying the image to post on other forums is just as easy.

I called out someone recently who posted several photos in a forum topic that were taken from another LJ’s project post without attribution, making it look like they were claiming it as their own work.

-- Half of what we read or hear about finishing is right. We just don’t know which half! — Bob Flexner

View LeeRoyMan's profile

LeeRoyMan

1250 posts in 532 days


#6 posted 07-08-2020 02:39 PM

Worst case somebody steals your pictures of projects and say they built them.

- SMP

That s happened already. All someone has to do is right-click the image on the project page, copy the image address, and paste it with exclamation points around it here on LJ. Copying the image to post on other forums is just as easy.

I called out someone recently who posted several photos in a forum topic that were taken from another LJ s project post without attribution, making it look like they were claiming it as their own work.

- Rich

Where do you think I get my pictures to post from to make it look like I have done projects?
(I really work at Burger King)

-- I only know what I know, nothing less, nothing more -- That doesn't count what I used to know..

View GR8HUNTER's profile

GR8HUNTER

7663 posts in 1517 days


#7 posted 07-08-2020 02:43 PM


Worst case somebody steals your pictures of projects and say they built them.

- SMP

That s happened already. All someone has to do is right-click the image on the project page, copy the image address, and paste it with exclamation points around it here on LJ. Copying the image to post on other forums is just as easy.

I called out someone recently who posted several photos in a forum topic that were taken from another LJ s project post without attribution, making it look like they were claiming it as their own work.

- Rich

Where do you think I get my pictures to post from to make it look like I have done projects?
(I really work at Burger King)

- LeeRoyMan


I’LL have a double whopper LeeRoy :<))) oh and a strawberryshake

-- Tony---- Reinholds,Pa.------ REMEMBER TO ALWAYS HAVE FUN

View LeeRoyMan's profile

LeeRoyMan

1250 posts in 532 days


#8 posted 07-08-2020 02:48 PM

I LL have a double whopper LeeRoy :<))) oh and a strawberryshake

- GR8HUNTER


Tomatoes and onions?

-- I only know what I know, nothing less, nothing more -- That doesn't count what I used to know..

View SMP's profile

SMP

2250 posts in 711 days


#9 posted 07-08-2020 03:27 PM


Other posibilities: use your account for spamping and inevitable blocking;
Or for phishing “useful” information from your LJ buddies…..

- torus

Jokes on them, I don’t have any LJ buddies, lol. It would be way more difficult to try to brute force attack my password than to just create a free account in 5 seconds like most spammers do. Unless they like to torture themselves, in which case they probably buy ryobi tools.

View controlfreak's profile (online now)

controlfreak

945 posts in 406 days


#10 posted 07-08-2020 03:55 PM

This is a good reason not to use the same password for multiple accounts, just saying.

My project are so bad people would make sure to attribute them to me for sure.

View pottz's profile

pottz

10326 posts in 1789 days


#11 posted 07-08-2020 06:18 PM


Worst case somebody steals your pictures of projects and say they built them.

- SMP

That s happened already. All someone has to do is right-click the image on the project page, copy the image address, and paste it with exclamation points around it here on LJ. Copying the image to post on other forums is just as easy.

I called out someone recently who posted several photos in a forum topic that were taken from another LJ s project post without attribution, making it look like they were claiming it as their own work.

- Rich

Where do you think I get my pictures to post from to make it look like I have done projects?
(I really work at Burger King)

- LeeRoyMan


i thought the guy behind the mask at the drive through looked familiar.i told you no pickles and you screwed it up ! ;-\

-- working with my hands is a joy,it gives me a sense of fulfillment,somthing so many seek and so few find.-SAM MALOOF.

View Ocelot's profile

Ocelot

2553 posts in 3443 days


#12 posted 07-08-2020 07:20 PM

Don’t reuse passwords.

On LJ, my password is **. Easy.

:-)

At least it looks something like that when I type it in. More or less.

My banking passwords I generate randomly. They are as unguessable as possible.

-Paul

View MrUnix's profile

MrUnix

8159 posts in 3004 days


#13 posted 07-08-2020 07:33 PM

First, why only letters & numbers? I tried to enter a secure password with several special characters ( like % * # ! etc.) but that was not allowed.
[...]
Granted, this isn’t a bank, but I would still like to keep my info secure.

I have a couple of banks I access online… one only allows letters + numbers and no special characters, the other one does. So even some banks feel that you can generate a secure enough password with just letters/numbers.

Cheers,
Brad

-- Brad in FL - In Dog I trust... everything else is questionable

View 23tony's profile

23tony

42 posts in 974 days


#14 posted 07-09-2020 05:16 PM

Well, as I said, I’m more sensitive than most, as appears quite obvious by the replies here. I’ve worked in web development for many years and it just makes me sad to see rules like that, given how easy it is to have rules like “minimum of 8 characters, any character combination allowed” (which is how I write my own code) – that way you could have a password like “This is my Password for my #1 site LumberJocks! Yay!!”.

It especially disappoints me when banks do this, as MrUnix mentions. Amex is a good example, can’t help but wonder if that’s the one you meant.

It’s just that this has been a problem for so long and is SO easy to fix, I don’t understand why it’s NOT fixed. Not just here but anywhere.

As for this forum, yeah, I’m not that worried about anyone hacking it. But it just struck me as a bit limiting. Frankly, if it’s a matter of the software, I’d be happy to help/fix it. But since it seems nobody is too concerned, I guess I’ll let it go.

View Mike_in_STL's profile

Mike_in_STL

1249 posts in 1339 days


#15 posted 07-09-2020 05:37 PM

Working in the tech sector makes me sensitive to passwords as well. LJ has a special LJ only password and I try to make sure no essential info is posted in my profile or other postings.

-- Sawdust makes me whole --Mike in STL

showing 1 through 15 of 16 replies

Have your say...

You must be signed in to reply.

DISCLAIMER: Any posts on LJ are posted by individuals acting in their own right and do not necessarily reflect the views of LJ. LJ will not be held liable for the actions of any user.

Latest Projects | Latest Blog Entries | Latest Forum Topics

HomeRefurbers.com