Search Results

Search found 11663 results on 467 pages for 'forgot password'.

Page 5/467 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Password-free logins using your email address only?

    - by Mario
    The state of logins is horrendous. With each site having it's own rules for passwords, it can be very hard to remember what variation you used on any given site. Logins are pure pain. One thing I love about Craigslist is that it did away with logins altogether. I know this design may not suit every site, but there's something to their design that beckons to be repeated. OpenID is great on sites that have adopted it, but it's still not standard. Would it be feasible/wise to use an email address as a login and provide no password? The site would send a short-term key directly to your email address. You click on the link and you're in. When you're done, you "logout" and your key is terminated. I've toyed with this idea before. What concerns (i.e. spammers, bots, etc.) would make this impractical or unsafe and could they be overcome?

    Read the article

  • password incorrect 3 times + suspected failed update

    - by Cheese
    I have been lurking your site for the past few hours, and have found myself in a bit of a pickle. Visiting my parents, I discover that neither computer, nor laptop work. Long story short, I've got the laptop working, but have completely fudged up the computer. I am a n00b, but I was at least willing to give it a go. The comp originally had ubuntu 11.10 installed, later updated to 12.04. We have cds for both. I do not understand what the initial problem was for my parents, but somehow when I turned on the computer, it worked for me. Soon after, I was nagged to install the latest updates. So, I spent the next half an hour wondering why the updates kept on asking for 11.04 cdroms, until I realised that you could turn off the cdrom necessity. After doing this via console, I installed some of the smaller updates, before being told to do a partial update. This failed a few times, and ended up freezing whilst reinstalling drivers. After a hard restart I continued to type whatever I could find on the forum into the console. At some point, the console started saying that I had 3 incorrect password inputs, and sudo commands stopped altogether. I found another thread discussing this; but people kept on suggesting changing passwords (which I did to no avail) or other things that made use of sudo (which I am locked out of, although I am technically the admin) I found myself somehow on the Ctrl+Alt+F1 console, and after being utterly confused (and Ctrl+AltF5 failing for me), another hard reset occurred. Somewhere along the way I created a USB start up for 14.04, (but this does not seem to work) Now I am left with an admin (and guest) account that log in but have blank screens (with only the desktop background showing) and I can't do anything in the console because I'm locked out. Interestingly, the console now says that I am running 14.04 although all updates said they had failed. Aside from the obvious lessons I have learnt (don't fiddle about in the console when you have no idea what you're doing "Dog wearing safety glasses "I have no idea what I am doing" GIF would be inserted here ) Is there any way I can redeem this almighty muck up? A million thanks for any help!

    Read the article

  • Password Policy seems to be ignored for new Domain on Windows Server 2008 R2

    - by Earl Sven
    I have set up a new Windows Server 2008 R2 domain controller, and have attempted to configure the Default Domain Policy to permit all types of passwords. When I want to create a new user (just a normal user) in the Domain Users and Computers application, I am prevented from doing so because of password complexity/length reasons. The password policy options configured in the Default Domain Policy are not defined in the Default Domain Controllers Policy, but having run the Group Policy Modelling Wizard these settings do not appear to be set for the Domain Controllers OU, should they not be inherited from the Default Domain policy? Additionally, if I link the Default Domain policy to the Domain Controllers OU, the Group Policy Modelling Wizard indicates the expected values for complexity etc, but I still cannot create a new user with my desired password. The domain is running at the Windows Server 2008 R2 functional level. Any thoughts? Thanks! Update: Here is the "Account policy/Password policy" Section from the GPM Wizard: Policy Value Winning GPO Enforce password history 0 Passwords Remembered Default Domain Policy Maximum password age 0 days Default Domain Policy Minimum password age 0 days Default Domain Policy Minimum password length 0 characters Default Domain Policy Passwords must meet complexity Disabled Default Domain Policy These results were taken from running the GPM Wizard at the Domain Controllers OU. I have typed them out by hand as the system I am working on is standalone, this is why the table is not exactly the wording from the Wizard. Are there any other policies that could override the above? Thanks!

