Re: Password Recovery

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2020-12-16 at 07:51 -0400, George N. White III wrote:
> There are services like https://haveibeenpwned.com/ that check
> passwords against captured databases.  Google will warn you if a
> password saved in Chrome appears in one of the stolen password
> databases.   When this was introduced it detected couple
> stolen passwords that I used used with sites that either went out of
> business or were taken over by "bad actors". I think a number of
> other password managers can also check against the databases.

My concern with those kinds of services are that there's two ways they
can work:

1. You send them your password, and they look it up in their database.
2. A similar kind of thing is done where they compare checksums rather
than the actual passwords.

Either way, it's ripe for exploitation.  No doubt there's fake password
check sites out there that just immediately skim your password for
their own purposes.  I'm more in favour of a kind of site that logs
which sites have been compromised or bought out, and when, then you can
decide whether to change your passwords with them, or leave.

Always use good, and totally different passwords for all services, as a
matter of course.

I'm against the usual password polices, as well.  Repetitively changing
your password is no guarantee of avoiding being hacked, and is more
likely to lead to you forgetting your passwords.  And weird untypeable
and unmemorable number and letter combinations are more of a problem
for yourself than any exploiters.  And when banks tell you that you
must use an eight-character-long password I just want to scream at
them.
 
-- 
 
uname -rsvp
Linux 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux