Home |
Search |
Today's Posts |
|
Home Repair (alt.home.repair) For all homeowners and DIYers with many experienced tradesmen. Solve your toughest home fix-it problems. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
#1
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a record of that. |
#2
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. How difficult is it change passwords? I routinely change mine every six months or so. Just change it and move on. |
#3
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused
wrote: On 9/25/2016 10:34 AM, Taxed and Spent wrote: It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. How difficult is it change passwords? I routinely change mine every six months or so. Just change it and move on. The problem might be, if you do not know your password (it is stored on the PC) you can't change it. |
#5
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 12:14 PM, Unquestionably Confused wrote:
How difficult is it change passwords? I routinely change mine every six months or so. Just change it and move on. Why? If it has been working, what makes it more vulnerable with time? What makes a new password more secure than an old one? Maybe the new one is easier to crack. Given the number of web sites I use it would be an all day job to change them all. |
#6
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
|
#7
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. Simple answer: just change it now. |
#8
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On Sun, 25 Sep 2016 12:51:44 -0400, burfordTjustice
wrote: On Sun, 25 Sep 2016 12:47:12 -0400 wrote: On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused wrote: On 9/25/2016 10:34 AM, Taxed and Spent wrote: It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. How difficult is it change passwords? I routinely change mine every six months or so. Just change it and move on. The problem might be, if you do not know your password (it is stored on the PC) you can't change it. http://www.lostpassword.com/asterisk.htm In my case I don't even have my Yahoo password anywhere. I only use it for one Yahoo group and I just answer the Emailed post. I never actually log in. I have tried recovering the PW but none of my answers match what I wrote 17 years ago when I set up the account. |
#9
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
"Ed Pawlowski" wrote
| How difficult is it change passwords? I routinely change mine every six | months or so. Just change it and move on. | | | Why? If it has been working, what makes it more vulnerable with time? Did you read about the news? It's a dramatically clear answer to your question. Yahoo was hacked a couple of years ago. Chinese hackers might be scanning your email now, waiting for something like a credit card number or bank account info, or enough personal info to spoof your identity. The passwords might have been sold. The data was stolen by breaking into Yahoo and stealing their member/password list, not by hacking passwords. If you changed your password periodically you would have been protected for most of the last two years. |
#10
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 11:59 AM, Ed Pawlowski wrote:
On 9/25/2016 12:14 PM, Unquestionably Confused wrote: How difficult is it change passwords? I routinely change mine every six months or so. Just change it and move on. Why? If it has been working, what makes it more vulnerable with time? What makes a new password more secure than an old one? Maybe the new one is easier to crack. Given the number of web sites I use it would be an all day job to change them all. Think about it, Ed. time has nothing to do with it really. There was a breach and the password you may have thought to be secure has been leaked. If your current password is "jTR653ew$*LvfddseZ+" that is a pretty secure password. However, if there is a data breach on Thursday and that password and your email account/Yahoo account user name is leaked, it's worthless. If you change it to "jghfgfd$#cds@--:Y" the day after the breach (before some hacking AH changes your old one and locks you out) you are now secure again. (until the next breach) |
#11
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
"Unquestionably Confused" wrote
| If your current password is "jTR653ew$*LvfddseZ+" that is a pretty | secure password. I read an interesting article awhile back saying that one of the best ways to make a password is to just join 4 words. Cracking algorythms necessarily look for patterns. Four words is very memorable to humans, but not a pattern mathematically. For instance: breadtarmacskatesblot More memorable, yet still seemingly random, things could be invented that mean something only to the inventor. For instance: ruthdoilyxmasbarnard For your aunt Ruth who like doilies and invites the family every Christmas to her house in Barnard. It's memorable to you but for a computer it's just 20 random characters. |