    Read the article

  • Is there a way to prevent password expiration when user has no password?

    - by Eric DANNIELOU
    Okay, we all care about security so users should change their passwords on a regular basis (who said passwords are like underwear?). On redhat and centos (5.x and 6.x), it's possible to make every real user password expires after 45 days, and warn them 7 days before. /etc/shadow entry then looks like : testuser:$6$m8VQ7BWU$b3UBovxC5b9p2UxLxyT0QKKgG1RoOHoap2CV7HviDJ03AUvcFTqB.yiV4Dn7Rj6LgCBsJ1.obQpaLVCx5.Sx90:15588:1:45:7::: It works very well and most users often change their passwords. Some users find it convenient not to use any password but ssh public key (and I'd like to encourage them). Then after 45 days they can't log in as they forgot their password and are asked to change it. Is there a way to prevent password expiration if and only if password is disabled? Setting testuser:!!:15588:1:45:7::: in /etc/shadow did not work : testuser is asked to change his password after 45 days. Of course, setting back password expiration to 99999 days works but : It requires extra work. Security auditors might not be happy. Is there a system wide parameter that would prompt the user to change expired password only if he really has one ?

    Read the article

  • What is meant by "no password set" for root account (and otthers)?

    - by MMA
    Several years back, we were more accustomed to changing to the root account using the su command. First, we switched to the root account, and then executed those root commands. Now we are more accustomed to using the sudo command. But we know that the root account is there. We can readily find the home directory of user root. $ ls -ld /root/ drwx------ 18 root root 4096 Oct 22 17:21 /root/ Now my point is, it is stated that "the root password in Ubuntu is left unset". Please see the answers to this question. Most of the answers have something to this effect in the first paragraph. One or two answers further state that "the account is left disabled". Now my (primary) questions are, What is meant by an unset password? Is it blank? Is it null? Or something else more cryptic? How does the account becomes enabled once I set password for it? (sudo password root) In order get a better understanding, I checked the /etc/shadow file. Since I have already set a password for the root account, I can no longer see what is there (encrypted password). So, I created another account and left it disabled. The corresponding entry in the /etc/shadow file is, testpassword:!:16020:0:99999:7::: Now perhaps my above queries need to be changed to, what does an ! in password field mean? Other encrypted passwords are those very long cryptic strings. How come this encrypted form is only one character long? And does an account become disabled if I put an ! in the (encrypted) password field?

    Read the article

  • trying to set and use a password via commandline using ultraVNC on windows server 2003 vnc

    - by mustafa
    Okay, so I installed ultravnc on windows server 2003. It uses the ultravnc.i.i file to store password and configuration information. But I'd like to be able to set the password using the command line. There is a tool called vncpwd: http://www.sysworksoft.net/products/vncpwd.html But it's old, and when you use it to change the password, it changes the password in the system registry instead of the ultravnc.ini file. But, you can set ultravnc to use the registry instead of the ini file. Success? No. I set ultravnc to use the registry (which stores the hashed password that I set using vncpwd), but, it still uses the password in the .ini file. does anyone know what gives.

    Read the article

  • Check username password combination in Windows

    - by mwolfe02
    I have an autohotkey script that maps multiple network drives using a series of net use commands. I enter my password once into an autohotkey inputbox, then run all of the net use commands with the entered password. This works great as long as I enter the correct password. If I mistype my password it runs all the net use commands with an incorrect password and my account ends up locked out. Aside from catching the error code/output from the net use command, is there some other way (through Autohotkey/Windows command-line) to verify the username/password combo is correct before I run it multiple times?

    Read the article

  • how insecure is my short password really?

    - by rika-uehara
    Using systems like TrueCrypt, when I have to define a new password I am often informed that using a short password is insecure and "very easy" to break by brute-force. I always use passwords of 8 characters in length, which are not based on dictionary words, which consists of characters from the set A-Z, a-z, 0-9 I.e. I use password like sDvE98f1 How easy is it to crack such a password by brute-force? I.e. how fast. I know it heavily depends on the hardware but maybe someone could give me an estimate how long it would take to do this on a dual core with 2GHZ or whatever to have a frame of reference for the hardware. To briute-force attack such a password one needs not only to cycle through all combinations but also try to de-crypt with each guessed password which also needs some time. Also, is there some software to brute-force hack truecrypt because I want to try to brute-force crack my own passsword to see how long it takes if it is really that "very easy".

