It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.

On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused
wrote:

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.

The problem might be, if you do not know your password (it is stored
on the PC) you can't change it.

On Sun, 25 Sep 2016 12:47:12 -0400
wrote:

On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused
wrote:

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so
since 2014. How can I tell when my password was last changed? I
don't keep a record of that.

How difficult is it change passwords? I routinely change mine every
six months or so. Just change it and move on.

The problem might be, if you do not know your password (it is stored
on the PC) you can't change it.

http://www.lostpassword.com/asterisk.htm

On Sun, 25 Sep 2016 12:51:44 -0400, burfordTjustice
wrote:

On Sun, 25 Sep 2016 12:47:12 -0400
wrote:

On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused
wrote:

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so
since 2014. How can I tell when my password was last changed? I
don't keep a record of that.

How difficult is it change passwords? I routinely change mine every
six months or so. Just change it and move on.

The problem might be, if you do not know your password (it is stored
on the PC) you can't change it.

http://www.lostpassword.com/asterisk.htm

In my case I don't even have my Yahoo password anywhere. I only use it
for one Yahoo group and I just answer the Emailed post. I never
actually log in. I have tried recovering the PW but none of my answers
match what I wrote 17 years ago when I set up the account.

On 9/25/2016 11:47 AM, wrote:
On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused
wrote:

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.

The problem might be, if you do not know your password (it is stored
on the PC) you can't change it.


If that's his problem, perhaps he shouldn't be on the computer. Under
your theory, he has his password stored and doesn't "remember" it.

That's fine. It will still allow him to log on and once logged in,
Yahoo does NOT require the entry of one's password a second time in
order to change passwords. You merely enter your new password, confirm
it and you're done until the next time.

Sun, 25 Sep 2016 16:47:12 GMT in alt.home.repair, wrote:

On Sun, 25 Sep 2016 11:14:00 -0500, Unquestionably Confused
wrote:

On 9/25/2016 10:34 AM, Taxed and Spent wrote:
It says you should change your password if you have not done so
since 2014. How can I tell when my password was last changed?
I don't keep a record of that.

How difficult is it change passwords? I routinely change mine
every six months or so. Just change it and move on.

The problem might be, if you do not know your password (it is
stored on the PC) you can't change it.

Is it stored in an encrypted password manager program or the web
browser for auto login purposes? If the latter, nirsoft utils are
your friend. If the former, you'd have to login to your password
manager to recover the current password so you can change it to
something else...

Oh, one more thing, stop having your web browser store
login/passwords for you, if that's something you do.

As you'll learn by using the utils I mentioned, it's obviously, NOT
secure. Anyone who has access to your computer with a brain (read:
knows how to pull up the passwords using Nirsoft or a variety of
other tools) can recover them, with ease.


--
MID:
Hmmm. I most certainly don't understand how I can access a copy of a
zip file but then not be able to unzip it so I can watch it. That
seems VERY clever!
http://al.howardknight.net/msgid.cgi?ID=145716711400

On 9/25/2016 12:14 PM, Unquestionably Confused wrote:


How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.


Why? If it has been working, what makes it more vulnerable with time?
What makes a new password more secure than an old one? Maybe the new
one is easier to crack.

Given the number of web sites I use it would be an all day job to change
them all.

On 9/25/2016 11:59 AM, Ed Pawlowski wrote:
On 9/25/2016 12:14 PM, Unquestionably Confused wrote:


How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.


Why? If it has been working, what makes it more vulnerable with time?
What makes a new password more secure than an old one? Maybe the new
one is easier to crack.

Given the number of web sites I use it would be an all day job to change
them all.

Think about it, Ed. time has nothing to do with it really. There was a
breach and the password you may have thought to be secure has been leaked.

If your current password is "jTR653ew$*LvfddseZ+" that is a pretty
secure password. However, if there is a data breach on Thursday and
that password and your email account/Yahoo account user name is leaked,
it's worthless. If you change it to "jghfgfd$#cds@--:Y" the day after
the breach (before some hacking AH changes your old one and locks you
out) you are now secure again. (until the next breach)

"Unquestionably Confused" wrote

| If your current password is "jTR653ew$*LvfddseZ+" that is a pretty
| secure password.

I read an interesting article awhile back saying
that one of the best ways to make a password is to
just join 4 words. Cracking algorythms necessarily
look for patterns. Four words is very memorable
to humans, but not a pattern mathematically. For
instance: breadtarmacskatesblot

More memorable, yet still seemingly random,
things could be invented that mean something
only to the inventor. For instance:
ruthdoilyxmasbarnard

For your aunt Ruth who like doilies and invites
the family every Christmas to her house in Barnard.
It's memorable to you but for a computer it's
just 20 random characters.

On 9/25/2016 12:25 PM, Mayayana wrote:
"Unquestionably Confused" wrote

| If your current password is "jTR653ew$*LvfddseZ+" that is a pretty
| secure password.

