Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Seprix]

Making Fun's next project?

https://twitter.com/stelian/status/720913927639560194

That is the best thing I've seen this week.

[Awaclus]

Man, these kinds of "alternative" news sites never fail to amaze me. Like, what the actual shit.

http://beforeitsnews.com/alternative/2016/01/cern-scientists-break-the-speed-of-light-21-jan-2016-3283624.html

This data is from 2011. In 2012, it was proven to be faulty. In 2016, sites like the one linked above are copying and pasting the text from the original Telegraph article as though it was still relevant.

[Kirian]

Making Fun's next project?

https://twitter.com/stelian/status/720913927639560194

That is the best thing I've seen this week.

Oh, the responses are just brilliant.

[Tables]

Man, these kinds of "alternative" news sites never fail to amaze me. Like, what the actual shit.

http://beforeitsnews.com/alternative/2016/01/cern-scientists-break-the-speed-of-light-21-jan-2016-3283624.html

This data is from 2011. In 2012, it was proven to be faulty. In 2016, sites like the one linked above are copying and pasting the text from the original Telegraph article as though it was still relevant.

I'm not clicking on that link and giving them views, but damn, I love the irony in their name.

[Witherweaver]

Man, these kinds of "alternative" news sites never fail to amaze me. Like, what the actual shit.

http://beforeitsnews.com/alternative/2016/01/cern-scientists-break-the-speed-of-light-21-jan-2016-3283624.html

This data is from 2011. In 2012, it was proven to be faulty. In 2016, sites like the one linked above are copying and pasting the text from the original Telegraph article as though it was still relevant.

I'm not clicking on that link and giving them views, but damn, I love the irony in their name.

Obviously, the 2011 data did prove fatser-than-light travel, but we haven't yet realized it.  In the future we will realize it, and use faster-than-light travel to send back information that validates the test.  Before it is news, indeed.

[Tables]

Oh, also everyone, the fourth of May be with you. Happy Star Trek day!

[Kirian]

Oh, also everyone, the fourth of May be with you. Happy Star Trek day!

Live Long and Carry On.

[Witherweaver]

Oh, also everyone, the fourth of May be with you. Happy Star Trek day!

[silverspawn]

That gif is amazing.

[Witherweaver]

So after getting extremely pissed off after not being able to login to my stupid health insurances website and it taking forever to change my password, I decided to catalogue my username and passwords for all the different work-related access sites in a single file, because that surely sounds safe.  This does not include the username and password used to log into my laptop itself (Windows) which is sometimes, and sometimes not, linked to a number of other programs on my computer (e.g., email), which is sometimes, and sometimes not, linked to a Microsoft Office online account.  The nature of the linking is not, as far as I know, deterministic.  I only know I dread the time of the year where we must change OS passwords, because I basically can't do anything.

So far my file looks like this.  Things that are not in parentheses are literal strings in the file.

(pay statement sytem), (username),  (reminder)
(health insurance site), (slightly different name with a random difference to make remembering it impossible), (reminder)
(investment site), (yet a slightly different username), who the fuck knows?
(time tracking site), (very similar, but not the same, username), who the fucdk knows why the fuck do we have so many god damn mother fucking sites with a million different logins and a million different passwords how in the loving fuck are we supposed to remember all of this god fucking damit mother fucker
(site for goals), some random permutation on the 100 different user names, no fucking clue
support portal, ?, ??
support portal external, ? differnet maybe ?, ??
(internal software site for builds), could really be fucking anything, kill me now
FSA, I really don't know,

There are a few more sites that I haven't put in.

This is only for work-related sites and doesn't include stuff like, other emails, Facebook, bank, credit cards, loans, cable, amazon, google, websites like this, things like Dominion online, other online gaming stuff, transit card, various other websites that you need to create an account but you only ever log on three times a year, etc., etc., etc.

[Seprix]

So after getting extremely pissed off after note being able to login to my stupid health insurances website and it taking forever to change my password, I decided to catalogue my username and passwords for all the different work-related access sites in a single file, because that surely sounds safe.  This does not include the username and password used to log into my laptop itself (Windows) which is sometimes, and sometimes not, linked to a number of other programs on my computer (e.g., email), which is sometimes, and sometimes not, linked to a Microsoft Office online account.  The nature of the linking is not, as far as I know, deterministic.  I only know I dread the time of the year where we must change OS passwords, because I basically can't do anything.

So far my file looks like this.  Things that are not in parentheses are literal strings in the file.

(pay statement sytem), (username),  (reminder)
(health insurance site), (slightly different name with a random difference to make remembering it impossible), (reminder)
(investment site), (yet a slightly different username), who the fuck knows?
(time tracking site), (very similar, but not the same, username), who the fucdk knows why the fuck do we have so many god damn mother fucking sites with a million different logins and a million different passwords how in the loving fuck are we supposed to remember all of this god fucking damit mother fucker
(site for goals), some random permutation on the 100 different user names, no fucking clue
support portal, ?, ??
support portal external, ? differnet maybe ?, ??
(internal software site for builds), could really be fucking anything, kill me now
FSA, I really don't know,

There are a few more sites that I haven't put in.