    Read the article

  • Logging in with a different password than the database password, PHPMyAdmin

    - by Andrew M
    I am trying to install PHPMyAdmin on my server to manage my MySQL databases. Right now I have only one I want to add, but I would like to be able to manage multiple databases from the same account on PHPMyAdmin. How would I configure PMA so I could login with "andrew" and a password of "examplepassword" instead of the annoyingly long and unchangeable database user and password I am provided (ie. db3483478234, password of random characters)? I can't seem to find an area to specify a different password than the regular database username and password.

    Read the article

  • Cannot change password for user postgres in postgresql

    - by dhaval
    I have made the following entry in pg_hba.conf local all all trust but still su postgres does not accept blank as password. I am not able to run psql nor pg_ctl for same reason as most of the files are owned by postgres. EDIT1 dhaval@ubuntu:~$ su -c "pg_ctl reload -D template1" Password: su: Authentication failure dhaval@ubuntu:~$ su -c psql Password: su: Authentication failure I am giving the root password above but I guess its expecting "postgres" superuser password. I dont have the same. I need to reset it. EDIt2 dhaval@ubuntu:~$ sudo -i -u postgres [sudo] password for dhaval: postgres@ubuntu:~$ psql Welcome to psql 8.3.7, the PostgreSQL interactive terminal. The above has taken me postgreSQL command prompt. But I am still not sure why the "trust" was not working.

    Read the article

  • How to let users change linux password from web browser?

    - by wag2639
    I'm not sure if this is a stackoverflow question or serverfault but here goes: I have an Ubuntu 10.04 file server (Samba/FTP/HTTP) and I would like to have the ability to give users the ability to change their password to the server using their web browser. I've written a similar script before using PHP and a mess of exec but I believe that isn't secure because it can be listened to by someone looking at the list of processes on the server. Is there some kind of plugin (PHP or Python or other) that can do this easily? I rather not use something like webmin as it's overkill for this.

    Read the article

  • Unable to retrive open-id password wheras able to login via gmail only???

    - by diEcho
    Hello All, I have two OPEN-ID accounts referenced with same gmail address, now i forget one of my Open ID account's password and when i tried to recover my password then the mail sent by The MyOpen ID Team having second one open-id account's password change link whereas i need first one open-id password. i tries a lot of times to recover but each time mail having second open-id passord change link so what do i do to recover my first open-id password whereas i m able to login from that open-id via gmail account. i have mailed to open id teams many times already? but no answer?? how do i collect all open ID password reset link referencing same email address??

    Read the article

  • Password protected website

    - by danie7L T
    I need to add a user authentication page before the actual homepage of the website. In Joomla! I just set the website offline and the offline page loads in place of the homepage but then it's automatically throwing a "503 Service Temporarily Unavailable" error which I would like to avoid. That's why I would like to know the other ways to load an authentication page before the homepage. NB: I'm using Apache servers if that's relevant Thank you

    Read the article

  • Password value on click is not changing the text to 'Password'

    - by Sam
    window.onload=function() { var password = document.getElementById('apassword'); var real = document.getElementById('password'); var fake = document.createElement('input'); fake.setAttribute('type', 'text'); /*fake.setAttribute('id', 'password');*/ fake.setAttribute('class', 'contact-input contact-right'); password.appendChild(fake); fake.setAttribute('value', 'Password'); fake.onfocus = function() {this.style.display='none';real.style.display=''; real.focus();}; real.style.display = 'none'; real.setAttribute('value', ''); real.onblur = function() {if(this.value==''){this.style.display='none';fake.style.display=''}}; }; AND <label id="apassword"> <input type="password" title="Password" id="password" class="contact-input contact-right" name="password" /> </label> What is supposed to happen is that when you click on the input box, it changes from 'Password' to a blank type="password" input box, however it doesn't happen. This originally worked, but then I had to change some ID's and classes etc. I'm not sure how to debug scripts, so hopefully someone can help me with that, and also with my question :). Thankyou :).

    Read the article

  • no administrator password for Windows 7

    - by huskergirl78
    I'm a secretary and my boss set up my new Windows 7 OptiPlex 7010 (Dell) computer for me while I was on vacation (he does not remember setting any "administrator" password). We are a small office so there is no system password set, either. I've used it for 6 months, all the while I couldn't access network drives, etc., without an administrator password. It was annoying, but I could still get my work done. Finally, on a slow day I took it upon myself to "fix" the problem, and in all my infinite wisdom, I managed to change my user account from administrator to standard user, so now I really can't do anything. I can't download or install any programs, move or rename files, etc. I tried the Dell suggested solution, but the BIOS tells me there is no password set, so it has to be a Windows 7 problem. All the solutions I have come across require an administrator password to let me do them. What can I do to find out the admin password so I can use my own darn computer!? Is there a default admin password?

    Read the article

  • Back up and restore Active Directory password per user

    - by Robert Perlberg
    For administrative purposes, I sometimes need to log in as another user to diagnose a problem with their account. I'd like to be able to do this without having to change their password so I don't have to keep bothering them. Under Unix, I can just save the encrypted password from the passwd file, change the password, then edit the old encrypted password back into the passwd file. Is there a way of doing something similar in AD?

    Read the article

  • Firefox requests the master password twice

    - by Mehper C. Palavuzlar
    I've set a master password for Firefox. When Firefox starts, it strangely opens two separate password request windows. When I type in the master password and hit enter, Firefox opens without problems, but the other password request window stays there. I simply close it but it's annoying. Why are there 2 windows as it's enough to type the password once? I've upgraded Firefox from 3.5.5 to 3.5.6 but the problem remains. Any comments? PS: The latest news from this issue can be followed from the related Mozilla Support Forum.

