Passwords

Since Freenode has been compromised my nickserv password might be too. Unless they had the good sense to hash the passwords, which isn’t common.

So after checking my 121 line long vim encrypted “accounts” file, I noticed that this particular weak password is used in 17 other systems. Woops.

You know what be good? Web standards in regards to user accounts. Now I have to fiddle with umpteen annoyingly different systems to change my password. Pain and suffering. It would be far better is I could do this task with a CLI tool or some handy trusted Web application that would implement such a standard.

Though would such a standard make it easier for “crackers” to script attacks to change your password and really screw you over?

Actually after thinking about it, the best option would just be to reset the password via email. Though that process can be sniffed… If the cracker tried to change your email address too, the user management system should send you an email to the old address to confirm the change. If the user management system had any doubt, it should just send you email a link to proceed.

Btw, I’ve made the move to the OFTC IRC network. I also found lilo‘s “money badgering” a bit too annoying.

Found any of my content useful?