Yahoo plans to eliminate passwords, starting next month
http://www.reuters.com/article/2015/10/ ... M220151015
The elimination of passwords?
-
andrewjoy
- Location: UK
- Main keyboard: Filco ZERO green alps, Model F 122 Terminal
- Main mouse: Ducky Secret / Roller Mouse Pro 1
- Favorite switch: MX Mount Topre / Model F Buckling
- DT Pro Member: 0167
I have nothing against 2 step verification but this is a stupid idea.
Is it just by text ? If so you know that's open and almost trivial to spoof.
If its an authenticator RSA style app with a pre shared key that's 100% fine , but you still need a password as well what if you have to reinstall the app or update your phone ? Sure you can get the alternative email and phone but that's open to exploitation, especially as we know people use the same login for everything.
No offence to anyone who uses it but i have never seen a competent computer user who uses yahoo, possibly its just me who used to work in a public library and dealt with people who cannot even spell there own name and spell YouTube starting with a u.
Is it just by text ? If so you know that's open and almost trivial to spoof.
If its an authenticator RSA style app with a pre shared key that's 100% fine , but you still need a password as well what if you have to reinstall the app or update your phone ? Sure you can get the alternative email and phone but that's open to exploitation, especially as we know people use the same login for everything.
No offence to anyone who uses it but i have never seen a competent computer user who uses yahoo, possibly its just me who used to work in a public library and dealt with people who cannot even spell there own name and spell YouTube starting with a u.
-
seebart
- Offtopicthority Instigator
- Location: Germany
- Main keyboard: Rotation
- Main mouse: Steelseries Sensei
- Favorite switch: IBM capacitive buckling spring
- DT Pro Member: 0061
- Contact:
I know this is a little off topic but I am sick and tired of having to remember well over 10 "good" passwords for my daily computing life. I won't use any "one password for all" type software either.
-
andrewjoy
- Location: UK
- Main keyboard: Filco ZERO green alps, Model F 122 Terminal
- Main mouse: Ducky Secret / Roller Mouse Pro 1
- Favorite switch: MX Mount Topre / Model F Buckling
- DT Pro Member: 0167
What do you have against such software ? They are heavily encrypted and you can unlock them with a hash on a USB stick or one super password. You can even set them up to have super complex passwords for everything , you don't even need to know what the password is.
-
XMIT
- [ XMIT ]
- Location: Austin, TX area
- Main keyboard: XMIT Hall Effect
- Main mouse: CST L-Trac Trackball
- Favorite switch: XMIT 60g Tactile Hall Effect
- DT Pro Member: 0093
I use KeePass. I worked for a financial firm in New York that thought this was secure enough for their needs. We kept passwords to production systems in KeePass.
-
webwit
- Wild Duck
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
- Contact:
It's a nice way for Yahoo to collect phone numbers of its users, which is valuable data.
-
seebart
- Offtopicthority Instigator
- Location: Germany
- Main keyboard: Rotation
- Main mouse: Steelseries Sensei
- Favorite switch: IBM capacitive buckling spring
- DT Pro Member: 0061
- Contact:
Recomend me one and I'll try it Andrew! Yeah I think I've seen KeePass before.I guess I can give it a shot.andrewjoy wrote: ↑What do you have against such software ? They are heavily encrypted and you can unlock them with a hash on a USB stick or one super password. You can even set them up to have super complex passwords for everything , you don't even need to know what the password is.
Last edited by seebart on 15 Oct 2015, 20:53, edited 1 time in total.
-
XMIT
- [ XMIT ]
- Location: Austin, TX area
- Main keyboard: XMIT Hall Effect
- Main mouse: CST L-Trac Trackball
- Favorite switch: XMIT 60g Tactile Hall Effect
- DT Pro Member: 0093
KeePass is one. http://keepass.info/
-
andrewjoy
- Location: UK
- Main keyboard: Filco ZERO green alps, Model F 122 Terminal
- Main mouse: Ducky Secret / Roller Mouse Pro 1
- Favorite switch: MX Mount Topre / Model F Buckling
- DT Pro Member: 0167
XMIT wrote: ↑I use KeePass. I worked for a financial firm in New York that thought this was secure enough for their needs. We kept passwords to production systems in KeePass.
yeah i use that too. There is a chrome extension that can do it too but i am not sure i trust Google, chromium yes Google not so much. Not to mention that i use safari on mac for most things , i still have chrome as neflix wont work in safari it tells me i dont have one of them stupid compliant displays where as chrome does not give 2 shits.