    Read the article

  • Active Directory Password Policy Problem

    - by Will
    To Clarify: my question is why isn't my password policy applying to people in the domain. Hey guys, having trouble with our password policy in Active Directory. Sometimes it just helps me to type out what I’m seeing It appears to not be applying properly across the board. I am new to this environment and AD in general but I think I have a general grasp of what should be going on. It’s a pretty simple AD setup without too many Group Policies being applied. It looks something like this DOMAIN Default Domain Policy (link enabled) Password Policy (link enabled and enforce) Personal OU Force Password Change (completely empty nothing in this GPO) IT OU Lockout Policy (link enabled and enforced) CS OU Lockout Policy Accouting OU Lockout Policy The password policy and default domain policy both define the same things under Computer ConfigWindows seetings sec settings Account Policies / Password Policy Enforce password History : 24 passwords remembered Maximum Password age : 180 days Min password age: 14 days Minimum Password Length: 6 characters Password must meet complexity requirements: Enabled Store Passwords using reversible encryption: Disabled Account Policies / Account Lockout Policy Account Lockout Duration 10080 Minutes Account Lockout Threshold: 5 invalid login attempts Reset Account Lockout Counter after : 30 minutes IT lockout This just sets the screen saver settings to lock computers when the user is Idle. After running Group Policy modeling it seems like the password policy and default domain policy is getting applied to everyone. Here is the results of group policy modeling on MO-BLANCKM using the mblanck account, as you can see the policies are both being applied , with nothing important being denied Group Policy Results NCLGS\mblanck on NCLGS\MO-BLANCKM Data collected on: 12/29/2010 11:29:44 AM Summary Computer Configuration Summary General Computer name NCLGS\MO-BLANCKM Domain NCLGS.local Site Default-First-Site-Name Last time Group Policy was processed 12/29/2010 10:17:58 AM Group Policy Objects Applied GPOs Name Link Location Revision Default Domain Policy NCLGS.local AD (15), Sysvol (15) WSUS-52010 NCLGS.local/WSUS/Clients AD (54), Sysvol (54) Password Policy NCLGS.local AD (58), Sysvol (58) Denied GPOs Name Link Location Reason Denied Local Group Policy Local Empty Security Group Membership when Group Policy was applied BUILTIN\Administrators Everyone S-1-5-21-507921405-1326574676-682003330-1003 BUILTIN\Users NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users NCLGS\MO-BLANCKM$ NCLGS\Admin-ComputerAccounts-GP NCLGS\Domain Computers WMI Filters Name Value Reference GPO(s) None Component Status Component Name Status Last Process Time Group Policy Infrastructure Success 12/29/2010 10:17:59 AM EFS recovery Success (no data) 10/28/2010 9:10:34 AM Registry Success 10/28/2010 9:10:32 AM Security Success 10/28/2010 9:10:34 AM User Configuration Summary General User name NCLGS\mblanck Domain NCLGS.local Last time Group Policy was processed 12/29/2010 11:28:56 AM Group Policy Objects Applied GPOs Name Link Location Revision Default Domain Policy NCLGS.local AD (7), Sysvol (7) IT-Lockout NCLGS.local/Personal/CS AD (11), Sysvol (11) Password Policy NCLGS.local AD (5), Sysvol (5) Denied GPOs Name Link Location Reason Denied Local Group Policy Local Empty Force Password Change NCLGS.local/Personal Empty Security Group Membership when Group Policy was applied NCLGS\Domain Users Everyone BUILTIN\Administrators BUILTIN\Users NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users LOCAL NCLGS\MissingSkidEmail NCLGS\Customer_Service NCLGS\Email_Archive NCLGS\Job Ticket Users NCLGS\Office Staff NCLGS\CUSTOMER SERVI-1 NCLGS\Prestige_Jobs_Email NCLGS\Telecommuters NCLGS\Everyone - NCL WMI Filters Name Value Reference GPO(s) None Component Status Component Name Status Last Process Time Group Policy Infrastructure Success 12/29/2010 11:28:56 AM Registry Success 12/20/2010 12:05:51 PM Scripts Success 10/13/2010 10:38:40 AM Computer Configuration Windows Settings Security Settings Account Policies/Password Policy Policy Setting Winning GPO Enforce password history 24 passwords remembered Password Policy Maximum password age 180 days Password Policy Minimum password age 14 days Password Policy Minimum password length 6 characters Password Policy Password must meet complexity requirements Enabled Password Policy Store passwords using reversible encryption Disabled Password Policy Account Policies/Account Lockout Policy Policy Setting Winning GPO Account lockout duration 10080 minutes Password Policy Account lockout threshold 5 invalid logon attempts Password Policy Reset account lockout counter after 30 minutes Password Policy Local Policies/Security Options Network Security Policy Setting Winning GPO Network security: Force logoff when logon hours expire Enabled Default Domain Policy Public Key Policies/Autoenrollment Settings Policy Setting Winning GPO Enroll certificates automatically Enabled [Default setting] Renew expired certificates, update pending certificates, and remove revoked certificates Disabled Update certificates that use certificate templates Disabled Public Key Policies/Encrypting File System Properties Winning GPO [Default setting] Policy Setting Allow users to encrypt files using Encrypting File System (EFS) Enabled Certificates Issued To Issued By Expiration Date Intended Purposes Winning GPO SBurns SBurns 12/13/2007 5:24:30 PM File Recovery Default Domain Policy For additional information about individual settings, launch Group Policy Object Editor. Public Key Policies/Trusted Root Certification Authorities Properties Winning GPO [Default setting] Policy Setting Allow users to select new root certification authorities (CAs) to trust Enabled Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only Administrative Templates Windows Components/Windows Update Policy Setting Winning GPO Allow Automatic Updates immediate installation Enabled WSUS-52010 Allow non-administrators to receive update notifications Enabled WSUS-52010 Automatic Updates detection frequency Enabled WSUS-52010 Check for updates at the following interval (hours): 1 Policy Setting Winning GPO Configure Automatic Updates Enabled WSUS-52010 Configure automatic updating: 4 - Auto download and schedule the install The following settings are only required and applicable if 4 is selected. Scheduled install day: 0 - Every day Scheduled install time: 03:00 Policy Setting Winning GPO No auto-restart with logged on users for scheduled automatic updates installations Disabled WSUS-52010 Re-prompt for restart with scheduled installations Enabled WSUS-52010 Wait the following period before prompting again with a scheduled restart (minutes): 30 Policy Setting Winning GPO Reschedule Automatic Updates scheduled installations Enabled WSUS-52010 Wait after system startup (minutes): 1 Policy Setting Winning GPO Specify intranet Microsoft update service location Enabled WSUS-52010 Set the intranet update service for detecting updates: http://lavender Set the intranet statistics server: http://lavender (example: http://IntranetUpd01) User Configuration Administrative Templates Control Panel/Display Policy Setting Winning GPO Hide Screen Saver tab Enabled IT-Lockout Password protect the screen saver Enabled IT-Lockout Screen Saver Enabled IT-Lockout Screen Saver executable name Enabled IT-Lockout Screen Saver executable name sstext3d.scr Policy Setting Winning GPO Screen Saver timeout Enabled IT-Lockout Number of seconds to wait to enable the Screen Saver Seconds: 1800 System/Power Management Policy Setting Winning GPO Prompt for password on resume from hibernate / suspend Enabled IT-Lockout

