Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8

Steven Schveighoffer schveiguy at yahoo.com
Fri Apr 11 05:18:39 PDT 2014


On Fri, 11 Apr 2014 08:01:33 -0400, Manu <turkeyman at gmail.com> wrote:

> Well I missed it apparently.
>
> I'm extremely shocked, and rather angry. This is my 'low security risk'
> password, but I do share my low-security password among a few sites (I
> presume this is common practise), and I'm quite unimpressed to find such  
> a
> blatant disregard for my personal security and privacy from - of all  
> things
> - a forum full of smart, talented, and experienced programmers!
> Now I have to change my password everywhere, and remember to remember a
> special one just for this one forum! >_<  ... at least I know it'll  
> remind
> me what it is if I forget!

If, after the last year of hacking, and the heartbleed bug, people are not  
using password tracker/generators, you haven't learned anything :)

Every single one of my passwords is some random horrible set of  
characters, that even I don't know. And I can change them at any time  
without any worry of forgetting.

I use lastpass premium, $1/month. I started using it when a web site that  
I created a user for, to comment *once* on an article, ended up having its  
passwords stolen (in encrypted form), and I realized I had used the same  
password as my bank, credit card, email, etc.

A good article on password managers:

http://www.pcmag.com/article2/0,2817,2407168,00.asp

As a bonus, I keep all kinds of info in my last pass vault, that I would  
normally have to write down (like safe combinations, or key codes for  
doors). It's really cool to have an infinite memory for infrequently used,  
but very important things, that only I can access :)

They just updated their "challenge" tool to scour your passwords, tell you  
which ones are for sites that were affected by the heartbleed bug, whether  
those sites are now safe or not (including whether the certificate is new  
or not), and whether your password predates them making their site safe  
(so you should go change the password).

-Steve


More information about the Digitalmars-d mailing list