15 replies to this topic

[CeeCee]

http://www.microsoft.com/protect/yourself/...rd/checker.mspx

https://amethyst2.cit.cornell.edu/cuwl-cgi/...passCheck1.cgi/ This one is for paranoids, since it's a TLS protected page.

[LUSHER]

CeeCee, on Dec 6 2007, 01:12 PM, said:

http://www.microsoft.com/protect/yourself/...rd/checker.mspx

https://amethyst2.cit.cornell.edu/cuwl-cgi/...passCheck1.cgi/ This one is for paranoids, since it's a TLS protected page.

Paranoid or not, it's silly to enter your real passwords into such "checkers" whether TLS or not.

[CeeCee]

LUSHER, on Dec 7 2007, 03:41 PM, said:

Paranoid or not, it's silly to enter your real passwords into such "checkers" whether TLS or not.

You can change a letter or two from the real password. I did so. I don't think that makes any difference. For example, if your real PW is pass1234, you can type pess1235. You get the basic idea, what ever your PW is strong or weak.

Also, this is what they say on the Microsoft checker:

Password Checker does not collect, store, or transmit information beyond the computer that you use to access Password Checker. The image works on your computer desktop until you navigate away from the page.

The security of the passwords entered into Password Checker is similar to the security of the password you enter when you log into Windows. The password is checked and validated on your computer, but is not sent over the Internet.

[Andavari]

Looks like I need to change my forum login password as MS deems it to be weak, but I think I already knew that. At least my email password is medium, but I suppose it needs some thoughtful improvement too.

[CeeCee]

It's good to change (some of) your passwords sometimes, even though you are sure, that your password is not in the wrong hands. I change my online banking password maybe 2 times a year. Or atleast once a year. When and if you change, make sure that it's no weaker than previous one.

[LUSHER]

CeeCee, on Dec 7 2007, 03:49 PM, said:

You can change a letter or two from the real password. I did so. I don't think that makes any difference. For example, if your real PW is pass1234, you can type pess1235. You get the basic idea, what ever your PW is strong or weak.

Also, this is what they say on the Microsoft checker:

Password Checker does not collect, store, or transmit information beyond the computer that you use to access Password Checker. The image works on your computer desktop until you navigate away from the page.

The security of the passwords entered into Password Checker is similar to the security of the password you enter when you log into Windows. The password is checked and validated on your computer, but is not sent over the Internet.

Sounds like BS to me. If the password is checked and validated on your computer, why the need for TLS? Also even if everything is local (e.g javascript) , you can imagine scenarios with XSS attacks etc.

Granted all this is very unlikely, but that's not my point away.

The reason why i said i did "paranoid or not....", has nothing to do with whether it can be exploited or not. Rather I was trying to imply that doing so doesn't give you any meaningful information really.

You already know how strong or weak (roughly) your password is, or really you are wasting your time here...

[Pfipps]

I just use keepass because it has a password strength tester. I think those password managers are great pieces of free software. You also have
Password Safe.

[Humpty]

System Information for Windows (SIW) easily shows all my login names and passwords for every forum and OE's email accounts.

Does it show your passwords, even with your password security apps installed?

SIW

[davey]

Hey Humpty,
Thanks for the link.
davey

[JDPower]

Humpty, on Dec 15 2007, 01:01 AM, said:

System Information for Windows (SIW) easily shows all my login names and passwords for every forum

Really? All it shows on mine is my router login password

[Humpty]

JDPower, on Dec 18 2007, 02:20 PM, said:

Really? All it shows on mine is my router login password

Naturally if I delete all FF's cookies my forum login details don't show.

Protected storage is running but my OE usernames/passwords still show but my router login doesn't.

[JDPower]

Humpty, on Dec 18 2007, 09:31 AM, said:

Naturally if I delete all FF's cookies my forum login details don't show.

Protected storage is running but my OE usernames/passwords still show but my router login doesn't.

Nope, doesn't show anything from my Firefox cookies. I have the protected storage service disabled though, maybe that is the reason.

[CeeCee]

Perfect Passwords - GRC's Ultra High Security Password Generator: https://www.grc.com/passwords.htm

[Matt_]

I use the same password for an almost innumerable number of websites, and don't really care that its strength is seriously lacking.

I was victim six months or so of a 100$ fraud on Paypal, but I was quickly reimbursed after I contacted the technical support authorities of the latter corporation. I only changed it thereafter because I was prompted to do so by the login system.

By the way, any reason why my signature was hijacked by Piriform ?

[hotdoge3]

I try for a long time said all my Password not good so I try Catdog1E it said very good? so how is that?

[hotdoge3]

Matt_, on Dec 31 2007, 07:51 PM, said:

I use the same password for an almost innumerable number of websites, and don't really care that its strength is seriously lacking.

I was victim six months or so of a 100$ fraud on Paypal, but I was quickly reimbursed after I contacted the technical support authorities of the latter corporation. I only changed it thereafter because I was prompted to do so by the login system.

By the way, any reason why my signature was hijacked by Piriform ?

did it look like this  Paypal___Monkey.JPG   43.75K   12 downloads