I read an interesting article awhile back saying
that one of the best ways to make a password is to
just join 4 words. Cracking algorythms necessarily
look for patterns. Four words is very memorable
to humans, but not a pattern mathematically. For
instance: breadtarmacskatesblot

More memorable, yet still seemingly random,
things could be invented that mean something
only to the inventor. For instance:
ruthdoilyxmasbarnard

For your aunt Ruth who like doilies and invites
the family every Christmas to her house in Barnard.
It's memorable to you but for a computer it's
just 20 random characters.




Run those through any password strength meter of your choice and you'll
find that they are woefully inadequate

"Mayayana"
Sun, 25 Sep 2016 17:25:50 GMT in alt.home.repair, wrote:

"Unquestionably Confused" wrote

| If your current password is "jTR653ew$*LvfddseZ+" that is a pretty
| secure password.

I read an interesting article awhile back saying
that one of the best ways to make a password is to
just join 4 words. Cracking algorythms necessarily
look for patterns. Four words is very memorable
to humans, but not a pattern mathematically. For
instance: breadtarmacskatesblot

You might want to re-read the article. You seem a bit confused on
what cracking algorithms can/can't do here.

More memorable, yet still seemingly random,
things could be invented that mean something
only to the inventor. For instance:
ruthdoilyxmasbarnard

That's only going to semi protect you against a basic dictionary
attack, a brute force one is going to get it once it reaches that
amount of characters. Just a matter of time. Cracking 'algorithms'
vary you see. simple Dictionary only attacks aren't very effective
against such passwords, but the one you used for an example is ripe
for a Brute force attack. The only thing that would save you in this
case is the amount of times yahoo will let you get it wrong before it
temp disables the account, etc.

For your aunt Ruth who like doilies and invites
the family every Christmas to her house in Barnard.
It's memorable to you but for a computer it's
just 20 random characters.

See above. your example is only a-z and nothing else; 20 characters
long. IE: NOT secure.


--
MID:
Hmmm. I most certainly don't understand how I can access a copy of a
zip file but then not be able to unzip it so I can watch it. That
seems VERY clever!
http://al.howardknight.net/msgid.cgi?ID=145716711400

"Ed Pawlowski" wrote

| How difficult is it change passwords? I routinely change mine every six
| months or so. Just change it and move on.
|
|
| Why? If it has been working, what makes it more vulnerable with time?

Did you read about the news? It's a dramatically clear
answer to your question. Yahoo was hacked a couple
of years ago. Chinese hackers might be scanning your
email now, waiting for something like a credit card number
or bank account info, or enough personal info to spoof
your identity. The passwords might have been sold.

The data was stolen by breaking into Yahoo and stealing
their member/password list, not by hacking passwords.
If you changed your password periodically you would have
been protected for most of the last two years.

On Sun, 25 Sep 2016 13:10:52 -0400, "Mayayana"
wrote:

"Ed Pawlowski" wrote

| How difficult is it change passwords? I routinely change mine every six
| months or so. Just change it and move on.
|
|
| Why? If it has been working, what makes it more vulnerable with time?

Did you read about the news? It's a dramatically clear
answer to your question. Yahoo was hacked a couple
of years ago. Chinese hackers might be scanning your
email now, waiting for something like a credit card number
or bank account info, or enough personal info to spoof
your identity. The passwords might have been sold.

The data was stolen by breaking into Yahoo and stealing
their member/password list, not by hacking passwords.
If you changed your password periodically you would have
been protected for most of the last two years.


If they look at my Yahoo account, they are just going to see the spam
in accumulated over the last 17 years because I never used it
I would appreciate them sending me the password tho ;-)

On 25/09/2016 18:26, wrote:
On Sun, 25 Sep 2016 13:10:52 -0400, "Mayayana"
wrote:

"Ed Pawlowski" wrote

| How difficult is it change passwords? I routinely change mine every six
| months or so. Just change it and move on.
|
|
| Why? If it has been working, what makes it more vulnerable with time?

Did you read about the news? It's a dramatically clear
answer to your question. Yahoo was hacked a couple
of years ago. Chinese hackers might be scanning your
email now, waiting for something like a credit card number
or bank account info, or enough personal info to spoof
your identity. The passwords might have been sold.

The data was stolen by breaking into Yahoo and stealing
their member/password list, not by hacking passwords.
If you changed your password periodically you would have
been protected for most of the last two years.


If they look at my Yahoo account, they are just going to see the spam
in accumulated over the last 17 years because I never used it
I would appreciate them sending me the password tho ;-)

Why not save all of your contacts and delete your present Yahoo email
account, then reinstal with a new email name, then send 1 bulk email to
your contacts telling them the new account name.