-
seebart
- Offtopicthority Instigator
- Location: Germany
- Main keyboard: Rotation
- Main mouse: Steelseries Sensei
- Favorite switch: IBM capacitive buckling spring
- DT Pro Member: 0061
- Contact:
Fine I'll try it.
-
andrewjoy
- Location: UK
- Main keyboard: Filco ZERO green alps, Model F 122 Terminal
- Main mouse: Ducky Secret / Roller Mouse Pro 1
- Favorite switch: MX Mount Topre / Model F Buckling
- DT Pro Member: 0167
http://surf.suckless.org/ windows build please ! 
-
Muirium
- µ
- Location: Edinburgh, Scotland
- Main keyboard: HHKB Type-S with Bluetooth by Hasu
- Main mouse: Apple Magic Mouse
- Favorite switch: Gotta Try 'Em All
- DT Pro Member: µ
Yeah, who would ever be caught dead using incorrect spelling at a computer?andrewjoy wrote: ↑No offence to anyone who uses it but i have never seen a competent computer user who uses yahoo, possibly its just me who used to work in a public library and dealt with people who cannot even spell there own name and spell YouTube starting with a u.
Anyway, I'm one of those despicable rubes who trusts Apple, via iCloud Keychain Sync, to store all my passwords and sync them between my computers and phone. Works perfectly well for me. But I'm sure I'm due almighty punishment in some imaginary scenario. As are we all…
-
JBert
- Location: Belgium, land of Liberty Wafles and Freedom Fries
- Main keyboard: G80-3K with Clears
- Favorite switch: Capacitative BS
- DT Pro Member: 0049
I'm more fan of Password Safe whose format has been pretty stable for the last few years.
-
XMIT
- [ XMIT ]
- Location: Austin, TX area
- Main keyboard: XMIT Hall Effect
- Main mouse: CST L-Trac Trackball
- Favorite switch: XMIT 60g Tactile Hall Effect
- DT Pro Member: 0093
That's why I like KeePass. I use it on Windows, Mac, Linux, and Android. I move the encrypted password file around and decrypt as needed with a passphrase.chzel wrote: ↑Password manager apps are nice and all, but what happens when you need to log in from a different PC?
-
JBert
- Location: Belgium, land of Liberty Wafles and Freedom Fries
- Main keyboard: G80-3K with Clears
- Favorite switch: Capacitative BS
- DT Pro Member: 0049
Supposedly you could use one of these: https://www.yubico.com/product/password-safe-bundle/chzel wrote: ↑Password manager apps are nice and all, but what happens when you need to log in from a different PC?
-
andrewjoy
- Location: UK
- Main keyboard: Filco ZERO green alps, Model F 122 Terminal
- Main mouse: Ducky Secret / Roller Mouse Pro 1
- Favorite switch: MX Mount Topre / Model F Buckling
- DT Pro Member: 0167
Oh shush, yes poor grammar and a few incorrect wordsMuirium wrote: ↑ Yeah, who would ever be caught dead using incorrect spelling at a computer?
, but at least i get my name right .-
seebart
- Offtopicthority Instigator
- Location: Germany
- Main keyboard: Rotation
- Main mouse: Steelseries Sensei
- Favorite switch: IBM capacitive buckling spring
- DT Pro Member: 0061
- Contact:
I got typos in almost every one of my posts, that's why I need to edit so much. And on top of that some of those ancient keyboards I use don't work 100% all the time. 
-
Muirium
- µ
- Location: Edinburgh, Scotland
- Main keyboard: HHKB Type-S with Bluetooth by Hasu
- Main mouse: Apple Magic Mouse
- Favorite switch: Gotta Try 'Em All
- DT Pro Member: µ
What! If there's something I can't stand, even in a vintage mech — no, especially in a vintage mech! — it's faulty keys. I make quite enough mistakes (rewriting my own sentences while I'm still typing them) that I demand perfection from my keyboards. Bounce, chatter and ghosting are just the sort of things that got me off shitty modern boards in the first place.
-
seebart
- Offtopicthority Instigator
- Location: Germany
- Main keyboard: Rotation
- Main mouse: Steelseries Sensei
- Favorite switch: IBM capacitive buckling spring
- DT Pro Member: 0061
- Contact:
Fine but until I get that one orange complicated Alps switch fixed on my new (old) favorite Wang 724 I'm not gonna refrain from enjoying it. Slighty faulty or not! This beauty from webwit btw:
http://deskthority.net/photos-f62/wang- ... t7672.html
http://deskthority.net/photos-f62/wang- ... t7672.html
Last edited by seebart on 15 Oct 2015, 21:51, edited 1 time in total.
