Got something to say or just want fewer pesky ads? Join us... 😊

Top 10 passwords you should never use







Triggaaar

Well-known member
Oct 24, 2005
53,186
Goldstone
37 members of NSC have their password set to be the same as their username.
How do you know? Are you storring our passwords unencrypted?
 




Badger

NOT the Honey Badger
NSC Patron
May 8, 2007
13,107
Toronto
This was my thoughts, surely you only store a hash of the password not clear text, what a scandalous infringement of my privacy :eek:

You can still work it out, just hash the username and if the password hash matches the username hash then they are the same (unless you are using a very weak hashing algorithm)
 


Tom Hark Preston Park

Will Post For Cash
Jul 6, 2003
72,350
Errr.....this doesn't mean that he should have unencrypted access to this data.

Quite. Many people will have the same password for NSC, Facebook, email etc etc. Which leaves it open to abuse, especially now there's direct links between NSC and Facebook. Mods should not have access to unencrypted passwords.
 












Bozza

You can change this
Helpful Moderator
Jul 4, 2003
57,295
Back in Sussex
I'm surprised mods have access to members passwords.

Mods don't. And neither do I.

But vBulletin includes a "vulnerable password checker" which allows the admin to send an automated email to all users who have a "vulnerable password" of which the current definition is that the username and password are identical. I don't know who those 37 users are.

(Earlier versions of vBulletin allowed you to search for users by password. This meant I could for example, search for users who had 'seagulls' as their password and it would return a list of all such users. To the best of my knowledge vBulletin has never had a "show me a user's password" function. In fact, and users who have had problems accessing NSC will be able to testify, if I want to see first-hand the issues they are having, I will ask if they mind sharing their password with me so I can investigate).
 


Tom Hark Preston Park

Will Post For Cash
Jul 6, 2003
72,350
Mods don't. And neither do I.

But vBulletin includes a "vulnerable password checker" which allows the admin to send an automated email to all users who have a "vulnerable password" of which the current definition is that the username and password are identical. I don't know who those 37 users are.

(Earlier versions of vBulletin allowed you to search for users by password. This meant I could for example, search for users who had 'seagulls' as their password and it would return a list of all such users. To the best of my knowledge vBulletin has never had a "show me a user's password" function. In fact, and users who have had problems accessing NSC will be able to testify, if I want to see first-hand the issues they are having, I will ask if they mind sharing their password with me so I can investigate).

That's OK then. Cheers. :thumbsup:
 


Bozza

You can change this
Helpful Moderator
Jul 4, 2003
57,295
Back in Sussex
Quite. Many people will have the same password for NSC, Facebook, email etc etc. Which leaves it open to abuse, especially now there's direct links between NSC and Facebook. Mods should not have access to unencrypted passwords.

Nice to see I've been hung, drawn and quartered before I even responded.

A couple of other points...

1. There is a big difference between mods and admins in vBulletin. I am the only person with admin powers. (But as above, neither provides access to clear text passwords, for obvious reasons).

2. You should not use the same password for multiple sites as one compromise can lead to many others.
 


















Andrew

New member
May 15, 2008
3,002
Sussex
Nice to see I've been hung, drawn and quartered before I even responded.

A couple of other points...

1. There is a big difference between mods and admins in vBulletin. I am the only person with admin powers. (But as above, neither provides access to clear text passwords, for obvious reasons).

2. You should not use the same password for multiple sites as one compromise can lead to many others.

You can use the same password but surely if that password is extremely strong than that's ok.

I tend to vary passwords though, anyone using passwords like "12345" is just stupid, or there own username.

Perhaps you should make a sticky Bozza about making stronger passwords, as if 37 grown adults are using their own name is just stupid...
 




Sussex Nomad

Well-known member
Aug 26, 2010
18,185
EP
You can use the same password but surely if that password is extremely strong than that's ok.

I tend to vary passwords though, anyone using passwords like "12345" is just stupid, or there own username.

Perhaps you should make a sticky Bozza about making stronger passwords, as if 37 grown adults are using their own name is just stupid...

Hmmmm can I bring to your attention the amount of online people duped into the $60 million left by a relative email? To the point where people have died because they believed it. There are stupid people on the internet!
 


hitony

Administrator
Jul 13, 2005
16,284
South Wales (im not welsh !!)
Can I just seriously confirm something, I could'nt remember my password a couple years ago, so PMed Bozza and asked him to supply me with it, he could'nt as he can't access it, if my memory serves me well I think El Presidente had same sort of problems many moons ago.

So please don't worry guys :)
 


Albion and Premier League latest from Sky Sports


Top
Link Here