Got something to say or just want fewer pesky ads? Join us... 😊

Register Log in

Top 10 passwords you should never use







Triggaaar

Triggaaar

Well-known member
Oct 24, 2005
52,286
Goldstone
Bozza said:
37 members of NSC have their password set to be the same as their username.
Click to expand...
How do you know? Are you storring our passwords unencrypted?
 




Badger

Badger

NOT the Honey Badger
NSC Patron
May 8, 2007
13,013
Toronto
Lethargic said:
This was my thoughts, surely you only store a hash of the password not clear text, what a scandalous infringement of my privacy :eek:
Click to expand...

You can still work it out, just hash the username and if the password hash matches the username hash then they are the same (unless you are using a very weak hashing algorithm)
 


Tom Hark Preston Park

Tom Hark Preston Park

Will Post For Cash
Jul 6, 2003
71,965
dejavuatbtn said:
Errr.....this doesn't mean that he should have unencrypted access to this data.
Click to expand...

Quite. Many people will have the same password for NSC, Facebook, email etc etc. Which leaves it open to abuse, especially now there's direct links between NSC and Facebook. Mods should not have access to unencrypted passwords.
 












Bozza

Bozza

You can change this
Helpful Moderator
Jul 4, 2003
56,735
Back in Sussex
Tom Hark said:
I'm surprised mods have access to members passwords.
Click to expand...

Mods don't. And neither do I.

But vBulletin includes a "vulnerable password checker" which allows the admin to send an automated email to all users who have a "vulnerable password" of which the current definition is that the username and password are identical. I don't know who those 37 users are.

(Earlier versions of vBulletin allowed you to search for users by password. This meant I could for example, search for users who had 'seagulls' as their password and it would return a list of all such users. To the best of my knowledge vBulletin has never had a "show me a user's password" function. In fact, and users who have had problems accessing NSC will be able to testify, if I want to see first-hand the issues they are having, I will ask if they mind sharing their password with me so I can investigate).
 


Tom Hark Preston Park

Tom Hark Preston Park

Will Post For Cash
Jul 6, 2003
71,965
Bozza said:
Mods don't. And neither do I.

But vBulletin includes a "vulnerable password checker" which allows the admin to send an automated email to all users who have a "vulnerable password" of which the current definition is that the username and password are identical. I don't know who those 37 users are.

(Earlier versions of vBulletin allowed you to search for users by password. This meant I could for example, search for users who had 'seagulls' as their password and it would return a list of all such users. To the best of my knowledge vBulletin has never had a "show me a user's password" function. In fact, and users who have had problems accessing NSC will be able to testify, if I want to see first-hand the issues they are having, I will ask if they mind sharing their password with me so I can investigate).
Click to expand...

That's OK then. Cheers. :thumbsup:
 


Bozza

Bozza

You can change this
Helpful Moderator
Jul 4, 2003
56,735
Back in Sussex
Tom Hark said:
Quite. Many people will have the same password for NSC, Facebook, email etc etc. Which leaves it open to abuse, especially now there's direct links between NSC and Facebook. Mods should not have access to unencrypted passwords.
Click to expand...

Nice to see I've been hung, drawn and quartered before I even responded.

A couple of other points...

1. There is a big difference between mods and admins in vBulletin. I am the only person with admin powers. (But as above, neither provides access to clear text passwords, for obvious reasons).

2. You should not use the same password for multiple sites as one compromise can lead to many others.
 


















A

Andrew

New member
May 15, 2008
3,002
Sussex
Bozza said:
Nice to see I've been hung, drawn and quartered before I even responded.

A couple of other points...

1. There is a big difference between mods and admins in vBulletin. I am the only person with admin powers. (But as above, neither provides access to clear text passwords, for obvious reasons).

2. You should not use the same password for multiple sites as one compromise can lead to many others.
Click to expand...

You can use the same password but surely if that password is extremely strong than that's ok.

I tend to vary passwords though, anyone using passwords like "12345" is just stupid, or there own username.

Perhaps you should make a sticky Bozza about making stronger passwords, as if 37 grown adults are using their own name is just stupid...
 




S

Sussex Nomad

Well-known member
Aug 26, 2010
18,185
EP
Andrew said:
You can use the same password but surely if that password is extremely strong than that's ok.

I tend to vary passwords though, anyone using passwords like "12345" is just stupid, or there own username.

Perhaps you should make a sticky Bozza about making stronger passwords, as if 37 grown adults are using their own name is just stupid...
Click to expand...

Hmmmm can I bring to your attention the amount of online people duped into the $60 million left by a relative email? To the point where people have died because they believed it. There are stupid people on the internet!
 


hitony

hitony

Administrator
Jul 13, 2005
16,284
South Wales (im not welsh !!)
Can I just seriously confirm something, I could'nt remember my password a couple years ago, so PMed Bozza and asked him to supply me with it, he could'nt as he can't access it, if my memory serves me well I think El Presidente had same sort of problems many moons ago.

So please don't worry guys :)
 


You must log in or register to reply here.
Albion and Premier League latest from Sky Sports

Share this page


Top
Link Here