Ed Pawlowski explained on 9/25/2016 :
On 9/25/2016 12:14 PM, Unquestionably Confused wrote:


How difficult is it change passwords? I routinely change mine every six
months or so. Just change it and move on.


Why? If it has been working, what makes it more vulnerable with time? What
makes a new password more secure than an old one? Maybe the new one is
easier to crack.

Given the number of web sites I use it would be an all day job to change them
all.

Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable
again, so the attacker would have to start over again.

On 9/25/2016 1:35 PM, FromTheRafters wrote:


Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable again,
so the attacker would have to start over again.

And your "new" password may be the next one tried and thus cracked. Not
so sure it improves the odds.

Ed Pawlowski wrote on 9/25/2016 :
On 9/25/2016 1:35 PM, FromTheRafters wrote:


Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable again,
so the attacker would have to start over again.

And your "new" password may be the next one tried and thus cracked. Not so
sure it improves the odds.

Sure, but the idea behind exhaustive search is not the same as behind
random tries, it reduces the effective keyspace after each try. If the
entire keyspace can be searched in a year, the average time to break is
six months. If you change the password every three months they may
never hit the mark. This definitely does improve your odds.

On 9/25/2016 10:35 AM, FromTheRafters wrote:

Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable again,
so the attacker would have to start over again.

I use Yahoo's Two-step verification. It makes a dictionary attack
useless on a strange machine.

AL submitted this idea :
On 9/25/2016 10:35 AM, FromTheRafters wrote:

Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable again,
so the attacker would have to start over again.

I use Yahoo's Two-step verification. It makes a dictionary attack useless on
a strange machine.

If they hacked the server, all they would likely have to do is exhaust
the hash's keyspace no matter how many parts were involved in the
hash's creation. They've had two years in this case, but it could have
been worse.

On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

"Taxed and Spent" wrote

| Simple answer: just change it now.
|
| That is a simpleton answer.
|
| Is there anybody who can answer the question I raised?

It's a simple answer for a dumb question. If you
don't know when you last changed your password
then who would? If you think Yahoo does then ask
them. What other possibilities are there?

Or you could just change your password now.
You might also want to consider getting real email
(from your ISP, a paid account, or your own domain)
and not using Yahoo or other freebie webmail.

On 9/25/2016 4:49 PM, Taxed and Spent wrote:
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

To quote Queen Hillary, "What difference does it make [when you last
changed your password (in this context)]?"

There is no penalty for changing your password "too often," the only
risk is not changing it often enough and being sloppy with creating it
and storing it.

You don't need it to change it with Yahoo.

We can explain it to you but we can't understand it for you.g

On Sun, 25 Sep 2016 23:37:36 +0100, Unquestionably Confused wrote:

On 9/25/2016 4:49 PM, Taxed and Spent wrote:
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

To quote Queen Hillary, "What difference does it make [when you last
changed your password (in this context)]?"

There is no penalty for changing your password "too often," the only
risk is not changing it often enough and being sloppy with creating it
and storing it.

You don't need it to change it with Yahoo.

We can explain it to you but we can't understand it for you.g

The penalty is forgetting it.

--
Do infants have as much fun in their infancy as adults do in adultery?

Taxed and Spent presented the following explanation :
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

Probably someone at Yahoo! can answer that, but only if there is some
record keeping of that sort of thing on their end.

On Mon, 26 Sep 2016 01:01:23 +0100, FromTheRafters wrote:

Taxed and Spent presented the following explanation :
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

Probably someone at Yahoo! can answer that, but only if there is some
record keeping of that sort of thing on their end.

I doubt a cheap **** free webmail service would bother answering your question. Have you never heard of POP3?

--
ADULT: A person who has stopped growing at both ends and is now growing in the middle.

James Wilkinson formulated on Sunday :
On Mon, 26 Sep 2016 01:01:23 +0100, FromTheRafters
wrote:

Taxed and Spent presented the following explanation :
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

Probably someone at Yahoo! can answer that, but only if there is some
record keeping of that sort of thing on their end.

I doubt a cheap **** free webmail service would bother answering your
question. Have you never heard of POP3?

What question?

On 9/25/2016 5:07 PM, James Wilkinson wrote:
On Mon, 26 Sep 2016 01:01:23 +0100, FromTheRafters
wrote:

Taxed and Spent presented the following explanation :
On 9/25/2016 10:06 AM, Bod wrote:
On 25/09/2016 16:34, Taxed and Spent wrote:
It says you should change your password if you have not done so since
2014. How can I tell when my password was last changed? I don't
keep a
record of that.

Simple answer: just change it now.

That is a simpleton answer.

Is there anybody who can answer the question I raised?

Probably someone at Yahoo! can answer that, but only if there is some
record keeping of that sort of thing on their end.

I doubt a cheap **** free webmail service would bother answering your
question. Have you never heard of POP3?


I can access a Yahoo account via POP3. Can't figure it out?