#12
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On Sun, 25 Sep 2016 13:10:52 -0400, "Mayayana"
wrote: "Ed Pawlowski" wrote | How difficult is it change passwords? I routinely change mine every six | months or so. Just change it and move on. | | | Why? If it has been working, what makes it more vulnerable with time? Did you read about the news? It's a dramatically clear answer to your question. Yahoo was hacked a couple of years ago. Chinese hackers might be scanning your email now, waiting for something like a credit card number or bank account info, or enough personal info to spoof your identity. The passwords might have been sold. The data was stolen by breaking into Yahoo and stealing their member/password list, not by hacking passwords. If you changed your password periodically you would have been protected for most of the last two years. If they look at my Yahoo account, they are just going to see the spam in accumulated over the last 17 years because I never used it I would appreciate them sending me the password tho ;-) |
#13
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
|
#14
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
Ed Pawlowski explained on 9/25/2016 :
On 9/25/2016 12:14 PM, Unquestionably Confused wrote: How difficult is it change passwords? I routinely change mine every six months or so. Just change it and move on. Why? If it has been working, what makes it more vulnerable with time? What makes a new password more secure than an old one? Maybe the new one is easier to crack. Given the number of web sites I use it would be an all day job to change them all. Given the exhaustive search or dictionary attack scenario, changing the password would make the already tried and failed passwords viable again, so the attacker would have to start over again. |
#15
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 12:25 PM, Mayayana wrote:
"Unquestionably Confused" wrote | If your current password is "jTR653ew$*LvfddseZ+" that is a pretty | secure password. I read an interesting article awhile back saying that one of the best ways to make a password is to just join 4 words. Cracking algorythms necessarily look for patterns. Four words is very memorable to humans, but not a pattern mathematically. For instance: breadtarmacskatesblot More memorable, yet still seemingly random, things could be invented that mean something only to the inventor. For instance: ruthdoilyxmasbarnard For your aunt Ruth who like doilies and invites the family every Christmas to her house in Barnard. It's memorable to you but for a computer it's just 20 random characters. Run those through any password strength meter of your choice and you'll find that they are woefully inadequate |
#16
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
"Unquestionably Confused" wrote
| Run those through any password strength meter of your choice and you'll | find that they are woefully inadequate | No link. No explanation. Did you have a reason to say that other than impluse or personal instinct? Here's the source: http://www.baekdal.com/insights/pass...rity-usability http://www.baekdal.com/insights/the-...-passwords-faq You can *seem* to make more obscure passwords by adding *, !, etc. And you could add those to the 4 words. The author of the articles linked also uses spaces between words. You could also capitalize some characters. But as long as the password cracker assumes those characters are possibilities it will test for them, so they're no more unique than "a". Menawhile, you have a 20-character password that you can remember. |
#17
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 1:35 PM, FromTheRafters wrote:
Given the exhaustive search or dictionary attack scenario, changing the password would make the already tried and failed passwords viable again, so the attacker would have to start over again. And your "new" password may be the next one tried and thus cracked. Not so sure it improves the odds. |
#18
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 1:31 PM, Bod wrote:
Why not save all of your contacts and delete your present Yahoo email account, then reinstal with a new email name, then send 1 bulk email to your contacts telling them the new account name. That would work for your contacts. What about the other 50 accounts you have for banks, credit cards, auto service, utilities, insurance, and on and on? |
#19
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 25/09/2016 19:29, Ed Pawlowski wrote:
On 9/25/2016 1:31 PM, Bod wrote: Why not save all of your contacts and delete your present Yahoo email account, then reinstal with a new email name, then send 1 bulk email to your contacts telling them the new account name. That would work for your contacts. What about the other 50 accounts you have for banks, credit cards, auto service, utilities, insurance, and on and on? Assuming that you know the passwords for them all, surely it is worth that effort for your own security and peace of mind? |