This is only for work-related sites and doesn't include stuff like, other emails, Facebook, bank, credit cards, loans, cable, amazon, google, websites like this, things like Dominion online, other online gaming stuff, transit card, various other websites that you need to create an account but you only ever log on three times a year, etc., etc., etc.

Dude. Save yourself the headache.

https://lastpass.com/generatepassword.php

[Kuildeous]

I'm tempted to use the same password for all sites, but the password is preceded and/or succeeded by words relevant to the website.

For example, the Yahoo password may be Yahoo Horse Stapler Battery Correct Mail, but the Gmail password would be G Horse Stapler Battery Correct Mail. Still hard as fuck to crack but very relevant to me.

And if the connecting part is already hard to crack, then adding "Mail" would not make it any easier.

The downside, of course, is that if someone finds out your password for Gmail is G Horse Stapler Battery Correct Mail, then it's easy to figure out that your Yahoo password is simply replacing G with Yahoo.

So you'd have to mentally encrypt the bookend words in case your password gets stored as plain text somewhere. *shudder*

[Witherweaver]

Dude. Save yourself the headache.

https://lastpass.com/generatepassword.php

I've always had a problem with this logic... "Don't use the same password for everything, because if someone gets access to that password, then they have access to all your accounts.  Instead, keep all your different passwords locked under one single master pasword..."

[Seprix]

I don't use that service, but I know of people who do. The service also changes the passwords regularly and fills them in for you when you enter in the master password, which is only on your own computer, and not on some website server.

[Teproc]

Isn't the safest way to have a bunch different passwords on a physical notepad ? Yeah someone could rob your house but... that's a lot less likely to happen than getting an account pirated, right ?

[singletee]

If you reuse a password across multiple accounts, that password must be sent to those websites and stored in their databases. If best practices are followed, the password will be sent over an encrypted TLS tunnel and only a salted hash will be stored instead of the password itself. Now it's a matter of how much you trust Joe Websiteoperator to do those things in order to keep your password safe. It turns out that Joe is bad at this. Also, Joe might be evil.

If you use a local password manager, the master password never leaves your computer. The only feasible way for someone to get it would be to install a keylogger on your computer, at which point you might as well just consider all your passwords to be compromised anyway.

[Awaclus]

I've always had a problem with this logic... "Don't use the same password for everything, because if someone gets access to that password, then they have access to all your accounts.  Instead, keep all your different passwords locked under one single master pasword..."

As long as the password is physically on your computer and not stored on a server anywhere, it's way safer. Contrary to popular belief, the main security threat regarding your passwords is not that a human being is able to correctly guess it.

[Seprix]

Isn't the safest way to have a bunch different passwords on a physical notepad ? Yeah someone could rob your house but... that's a lot less likely to happen than getting an account pirated, right ?

You could do that too, and it's probably a little tiny bit safer for a lot of extra pain. Seriously, as Awaclus and Singletee has said, the master password is not used on any website at all. It can be entered off on the side on your computer, but it is only used to unencrypt the password system that is also offline, which enters in the correct randomly generated password for the given website. It's all offline.

[Witherweaver]

I've always had a problem with this logic... "Don't use the same password for everything, because if someone gets access to that password, then they have access to all your accounts.  Instead, keep all your different passwords locked under one single master pasword..."

As long as the password is physically on your computer and not stored on a server anywhere, it's way safer. Contrary to popular belief, the main security threat regarding your passwords is not that a human being is able to correctly guess it.

Well, it's an issue if it's a laptop that could potentially get lost/stolen/etc.

[Seprix]

Well, it's an issue if it's a laptop that could potentially get lost/stolen/etc.

Aren't you screwed regardless then?

[Witherweaver]

Well, it's an issue if it's a laptop that could potentially get lost/stolen/etc.

Aren't you screwed regardless then?

In regards to passwords?  Why?  Can you access keystroke history or something?

[pacovf]

My main question is, why do you have so many different usernames? Aren't you choosing them yourself? Why not stick to two or three of them, each one for different sort of activities?

[Awaclus]

Well, it's an issue if it's a laptop that could potentially get lost/stolen/etc.

Don't lose your laptop.

[singletee]

You don't store the master password on disk, that defeats the purpose of encrypting your passwords.

[Witherweaver]

My main question is, why do you have so many different usernames? Aren't you choosing them yourself? Why not stick to two or three of them, each one for different sort of activities?

No, because these kinds of sites are set up by the company.  It's all based off of your name, but in different incantations.  Sometimes it includes email portions, sometimes not.  Sometimes random characters.  It's like slightly different versions of the same base; but remembering which alteration corresponds to which obscure website that you only may check once a month is a near impossibility.  "Okay this is that site that does this one thing, and this is the one that doesn't use my normal handle but instead does this weird thing.  Oh, that didn't work, maybe wrong password.  No, let's try this password.  Okay this one.  No, okay, let's try the different arbitrary modification of username.  No, maybe this password.  Hey I'm locked out!"

Really, the issue is as much (if not more) with usernames than with passwords.