    Read the article

  • Domain Outlook user is asked for password every time despite checking the 'remember password' button

    - by MrVimes
    We have a windows 2003 domain. All users have roaming profiles. We have a couple of users who, when they log into outlook, are asked for their password every time, despite selecting the 'remember my password' option. Our email is externally hosted exchange email. I've tried several fixes found on google such as deleting 'protect' folder in the user's profile, and deleting protect key in the registry but none work. I tried storing the password in windows' password/credentials manager, didn't work. It happens on any PC the users log into so it's not a machine specific problem. Any ideas? OS is Windows XP pro. Outlook is 2007.

    Read the article

  • Password reset by email without a database table

    - by jpatokal
    The normal flow for resetting a user's password by mail is this: Generate a random string and store it in a database table Email string to user User clicks on link containing string String is validated against database; if it matches, user's pw is reset However, maintaining a table and expiring old strings etc seems like a bit of an unnecessary hassle. Are there any obvious flaws in this alternative approach? Generate a MD5 hash of the user's existing password Email hash string to user User clicks on link containing string String is validated by hashing existing pw again; if it matches, user's pw is reset Note that the user's password is already stored in a hashed and salted form, and I'm just hashing it once more to get a unique but repeatable string. And yes, there is one obvious "flaw": the reset link thus generated will not expire until the user changes their password (clicks the link). I don't really see why this would be a problem though -- if the mailbox is compromised, the user is screwed anyway.

    Read the article

  • Managing service passwords with Puppet

    - by Jeff Ferland
    I'm setting up my Bacula configuration in Puppet. One thing I want to do is ensure that each password field is different. My current thought is to hash the hostname with a secret value that would ensure each file daemon has a unique password and that password can be written to both the director configuration and the file server. I definitely don't want to use one universal password as that would permit anybody who might compromise one machine to get access to any machine through Bacula. Is there another way to do this other than using a hash function to generate the passwords? Clarification: This is NOT about user accounts for services. This is about the authentication tokens (to use another term) in the client / server files. Example snippet: Director { # define myself Name = <%= hostname $>-dir QueryFile = "/etc/bacula/scripts/query.sql" WorkingDirectory = "/var/lib/bacula" PidDirectory = "/var/run/bacula" Maximum Concurrent Jobs = 3 Password = "<%= somePasswordFunction =>" # Console password Messages = Daemon }

    Read the article

  • Online Password Security Tactics

    - by BuckWoody
    Recently two more large databases were attacked and compromised, one at the popular Gawker Media sites and the other at McDonald’s. Every time this kind of thing happens (which is FAR too often) it should remind the technical professional to ensure that they secure their systems correctly. If you write software that stores passwords, it should be heavily encrypted, and not human-readable in any storage. I advocate a different store for the login and password, so that if one is compromised, the other is not. I also advocate that you set a bit flag when a user changes their password, and send out a reminder to change passwords if that bit isn’t changed every three or six months.    But this post is about the *other* side – what to do to secure your own passwords, especially those you use online, either in a cloud service or at a provider. While you’re not in control of these breaches, there are some things you can do to help protect yourself. Most of these are obvious, but they contain a few little twists that make the process easier.   Use Complex Passwords This is easily stated, and probably one of the most un-heeded piece of advice. There are three main concepts here: ·         Don’t use a dictionary-based word ·         Use mixed case ·         Use punctuation, special characters and so on   So this: password Isn’t nearly as safe as this: P@ssw03d   Of course, this only helps if the site that stores your password encrypts it. Gawker does, so theoretically if you had the second password you’re in better shape, at least, than the first. Dictionary words are quickly broken, regardless of the encryption, so the more unusual characters you use, and the farther away from the dictionary words you get, the better.   Of course, this doesn’t help, not even a little, if the site stores the passwords in clear text, or the key to their encryption is broken. In that case…   Use a Different Password at Every Site What? I have hundreds of sites! Are you kidding me? Nope – I’m not. If you use the same password at every site, when a site gets attacked, the attacker will store your name and password value for attacks at other sites. So the only safe thing to do is to use different names or passwords (or both) at each site. Of course, most sites use your e-mail as a username, so you’re kind of hosed there. So even though you have hundreds of sites you visit, you need to have at least a different password at each site.   But it’s easier than you think – if you use an algorithm.   What I’m describing is to pick a “root” password, and then modify that based on the site or purpose. That way, if the site is compromised, you can still use that root password for the other sites.   Let’s take that second password: P@ssw03d   And now you can append, prepend or intersperse that password with other characters to make it unique to the site. That way you can easily remember the root password, but make it unique to the site. For instance, perhaps you read a lot of information on Gawker – how about these:   P@ssw03dRead ReadP@ssw03d PR@esasdw03d   If you have lots of sites, tracking even this can be difficult, so I recommend you use password software such as Password Safe or some other tool to have a secure database of your passwords at each site. DO NOT store this on the web. DO NOT use an Office document (Microsoft or otherwise) that is “encrypted” – the encryption office automation packages use is very trivial, and easily broken. A quick web search for tools to do that should show you how bad a choice this is.   Change Your Password on a Schedule I know. It’s a real pain. And it doesn’t seem worth it…until your account gets hacked. A quick note here – whenever a site gets hacked (and I find out about it) I change the password at that site immediately (or quit doing business with them) and then change the root password on every site, as quickly as I can.   If you follow the tip above, it’s not as hard. Just add another number, year, month, day, something like that into the mix. It’s not unlike making a Primary Key in an RDBMS.   P@ssw03dRead10242010   Change the site, and then update your password database. I do this about once a month, on the first or last day, during staff meetings. (J)   If you have other tips, post them here. We can all learn from each other on this.

    Read the article

  • Is there a way to change the root password while still logged in? I did something bad by accdient -_-

    - by Robert
    So I was trying to add my printer, and I wasn't able to make any changes due to the fact that cups was not accepting my root password. I was Googling some changes and trying to fix the problem when one of the commands CHANGED MY SUDO PASSWORD! Can someone please tell me which one of these is the culprit? I was trying to these commands: cat /etc/group | grep root cat /etc/group | grep myUserName usermod -a -G lpadmin myUserName sudo usermod -a -G lpadmin myUserName sudo gedit /etc/cups/cupsd.conf lppasswd -a myUserName lppasswd -a root sudo lppasswd -a myUserName I think it was this one, but I know which passwords I put in! There was nothing which I typed in besides my strong password or my easy temporary password. Unless I made a typo... please no. restart cups sudo password root This is so not cool, I was just trying to add a printer :'( Please help my stupidity!

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >