Single Signon Please? Passport, Last4?
My apologies for the fear mongering headline….(but I wanted you to think about this).
Ok, so my web host started restricting everybody to 1 database user account per database. Here’s the problem with that:
(in response to another user complaining about having write all the user/pass combos down).
yup. major !@#$ insecure writing this down. Here’s what everybody […]
My apologies for the fear mongering headline….(but I wanted you to think about this).
Ok, so my web host started restricting everybody to 1 database user account per database. Here’s the problem with that:
(in response to another user complaining about having write all the user/pass combos down).
yup. major !@#$ insecure writing this down. Here’s what everybody will do:
list of names:
username1/password1
username2/password2
username3/password3
username4/password4
username1/password5
username100/password100
Ok. I can’t commit a list of 100 username and password combos to memory. so what do I do?
I write them down….wait, nope. I can’t access that unless I’m at home.
So here’s what I do:
I save it in Notepad and ftp it on my web server as plain text, or in My online “notepad” my email service provides, or as an email in my “saves” folder.
Now at least I can get to it, but then again, so can everybody else who reads my email. (if you don’t think this is happening, do it again…wtf do you think a spam filter does? - it reads your email. WHO is filtering my spam?)
I’d be surprised if this post makes it past the 5 minute deletion time :) (referring to hosting provider perceived deletion of posts - may just be the search sucks. I can never find any of my threads).
Once again, the case can be made to ask the question:
“Who do you let filter YOUR spam?”
1) YourISP, Co
2) TheirISP, Co
3) MyISP, Co.
If you answered yes to one of the above, then face it. “THEY” are reading your email.
SO what…It’s a commonly known fact that email isn’t secure. FINE - this is absolutely true. But does everybdoy know that? I do NOT like writing down passwords, however because nobody will come to agreement on an authentication standard in this area, or it’s too difficult or costly to implement in legacy systems, we as the human species will have to continue to jot down these numbers which are overloading our short-term memory.
THIS is waht I REALLY Hate:
Choose password:
Here’s the error message I get:
“Sorry! It’s not valid, we don’t like those “funny characters”. Please use something simple and guessable like “abcdefgh” (but please make it 8 characters so the people trying to crack into your account will know when to break out of the loop…if you think that’s dumb. please include up to TWO digits of your choosing! Yes that’s right (but they can only be between 0-9). Remember, we’ll be crunching these 8 million per second on our hopped up version of Jack the Ripper. So it DOES make a difference, at least to them!”
— your friendly neighborhood Cr4k3rH3ad
ps - we’ll continue to work on your password while you’re asleep, or simply read your list you emailed to yourself (yeah, we saw that too).
I went off on a tangent with the spam filtering conpiracy thing (this just occrured to me while I was thinking about automated filtering). It’s completely possible, however. GMail anyone? - it IS a great service, and out of the spam filtering I tested, got the best rating among the two free email services I tested. But when you find out they were reading your email and buidling a profile on you, don’t come cryin’ to me baby ;-)
You’ve been forewarned, your ignorance is their gain.
It’s difficult to be anonymous online :-)