-
HAL
- Location: Vienna, Austria
- Main keyboard: IBM Model F (Unsaver)
- Main mouse: Logitech MX Laser / MX 518
- Favorite switch: Buckling Spring
- DT Pro Member: 0025
- Contact:
... and of course like everyone else - I keep the KeePass passphrase on a yellow post-it attached to the back of my keyboard. Totaly secure even if some one picks up the keyboard they won't see it immediatley
-
flabbergast
- Location: Southampton, UK
- DT Pro Member: 0120
- Contact:
With keepass: First, you sync the database somewhere online. Second, set up something like this so that you can access the database from a browser in emergencies.chzel wrote: ↑Password manager apps are nice and all, but what happens when you need to log in from a different PC?
I've been using LastPass, because back when I signed up with them there wasn't a good open source solution like the above (I mean keepass was there, but there wasn't a good way to access the passwords online in emergencies. Also browser integration was spotty. Yea, I know, excuses, excuses... I'm just plain lazy.) Gotta switch to keepass now.
-
Muirium
- µ
- Location: Edinburgh, Scotland
- Main keyboard: HHKB Type-S with Bluetooth by Hasu
- Main mouse: Apple Magic Mouse
- Favorite switch: Gotta Try 'Em All
- DT Pro Member: µ
Am I really alone in knowing most of my 30+ character long passwords off by heart? I don't even need to type them much, because of sync, but I make full use of the chance to define them for myself. The trick is to make them memorable sentences, with a few fancy characters thrown in just to shake off any chance of a dictionary attack.
Seeing someone's growing surprise, then awe, when they watch me rattle my way through a password that long on one of my loud keyboards: well worth it!
@Seebart: Interesting board. That HUGE key where Delete and Insert usually live! I can excuse a single dodgy switch much more easily than a keyboard with unpredictable errors. But it really does depend on the switch. If it's away from the 60% and arrow blocks, it's hardly a problem. But if not, grr!
Seeing someone's growing surprise, then awe, when they watch me rattle my way through a password that long on one of my loud keyboards: well worth it!
@Seebart: Interesting board. That HUGE key where Delete and Insert usually live! I can excuse a single dodgy switch much more easily than a keyboard with unpredictable errors. But it really does depend on the switch. If it's away from the 60% and arrow blocks, it's hardly a problem. But if not, grr!
-
flabbergast
- Location: Southampton, UK
- DT Pro Member: 0120
- Contact:
I do remember a few long passwords (obligatory xkcd), but I'm having the problem from time to time that there is an *upper* limit on the password length built in (e.g. at my work it's 15 characters, so every 6 months I have to come up with a novel way of cutting down my long passwords).
-
Muirium
- µ
- Location: Edinburgh, Scotland
- Main keyboard: HHKB Type-S with Bluetooth by Hasu
- Main mouse: Apple Magic Mouse
- Favorite switch: Gotta Try 'Em All
- DT Pro Member: µ
Upper limits on password length… in this day and age!? Ugh. I remember when Hotmail came clean about ignoring everything after the first 16 characters, and was rightly ridiculed for it.
There's no good excuse for any limit on password length. They're hashed, and salted, rather than stored as plaintext nowadays. And entropy isn't the insurmountable defence it used to be. Length is good! Don't let anyone tell you otherwise…
There's no good excuse for any limit on password length. They're hashed, and salted, rather than stored as plaintext nowadays. And entropy isn't the insurmountable defence it used to be. Length is good! Don't let anyone tell you otherwise…
-
andrewjoy
- Location: UK
- Main keyboard: Filco ZERO green alps, Model F 122 Terminal
- Main mouse: Ducky Secret / Roller Mouse Pro 1
- Favorite switch: MX Mount Topre / Model F Buckling
- DT Pro Member: 0167
Good job Microsoft good job. Active Directory has password rules but it does not force you to change old ones imported from older versions of AD, you can just sit there with you 15 year old password.
Apple server is not so good as well , you can set minimum length rules but you cannot force it to have stronger strength rules.
Apple server is not so good as well , you can set minimum length rules but you cannot force it to have stronger strength rules.