#20
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 25/09/2016 19:31, Bod wrote:
On 25/09/2016 19:29, Ed Pawlowski wrote: On 9/25/2016 1:31 PM, Bod wrote: Why not save all of your contacts and delete your present Yahoo email account, then reinstal with a new email name, then send 1 bulk email to your contacts telling them the new account name. That would work for your contacts. What about the other 50 accounts you have for banks, credit cards, auto service, utilities, insurance, and on and on? Assuming that you know the passwords for them all, surely it is worth that effort for your own security and peace of mind? Forgot to add; create individual passwords for each of em. Just write them down and keep in a safe place. |
#21
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
Ed Pawlowski wrote on 9/25/2016 :
On 9/25/2016 1:35 PM, FromTheRafters wrote: Given the exhaustive search or dictionary attack scenario, changing the password would make the already tried and failed passwords viable again, so the attacker would have to start over again. And your "new" password may be the next one tried and thus cracked. Not so sure it improves the odds. Sure, but the idea behind exhaustive search is not the same as behind random tries, it reduces the effective keyspace after each try. If the entire keyspace can be searched in a year, the average time to break is six months. If you change the password every three months they may never hit the mark. This definitely does improve your odds. |
#22
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On Sun, 25 Sep 2016 19:31:19 +0100, Bod wrote:
On 25/09/2016 19:29, Ed Pawlowski wrote: On 9/25/2016 1:31 PM, Bod wrote: Why not save all of your contacts and delete your present Yahoo email account, then reinstal with a new email name, then send 1 bulk email to your contacts telling them the new account name. That would work for your contacts. What about the other 50 accounts you have for banks, credit cards, auto service, utilities, insurance, and on and on? Assuming that you know the passwords for them all, surely it is worth that effort for your own security and peace of mind? Changing email address is like moving house, it's virtually impossible. You always forget a lot of important things. -- I couldn't repair your brakes, so I made your horn louder. |
#23
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote: It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. Simple answer: just change it now. That is a simpleton answer. Is there anybody who can answer the question I raised? |
#24
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On Sun, 25 Sep 2016 14:29:01 -0400, Ed Pawlowski wrote:
On 9/25/2016 1:31 PM, Bod wrote: Why not save all of your contacts and delete your present Yahoo email account, then reinstal with a new email name, then send 1 bulk email to your contacts telling them the new account name. That would work for your contacts. What about the other 50 accounts you have for banks, credit cards, auto service, utilities, insurance, and on and on? Hmmmmm, I dont use email for ANY of the things you mentioned. Then again I dont do online banking, or use my *REAL* credit cards online. (I get those disposible pre-paid cards for online shopping). For the cost of a few postage stamps, I'd rather send a check to pay my bills, rather than risk online identity theft. And I can also use my phone to pay some bills, for example, I can use a thing where I phone one of my utilities and they will accept payment from my checking account without an actual paper check, and no credit card required. I only use email to chit-chat with friends and relatives, and occasionally contact a business to ask a question about their products. So if someone wants to hack into my email, I hope they enjoy reading about my latest home or car repairs, my findings at rummage sales, my pets, and my bitching about the weather. |
#25
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
"Taxed and Spent" wrote
| Simple answer: just change it now. | | That is a simpleton answer. | | Is there anybody who can answer the question I raised? It's a simple answer for a dumb question. If you don't know when you last changed your password then who would? If you think Yahoo does then ask them. What other possibilities are there? Or you could just change your password now. You might also want to consider getting real email (from your ISP, a paid account, or your own domain) and not using Yahoo or other freebie webmail. |
#26
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 1:24 PM, Mayayana wrote:
"Unquestionably Confused" wrote | Run those through any password strength meter of your choice and you'll | find that they are woefully inadequate | No link. No explanation. Did you have a reason to say that other than impluse or personal instinct? Here's the source: http://www.baekdal.com/insights/pass...rity-usability http://www.baekdal.com/insights/the-...-passwords-faq You can *seem* to make more obscure passwords by adding *, !, etc. And you could add those to the 4 words. The author of the articles linked also uses spaces between words. You could also capitalize some characters. But as long as the password cracker assumes those characters are possibilities it will test for them, so they're no more unique than "a". Menawhile, you have a 20-character password that you can remember. I don't doubt that somebody wrote that about passwords, but I don't buy it and I don't take it as gospel just because somebody did. I also didn't include a link to password checker simply because my suggestion was that you run it through any one that you might choose - and there are plenty. Here's a couple, so go ahead and give it a try. If you find that these don't support your position, go ahead and find some more and try them. Good luck. http://www.passwordmeter.com/ https://howsecureismypassword.net/ Depending upon which one you use - actually, make that REGARDLESS of which checker you use - you'll find that simply adding a space between the words of your pass phrase will dramatically increase the difficulty of solving. Then, so long as you're out there trying, try running something like FU2&es&dye! and see what happens. Or, one of my favorites, something like "Hgb^7*?/,dPoo" (with or without the quotation marks, tho if you use the quotes the time frame runs into the trillions of yearsg) I use a pass phrase similar to what you suggest (but including some clinkers to increase difficulty) as a Master Password for my password manager. Trust me when I say that no matter how I check it, my Master PW will withstand a couple of billion years of hammering with a computer and the individual passwords for financial accounts and the like will withstand trillions. I feel that's adequate as I doubt that I'll be around much more than 15 or 20 years if I'm really luckyg |
#27
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 4:49 PM, Taxed and Spent wrote:
On 9/25/2016 10:06 AM, Bod wrote: On 25/09/2016 16:34, Taxed and Spent wrote: It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. Simple answer: just change it now. That is a simpleton answer. Is there anybody who can answer the question I raised? To quote Queen Hillary, "What difference does it make [when you last changed your password (in this context)]?" There is no penalty for changing your password "too often," the only risk is not changing it often enough and being sloppy with creating it and storing it. You don't need it to change it with Yahoo. We can explain it to you but we can't understand it for you.g |
#28
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On Sun, 25 Sep 2016 23:09:40 +0100, wrote:
On Sun, 25 Sep 2016 14:29:01 -0400, Ed Pawlowski wrote: On 9/25/2016 1:31 PM, Bod wrote: Why not save all of your contacts and delete your present Yahoo email account, then reinstal with a new email name, then send 1 bulk email to your contacts telling them the new account name. That would work for your contacts. What about the other 50 accounts you have for banks, credit cards, auto service, utilities, insurance, and on and on? Hmmmmm, I dont use email for ANY of the things you mentioned. Then again I dont do online banking, or use my *REAL* credit cards online. (I get those disposible pre-paid cards for online shopping). For the cost of a few postage stamps, I'd rather send a check to pay my bills, rather than risk online identity theft. And I can also use my phone to pay some bills, for example, I can use a thing where I phone one of my utilities and they will accept payment from my checking account without an actual paper check, and no credit card required. You worry too much. I only use email to chit-chat with friends and relatives, and occasionally contact a business to ask a question about their products. So if someone wants to hack into my email, I hope they enjoy reading about my latest home or car repairs, my findings at rummage sales, my pets, and my bitching about the weather. If you use real email instead of an online version, you don't get hacked. -- In the 60's people took acid to make the world weird. Now the world is weird, people take prozac to make it normal. |
#29
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On Sun, 25 Sep 2016 23:37:36 +0100, Unquestionably Confused wrote:
On 9/25/2016 4:49 PM, Taxed and Spent wrote: On 9/25/2016 10:06 AM, Bod wrote: On 25/09/2016 16:34, Taxed and Spent wrote: It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. Simple answer: just change it now. That is a simpleton answer. Is there anybody who can answer the question I raised? To quote Queen Hillary, "What difference does it make [when you last changed your password (in this context)]?" There is no penalty for changing your password "too often," the only risk is not changing it often enough and being sloppy with creating it and storing it. You don't need it to change it with Yahoo. We can explain it to you but we can't understand it for you.g The penalty is forgetting it. -- Do infants have as much fun in their infancy as adults do in adultery? |
#30
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 10:35 AM, FromTheRafters wrote:
Given the exhaustive search or dictionary attack scenario, changing the password would make the already tried and failed passwords viable again, so the attacker would have to start over again. I use Yahoo's Two-step verification. It makes a dictionary attack useless on a strange machine. |
#31
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 11:24 AM, Mayayana wrote:
You can *seem* to make more obscure passwords by adding *, !, etc. And you could add those to the 4 words. I use Yahoo's Two-step verification. Even if the perp knows my simple password he won't be able to bring up my account on a strange machine. |
#32
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
AL submitted this idea :
On 9/25/2016 10:35 AM, FromTheRafters wrote: Given the exhaustive search or dictionary attack scenario, changing the password would make the already tried and failed passwords viable again, so the attacker would have to start over again. I use Yahoo's Two-step verification. It makes a dictionary attack useless on a strange machine. If they hacked the server, all they would likely have to do is exhaust the hash's keyspace no matter how many parts were involved in the hash's creation. They've had two years in this case, but it could have been worse. |
#33
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
Taxed and Spent presented the following explanation :
On 9/25/2016 10:06 AM, Bod wrote: On 25/09/2016 16:34, Taxed and Spent wrote: It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. Simple answer: just change it now. That is a simpleton answer. Is there anybody who can answer the question I raised? Probably someone at Yahoo! can answer that, but only if there is some record keeping of that sort of thing on their end. |
#34
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On Mon, 26 Sep 2016 01:01:23 +0100, FromTheRafters wrote:
Taxed and Spent presented the following explanation : On 9/25/2016 10:06 AM, Bod wrote: On 25/09/2016 16:34, Taxed and Spent wrote: It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. Simple answer: just change it now. That is a simpleton answer. Is there anybody who can answer the question I raised? Probably someone at Yahoo! can answer that, but only if there is some record keeping of that sort of thing on their end. I doubt a cheap **** free webmail service would bother answering your question. Have you never heard of POP3? -- ADULT: A person who has stopped growing at both ends and is now growing in the middle. |
#35
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
"Unquestionably Confused" wrote
| I also didn't include a link to password checker simply because my | suggestion was that you run it through any one that you might choose - | and there are plenty. | | Here's a couple, so go ahead and give it a try. If you find that these | don't support your position, go ahead and find some more and try them. | Good luck. | I did. If you'd bothered to check yourself you would have found that a 20 character password is considered very strong, no matter what the characters. Such password checkers are of little value for anything other than learning basic rules. They're just simple scripts that assign points based on unusual characters, length of password, etc. An OSS example that can be downloaded is he http://rumkin.com/tools/password/passchk.php If you try that you'll find that anything over about 12-13 characters is rated strong, even if it's just 13 lower case alphabetic characters. As I noted before, it's been a long time since unusual characters were worth much. Many places now require upper and lower case, at least one number, and at least one unusual character. So any worthwhile cracker has already increased its check from 62 alphanumeric characters to include a dozen or so more. Those other characters, like #1, may look exotic, but all characters are just numeric byte values. |
#36
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
"AL" wrote
| I use Yahoo's Two-step verification. Even if the perp knows my simple | password he won't be able to bring up my account on a strange machine. | Isn't that for when you change your password? I assume you don't answer a security question every time you log on. The issue here is that passwords were stolen and Yahoo didn't know or didn't tell people. So the thieves could have been logging into any Yahoo account over the past two years without being noticed. |
#37
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
