Read the blogs!
Started by LiroyvH, July 23, 2013, 12:45:08 PM
Quote from: ChalkCat on July 27, 2013, 05:46:12 PM.... and occasionally demand cups of tea
Quote from: CoreISPNo comment at this time.
Quote from: Kindred on July 27, 2013, 07:18:13 PMbrynn,because he was not aware that the other site had been compromised. The reason that we put this out as fast as we did after confirming the issue was to avoid just that scenario... the hacker's goal was to acquire the information as quietly as possible, thus avoiding anyone knowing and resetting their passwords on other sites.
Quote from: evgueni on July 27, 2013, 08:16:31 PMI fail to find how to change my community password here... Is anybody else has troubles changing it?
Quote from: dsl25Nobody is 100% secure on the internet and I find all those posts trying to blame someone really pathetic.
Quote from: incomviet on July 28, 2013, 08:04:48 AMWondering which Admin very good
Quote from: French on July 28, 2013, 06:39:56 AMlike i said before passwords must be changed on a regularly base.Not everyone seems to agree
QuoteSo in general: you don't need to regularly change the password to your computer or online financial accounts (including the accounts at retail sites); definitely not for low-security accounts. You should change your corporate login password occasionally, and you need to take a good hard look at your friends, relatives, and paparazzi before deciding how often to change your Facebook password. But if you break up with someone you've shared a computer with, change them all.
QuoteThe result is a stale policy that may no longer be effective...or possibly even dangerous.Policies requiring regular password changes (e.g., monthly) are an example of exactly this form of infosec folk wisdom....This is DESPITE the fact that any reasonable analysis shows that a monthly password change has little or no end impact on improving security! It is a "best practice" based on experience 30 years ago with non-networked mainframes in a DoD environment—hardly a match for today's systems, especially in academia!
QuoteUsers have to remember too many passwords these days; if they're forced to change them too often, evasive behavior results. Password patterns—secret1, secret2, Secret1, Secret2, and so on—can't be detected unless cleartext of old passwords is stored (on yellow stickies or in plaintext files on insecure machines, for example).
QuoteMany users have to remember multiple passwords, that is, use different passwords for different applications and/or change passwords frequently due to password expiration mechanisms. Having a large number of passwords reduces their memorability and increases insecure work practices, such as writing passwords down—50% of questionnaire respondents wrote their passwords down in one form or another. One employee emphasized this relationship when he said "...because I was forced into changing it every month I had to write it down."