The New Password Rules Are Stupid - Page 3 - LotusTalk - The Lotus Cars Community
 30Likes
Reply
 
LinkBack Thread Tools Display Modes
post #41 of 47 (permalink) Old 06-29-2016, 02:16 PM
Registered User
 
XHILR8N!'s Avatar
 
Join Date: Dec 2006
Location: 2 laps down
Posts: 6,691
Garage
So I just read the Security and Databreach Notification. I do seem to understand VScopes thinking a bit better, maybe.

Seems that the horse got out the gate so if we have a better gate (for now) then the people who have the horse now won't, well, won't what?

How in heck will changing the site passwords now will affect anything about the passwords etc that have become more public? Isn't this just a distraction to make it look like something is being done?

Seems to me this could have all been handled by them just simply saying:

"Well gee we lost your password so if you are using it for an important site you ought to consider changing that password on that site"

Anyone can make something complicated. It takes genius to make it simple. Einstein.
2011 Evora S Racing Heritage Edition (#3 of 4) (Now with alexsharkeyross)
2005 Elise LRG, Trim Shop interior, full cage, Cup wheels, BWR 'charger lives!
1974 Lotus Europa Special 3841R in JPS livery
2007 Toyota Tundra (about 10 cup holders), traded for 2015 Tundra TRD PRO
2007 Audi S4 DTM (RIP) 1980 Rover SD1 (new home) 2015 Honda Civic Si
2016 370Z Nismo
2013 Bentley Continental GT Speed
XHILR8N! is offline  
Sponsored Links
Advertisement
 
post #42 of 47 (permalink) Old 06-29-2016, 05:18 PM
Registered User
 
CALtd's Avatar
 
Join Date: Feb 2005
Location: San Luis Obispo, CA
Posts: 1,248
Quote:
Originally Posted by XHILR8N! View Post
So I just read the Security and Databreach Notification. I do seem to understand VScopes thinking a bit better, maybe.

Seems that the horse got out the gate so if we have a better gate (for now) then the people who have the horse now won't, well, won't what?

How in heck will changing the site passwords now will affect anything about the passwords etc that have become more public? Isn't this just a distraction to make it look like something is being done?

Seems to me this could have all been handled by them just simply saying:

"Well gee we lost your password so if you are using it for an important site you ought to consider changing that password on that site"
Well, you got the gist of what the problem is. Most people reuse usernames, Email addresses, and passwords. The DB gave them them 2 paired in clear text. The 3rd is less than securely encrypted with MD5 (or equivalent). Set a bot army out guessing against the obtained passwords and once you've made a few matches you have the seed and key. Now all passwords are decrypted because some few had easy guesses. Next attack everywhere else the username or Email address matches, but this time only go after sites that will yield.

This is not a one person attack but assumption that sports car owners also have assets is not a bad plan.
CALtd is offline  
post #43 of 47 (permalink) Old 06-29-2016, 08:08 PM
The Enforcer
 
oldmansan's Avatar
 
Join Date: Mar 2011
Location: Los Alamitos, CA
Posts: 5,942
Obviously few here have worked on classified systems and/or security positions.

San
Coyne and AG Jeff like this.

#8 Metric Allen Key, Plastic Carpet Buttons
oldmansan is offline  
 
post #44 of 47 (permalink) Old 06-29-2016, 08:49 PM
Registered User
 
Join Date: Jan 2014
Posts: 1,952
What's interesting about passwords, is if they just made it 4 separate words, it would have ridiculously higher encryption, and would be easier to remember.

Remember . Your . Password . Wanker
Coyne is offline  
post #45 of 47 (permalink) Old 06-29-2016, 09:05 PM
Registered User
 
Lancia's Avatar
 
Join Date: Dec 2006
Posts: 2,376
The unibomber's by the book encryption stalled the nsa supercomputers for months.

Nothing exotic or new, just good practice.
Lancia is offline  
post #46 of 47 (permalink) Old 07-12-2016, 07:41 AM
Registered User
 
Join Date: Nov 2015
Location: massachusetts
Posts: 1,830
Took them a while but the admins emailed me a password reset form yesterday, so I have my account back.

I was going crazy thinking I maybe started another free email acct that I forgot about
AG Jeff likes this.
exigegus is online now  
post #47 of 47 (permalink) Old 07-12-2016, 08:41 AM
Licensed Driver
 
AG Jeff's Avatar
 
Join Date: Sep 2015
Location: Chicago
Posts: 74
Garage
Heya guys,

I know the new rules seem extreme but it is not that big of a deal if you use Chrome Password manager.

I use it for hundreds of log ins with no issues.

Jeff M

Jeff
Community Manager
AutoGuide.com

If you need admin assistance please post here:
https://www.lotustalk.com/forums/f24/
AG Jeff is offline  
Sponsored Links
Advertisement
 
Reply

  LotusTalk - The Lotus Cars Community > Community > Lotus Talk Forum Feedback and Site Issues

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the LotusTalk - The Lotus Cars Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in











Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome