deskthority

Yahoo plans to eliminate passwords, starting next month
http://www.reuters.com/article/2015/10/ ... M220151015

I have nothing against 2 step verification but this is a stupid idea.

Is it just by text ? If so you know that's open and almost trivial to spoof.

If its an authenticator RSA style app with a pre shared key that's 100% fine , but you still need a password as well what if you have to reinstall the app or update your phone ? Sure you can get the alternative email and phone but that's open to exploitation, especially as we know people use the same login for everything.

No offence to anyone who uses it but i have never seen a competent computer user who uses yahoo, possibly its just me who used to work in a public library and dealt with people who cannot even spell there own name and spell YouTube starting with a u.

I know this is a little off topic but I am sick and tired of having to remember well over 10 "good" passwords for my daily computing life. I won't use any "one password for all" type software either.

What do you have against such software ? They are heavily encrypted and you can unlock them with a hash on a USB stick or one super password. You can even set them up to have super complex passwords for everything , you don't even need to know what the password is.

I use KeePass. I worked for a financial firm in New York that thought this was secure enough for their needs. We kept passwords to production systems in KeePass.

It's a nice way for Yahoo to collect phone numbers of its users, which is valuable data.

andrewjoy wrote: What do you have against such software ? They are heavily encrypted and you can unlock them with a hash on a USB stick or one super password. You can even set them up to have super complex passwords for everything , you don't even need to know what the password is.

Recomend me one and I'll try it Andrew! Yeah I think I've seen KeePass before.I guess I can give it a shot.

KeePass is one. http://keepass.info/

XMIT wrote: I use KeePass. I worked for a financial firm in New York that thought this was secure enough for their needs. We kept passwords to production systems in KeePass.

yeah i use that too. There is a chrome extension that can do it too but i am not sure i trust Google, chromium yes Google not so much. Not to mention that i use safari on mac for most things , i still have chrome as neflix wont work in safari it tells me i dont have one of them stupid compliant displays where as chrome does not give 2 shits.

Fine I'll try it.

i think i use keypassx but its fully compatible with the keypass 1.x stable branch

As for builds of the Chromium browser, I've been pleased with SRware Iron.

http://surf.suckless.org/ windows build please !

andrewjoy wrote: No offence to anyone who uses it but i have never seen a competent computer user who uses yahoo, possibly its just me who used to work in a public library and dealt with people who cannot even spell there own name and spell YouTube starting with a u.

Yeah, who would ever be caught dead using incorrect spelling at a computer?

Anyway, I'm one of those despicable rubes who trusts Apple, via iCloud Keychain Sync, to store all my passwords and sync them between my computers and phone. Works perfectly well for me. But I'm sure I'm due almighty punishment in some imaginary scenario. As are we all…

I'm more fan of Password Safe whose format has been pretty stable for the last few years.

Password manager apps are nice and all, but what happens when you need to log in from a different PC?

chzel wrote: Password manager apps are nice and all, but what happens when you need to log in from a different PC?

That's why I like KeePass. I use it on Windows, Mac, Linux, and Android. I move the encrypted password file around and decrypt as needed with a passphrase.

chzel wrote: Password manager apps are nice and all, but what happens when you need to log in from a different PC?

Supposedly you could use one of these: https://www.yubico.com/product/password-safe-bundle/

Muirium wrote: Yeah, who would ever be caught dead using incorrect spelling at a computer?

Oh shush, yes poor grammar and a few incorrect words , but at least i get my name right .

I got typos in almost every one of my posts, that's why I need to edit so much. And on top of that some of those ancient keyboards I use don't work 100% all the time.

What! If there's something I can't stand, even in a vintage mech — no, especially in a vintage mech! — it's faulty keys. I make quite enough mistakes (rewriting my own sentences while I'm still typing them) that I demand perfection from my keyboards. Bounce, chatter and ghosting are just the sort of things that got me off shitty modern boards in the first place.

Fine but until I get that one orange complicated Alps switch fixed on my new (old) favorite Wang 724 I'm not gonna refrain from enjoying it. Slighty faulty or not! This beauty from webwit btw:

http://deskthority.net/photos-f62/wang- ... t7672.html

XMIT wrote:

chzel wrote: Password manager apps are nice and all, but what happens when you need to log in from a different PC?

That's why I like KeePass. I use it on Windows, Mac, Linux, and Android. I move the encrypted password file around and decrypt as needed with a passphrase.

... and of course like everyone else - I keep the KeePass passphrase on a yellow post-it attached to the back of my keyboard. Totaly secure even if some one picks up the keyboard they won't see it immediatley

chzel wrote: Password manager apps are nice and all, but what happens when you need to log in from a different PC?

With keepass: First, you sync the database somewhere online. Second, set up something like this so that you can access the database from a browser in emergencies.

I've been using LastPass, because back when I signed up with them there wasn't a good open source solution like the above (I mean keepass was there, but there wasn't a good way to access the passwords online in emergencies. Also browser integration was spotty. Yea, I know, excuses, excuses... I'm just plain lazy.) Gotta switch to keepass now.

Am I really alone in knowing most of my 30+ character long passwords off by heart? I don't even need to type them much, because of sync, but I make full use of the chance to define them for myself. The trick is to make them memorable sentences, with a few fancy characters thrown in just to shake off any chance of a dictionary attack.

Seeing someone's growing surprise, then awe, when they watch me rattle my way through a password that long on one of my loud keyboards: well worth it!


@Seebart: Interesting board. That HUGE key where Delete and Insert usually live! I can excuse a single dodgy switch much more easily than a keyboard with unpredictable errors. But it really does depend on the switch. If it's away from the 60% and arrow blocks, it's hardly a problem. But if not, grr!

I do remember a few long passwords (obligatory xkcd), but I'm having the problem from time to time that there is an *upper* limit on the password length built in (e.g. at my work it's 15 characters, so every 6 months I have to come up with a novel way of cutting down my long passwords).

Upper limits on password length… in this day and age!? Ugh. I remember when Hotmail came clean about ignoring everything after the first 16 characters, and was rightly ridiculed for it.



There's no good excuse for any limit on password length. They're hashed, and salted, rather than stored as plaintext nowadays. And entropy isn't the insurmountable defence it used to be. Length is good! Don't let anyone tell you otherwise…

Good job Microsoft good job. Active Directory has password rules but it does not force you to change old ones imported from older versions of AD, you can just sit there with you 15 year old password.

Apple server is not so good as well , you can set minimum length rules but you cannot force it to have stronger strength rules.

It's quaint that you keep using that OS X Server stuff. You might just be the last guy!

Windows server is just too expensive