James Wilkinson formulated on Sunday :
On Mon, 26 Sep 2016 01:01:23 +0100, FromTheRafters wrote: Taxed and Spent presented the following explanation : On 9/25/2016 10:06 AM, Bod wrote: On 25/09/2016 16:34, Taxed and Spent wrote: It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. Simple answer: just change it now. That is a simpleton answer. Is there anybody who can answer the question I raised? Probably someone at Yahoo! can answer that, but only if there is some record keeping of that sort of thing on their end. I doubt a cheap **** free webmail service would bother answering your question. Have you never heard of POP3? What question? |
#38
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 5:07 PM, James Wilkinson wrote:
On Mon, 26 Sep 2016 01:01:23 +0100, FromTheRafters wrote: Taxed and Spent presented the following explanation : On 9/25/2016 10:06 AM, Bod wrote: On 25/09/2016 16:34, Taxed and Spent wrote: It says you should change your password if you have not done so since 2014. How can I tell when my password was last changed? I don't keep a record of that. Simple answer: just change it now. That is a simpleton answer. Is there anybody who can answer the question I raised? Probably someone at Yahoo! can answer that, but only if there is some record keeping of that sort of thing on their end. I doubt a cheap **** free webmail service would bother answering your question. Have you never heard of POP3? I can access a Yahoo account via POP3. Can't figure it out? |
#39
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
On 9/25/2016 5:25 PM, Mayayana wrote:
"AL" wrote | I use Yahoo's Two-step verification. Even if the perp knows my simple | password he won't be able to bring up my account on a strange machine. | Isn't that for when you change your password? No. It has nothing to do with changing the password. When I log into Yahoo from a strange (unknown to Yahoo) computer, Yahoo verifies it's me by texting me a code on my cell phone. When I enter that code on the strange machine it becomes a known machine and from that point on there is no more Two-step verification necessary to access my account on *that particular computer*. Anyone trying to log in to my account from a strange computer will be unsuccessful even if they know my password because they don't have my cell phone for the verification code. I assume you don't answer a security question every time you log on. Correct. The issue here is that passwords were stolen and Yahoo didn't know or didn't tell people. I agree that's bad. But the issue here is also how to protect yourself now. I suggest activating Two-step verification. So the thieves could have been logging into any Yahoo account over the past two years without being noticed. With Two-step verification I would notice an *attempt* to log on to my account because I would get an unasked for text code. |
#40
Posted to alt.home.repair
|
|||
|
|||
OT Yahoo breach
"Mayayana"
Sun, 25 Sep 2016 17:25:50 GMT in alt.home.repair, wrote: "Unquestionably Confused" wrote | If your current password is "jTR653ew$*LvfddseZ+" that is a pretty | secure password. I read an interesting article awhile back saying that one of the best ways to make a password is to just join 4 words. Cracking algorythms necessarily look for patterns. Four words is very memorable to humans, but not a pattern mathematically. For instance: breadtarmacskatesblot You might want to re-read the article. You seem a bit confused on what cracking algorithms can/can't do here. More memorable, yet still seemingly random, things could be invented that mean something only to the inventor. For instance: ruthdoilyxmasbarnard That's only going to semi protect you against a basic dictionary attack, a brute force one is going to get it once it reaches that amount of characters. Just a matter of time. Cracking 'algorithms' vary you see. simple Dictionary only attacks aren't very effective against such passwords, but the one you used for an example is ripe for a Brute force attack. The only thing that would save you in this case is the amount of times yahoo will let you get it wrong before it temp disables the account, etc. For your aunt Ruth who like doilies and invites the family every Christmas to her house in Barnard. It's memorable to you but for a computer it's just 20 random characters. See above. your example is only a-z and nothing else; 20 characters long. IE: NOT secure. -- MID: Hmmm. I most certainly don't understand how I can access a copy of a zip file but then not be able to unzip it so I can watch it. That seems VERY clever! http://al.howardknight.net/msgid.cgi?ID=145716711400 |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Breach of planning/building regs | UK diy | |||
Breach or Debate | Metalworking | |||
O2 mobile number breach | UK diy | |||
Ayhnum's Christmas Magnum repair the breach | Home Repair | |||
ChoicePoint personal data breach | Home Ownership |