On Sun, 31 Oct 2010 12:52:31 -0500, jaugustine@verizon.net wrote:
> Hi,
>
> We are often told not to use the same password or a simple to guess
> pass word at certain web sites.
More like to not use the same password on more than one login.
>
> I have not heard or read any warnings about using the same answer, "if you
> forgot your password, answer this question". If you always use your mother's
> maiden name, this can be considered a "master key" to a hacker.
Yep, my mothers name is 57chevy, my school's mascot is George, my
first car was sonytv,....
> Note: Some web sites will send you your pass word via email, which is a
> very good idea.
Personally, I hate it. Requires me to keep yet another email account
just for those types of activities.
> I hope they all do.
Heheheh, criminals already create exploits to go through your mail
files. Be sure to keep those id/pw emails for the criminals.
We are often told not to use the same password or a simple to guess
pass word at certain web sites.
I have not heard or read any warnings about using the same answer, "if you
forgot your password, answer this question". If you always use your mother's
maiden name, this can be considered a "master key" to a hacker.
Note: Some web sites will send you your pass word via email, which is a
very good idea. I hope they all do.
Your email address and password are the two basic requirements for anyone
to access your "account". If the hacker knows your "master key", he/she
might be able to use it to get your pass word.
> Note: Some web sites will send you your pass word via email, which is a
>very good idea.
Actually, this is a very bad idea ! Such an email contains your
password in plain text, for (almost) anyone to see.
While proper password handling requires that a password is never
transmitted in plain text. (Compare: for security reasons, your
screen usually echoos * for any password character you type :-)
> Hi,
>
> We are often told not to use the same password or a simple to guess
> pass word at certain web sites.
>
> I have not heard or read any warnings about using the same answer, "if you
> forgot your password, answer this question". If you always use your mother's
> maiden name, this can be considered a "master key" to a hacker.
So?
> Note: Some web sites will send you your pass word via email, which is a
> very good idea. I hope they all do.
Surely you jest.
> Your email address and password are the two basic requirements for anyone
> to access your "account". If the hacker knows your "master key", he/she
> might be able to use it to get your pass word.
>
> John
Re: Avoid Giving Your "Master Key" to a Hacker 
Linear Mode
