Hack! Hack! Hack! I'm not coughing.

[bobby 55]

I've spent most of this morning tracking (trying to at least) sites where I may have used the same password as I did on the Bioware social forums. If you're unaware there's been another hacking and even though I don't even own a copy of NWN, the forum hacked, EA sent me an advisory email to change my password, and to change it at other sites where I might have used the same password. *sighs*

I've tracked down a few but can't remember everyone. Fortunately I have unique passwords for non gaming sites, though that doesn't make me wish any less that the hacking see-you-next-tuedays would disappear into another dimension.

[justanotherfan]

There's a password thread here somewhere. I always recommend having unique passwords everywhere. Since it's impossible to remember them all, at least without some predictable formula (eg. "theamazondotcompassword"), local encrypted records are fairly safe. It makes a single controllable point of complete failure with contained exterior failure points, rather than a distributed insecure trust network entirely vulnerable at every point.

And what's with all the hack news? Who thought sql injection would make corporations tremble? If I give a videogame company records of my birthday and credit cards tied to a password I use everywhere else, I'd deserve a kick in the pants, but suddenly millions of people's personal information is listed on torrent trackers.

[bobby 55]

I don't think I've saved my debit card details on any sites, though they could sell your email address to spammers anyway. Most of the gaming sites I visit are mod related. You make a good point for having a unique password everywhere and the events of the last few months re-enforces it.

[chris the cynic]

Piece of advice from bad science fiction movie (probably Post Impact): the best password is one you can remember.

Ideally we'd all have a unique password for every place we ever visit and each of those passwords would be a random string of numbers and letters (and other assorted symbols where possible, but some things only allow numbers and letters) making it impossible for anyone to guess it using anything other than trying every possible combination with brute force. But then how would you remember?

-

One thing that I did when I was younger was had a shape. I think I've heard my sister say she does it now. That can, in theory, allow you to have many passwords while the memory load is closer to one. So consider Alex Jacobson's password, calvo as I recall. If you do the same motions, but start one key to the left it becomes: xKCI, if instead you move one key up it is dqof9, one key to the right is vs;bp, one key down is " z. l" so on, instead of needing to remember five different passwords, you remember one password and then you just have to remember five different places to start. You don't need to know what the passwords are, you just need to get your fingers in the right starting position, and they'll find the keys.

If you're going to do such a thing, you'd probably want to pick a narrower password than calvo seeing as how it is the width of the entire home row of letters and thus doesn't give you much space for left to right movement of your shape.

That is not what I do, my stance towards password security is unwise at best.

[justanotherfan]

lol, I just read an article that a regional supermarket was hacked, giving 58,000 people's names, passwords, and addresses etc.

I like mysql, but how embarrassing for them.

Also just read news about some confidential documents related to police procedures, especially concerning the prevention and destruction of video-recordings of police action.

I like this, generally. We're living in a more open society. Truth to power, etc. Still, it hurts individuals. I've been surprised at how valuable "Name, Address, Birthday" is to identity thieves. My local privacy laws limit collection and retention of personal information, which is one answer, but hopefully there's a way to make personal info less valuable. We could switch from cash&credit to credit chits, but then JC would h4ck our ATMs and then all our credits are belong to him.

[bobby 55]

Hahaha! At least JC would use your credit for a noble cause.

Thanks Chris, I've had simplified passwords, except for email, banking, ISP, and a couple of others. I might give it a try, although the minimum 6 character thing might need numbers to help satisfy their criteria. There are some that insist on alpha-numeric as well, as you'd know. I'd use acronyms that suited my mood last night but there's only so many ways to use B, F, P, and S.

[Jaedar]

I too got the same email but the bioware forums were one of those sites where I used a shitty password that I don't care if it gets stolen.

[gamer0004]

Indeed the best password is one you can remember. I have two passwords: one safe password I use for important things like my email, banking &c., one relatively weak password (still consists of letters, numbers and signs). The safe password is somehwat different for every site (capital letters, extra or different letters/signs &c.). My simple password consists of two sorts of passwords: one really simple version and one that's somewhat more complex.
I use my simple passwords for websites that don't pose a problem if they get hacked: these forums, for instance, and other sites where you have to register to be able to comment or whatever. If I get hacked nothing important gets stolen. I also have one email address which I use for registering on these websites so they can spam me all the want on that email address.

The problem is that some websites require me to change my password every half year or so. That's actually a really bad policy. It's far worse if they actually have idiotic requirements. I had to create a password for my creditcard which:
-Had to consist of at least 8 characters and no more than 12
-Had to consist of at least one number and one capital letter
-Was not allowed to consist of anything besides letters and numbers (though it didn't mention this, the website did not accept any password which consisted of one or more symbols).

All my standard passwords were too long (why a maximum of 12? Also, it's a really small margin, 8-12, wtf?), other passwords I use have signs in them so I had to come up with a new, completely random password which I had to write down because otherwise I won't be able to remember it (I hardly ever use the password so that makes it even more difficult to remember). Great security.

[Jonas]

I don't even remember what password I used for the Neverwinter forums. It... miiiiiight be my second-least secure one, in which case... fuck it.

[Jaedar]

As for how many passwords I have: Quite many. Secure ones are only used once(University, Job, Email, bank, etc). Then I have a medium strength password which I use for MMO's and stuff like that and then a low strength p/w for everything else basically.

[Jetsetlemming]

Glad to see you're now dedicated to security, EA (goddamn it)

[Jaedar]

-snip-
Glad to see you're now dedicated to security, EA (goddamn it)

We at EA™ are happy to announce our innovate, new and substantially more epic than its predecessor, the passw2rd system™! We have totally redesigned and streamlined the user input to prevent you from having to remember those long and annoying codes.

Also I just noticed stEAm servers are giving me a hard time. Coincidence, I think not!

[Jonas]

That shit is not acceptable.

[justanotherfan]

People (and companies) like to control things. Control is part of security. Combine the two, and you get short passwords that expire every 2 months. The result is that my forum passwords are often over fourty characters, while my financial stuff had been "bankpassword1", then "bankpassword2", then....

The best is the password recovery questions, where they force the user to answer "What is your cat, dog, or other pet's name?" and "What is your mother's maiden name?". Great, now only my family and people who know me can reset my password. If I ever answer truthfully instead of giving random words, I'd expect to find my info in a torrent somewhere.

[Jaedar]

People (and companies) like to control things. Control is part of security. Combine the two, and you get short passwords that expire every 2 months. The result is that my forum passwords are often over fourty characters, while my financial stuff had been "bankpassword1", then "bankpassword2", then....

The best is the password recovery questions, where they force the user to answer "What is your cat, dog, or other pet's name?" and "What is your mother's maiden name?". Great, now only my family and people who know me can reset my password. If I ever answer truthfully instead of giving random words, I'd expect to find my info in a torrent somewhere.

Yeah, anyone with google or facebook can find that info out in 2 seconds flat. Some sites let you set your own question and answer, which sounds like a good thing to me. A shame it hasn't caught on.