Passwords

Since Freenode has been compromised my nickserv password might be too. Unless they had the good sense to hash the passwords, which isn’t common.

So after checking my 121 line long vim encrypted “accounts” file, I noticed that this particular weak password is used in 17 other systems. Woops.

You know what be good? Web standards in regards to user accounts. Now I have to fiddle with umpteen annoyingly different systems to change my password. Pain and suffering. It would be far better is I could do this task with a CLI tool or some handy trusted Web application that would implement such a standard.

Though would such a standard make it easier for “crackers” to script attacks to change your password and really screw you over?

Actually after thinking about it, the best option would just be to reset the password via email. Though that process can be sniffed… If the cracker tried to change your email address too, the user management system should send you an email to the old address to confirm the change. If the user management system had any doubt, it should just send you email a link to proceed.

Btw, I’ve made the move to the OFTC IRC network. I also found lilo‘s “money badgering” a bit too annoying.

Advertisement

If you like this, you might like the stateless Web kiosk software I develop. Webconverger typically replaces Windows on PCs and is deployed in public and business environments for ease of deployment and privacy. Once installed it auto-updates making it painless to maintain. Try it where you exclusively use the only viable open platform... the Web!