Search Results

Search found 40429 results on 1618 pages for 'change password'.

Page 6/1618 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • Online Password Security Tactics

    - by BuckWoody
    Recently two more large databases were attacked and compromised, one at the popular Gawker Media sites and the other at McDonald’s. Every time this kind of thing happens (which is FAR too often) it should remind the technical professional to ensure that they secure their systems correctly. If you write software that stores passwords, it should be heavily encrypted, and not human-readable in any storage. I advocate a different store for the login and password, so that if one is compromised, the other is not. I also advocate that you set a bit flag when a user changes their password, and send out a reminder to change passwords if that bit isn’t changed every three or six months.    But this post is about the *other* side – what to do to secure your own passwords, especially those you use online, either in a cloud service or at a provider. While you’re not in control of these breaches, there are some things you can do to help protect yourself. Most of these are obvious, but they contain a few little twists that make the process easier.   Use Complex Passwords This is easily stated, and probably one of the most un-heeded piece of advice. There are three main concepts here: ·         Don’t use a dictionary-based word ·         Use mixed case ·         Use punctuation, special characters and so on   So this: password Isn’t nearly as safe as this: P@ssw03d   Of course, this only helps if the site that stores your password encrypts it. Gawker does, so theoretically if you had the second password you’re in better shape, at least, than the first. Dictionary words are quickly broken, regardless of the encryption, so the more unusual characters you use, and the farther away from the dictionary words you get, the better.   Of course, this doesn’t help, not even a little, if the site stores the passwords in clear text, or the key to their encryption is broken. In that case…   Use a Different Password at Every Site What? I have hundreds of sites! Are you kidding me? Nope – I’m not. If you use the same password at every site, when a site gets attacked, the attacker will store your name and password value for attacks at other sites. So the only safe thing to do is to use different names or passwords (or both) at each site. Of course, most sites use your e-mail as a username, so you’re kind of hosed there. So even though you have hundreds of sites you visit, you need to have at least a different password at each site.   But it’s easier than you think – if you use an algorithm.   What I’m describing is to pick a “root” password, and then modify that based on the site or purpose. That way, if the site is compromised, you can still use that root password for the other sites.   Let’s take that second password: P@ssw03d   And now you can append, prepend or intersperse that password with other characters to make it unique to the site. That way you can easily remember the root password, but make it unique to the site. For instance, perhaps you read a lot of information on Gawker – how about these:   P@ssw03dRead ReadP@ssw03d PR@esasdw03d   If you have lots of sites, tracking even this can be difficult, so I recommend you use password software such as Password Safe or some other tool to have a secure database of your passwords at each site. DO NOT store this on the web. DO NOT use an Office document (Microsoft or otherwise) that is “encrypted” – the encryption office automation packages use is very trivial, and easily broken. A quick web search for tools to do that should show you how bad a choice this is.   Change Your Password on a Schedule I know. It’s a real pain. And it doesn’t seem worth it…until your account gets hacked. A quick note here – whenever a site gets hacked (and I find out about it) I change the password at that site immediately (or quit doing business with them) and then change the root password on every site, as quickly as I can.   If you follow the tip above, it’s not as hard. Just add another number, year, month, day, something like that into the mix. It’s not unlike making a Primary Key in an RDBMS.   P@ssw03dRead10242010   Change the site, and then update your password database. I do this about once a month, on the first or last day, during staff meetings. (J)   If you have other tips, post them here. We can all learn from each other on this.

    Read the article

  • Is there a way to change the root password while still logged in? I did something bad by accdient -_-

    - by Robert
    So I was trying to add my printer, and I wasn't able to make any changes due to the fact that cups was not accepting my root password. I was Googling some changes and trying to fix the problem when one of the commands CHANGED MY SUDO PASSWORD! Can someone please tell me which one of these is the culprit? I was trying to these commands: cat /etc/group | grep root cat /etc/group | grep myUserName usermod -a -G lpadmin myUserName sudo usermod -a -G lpadmin myUserName sudo gedit /etc/cups/cupsd.conf lppasswd -a myUserName lppasswd -a root sudo lppasswd -a myUserName I think it was this one, but I know which passwords I put in! There was nothing which I typed in besides my strong password or my easy temporary password. Unless I made a typo... please no. restart cups sudo password root This is so not cool, I was just trying to add a printer :'( Please help my stupidity!

    Read the article

  • What is default username & password for a persistent pendrive?

    - by sdos
    I am trying out Ubuntu 11.04 on a netbook. I created a live USB to boot from using this: http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/ and the system boots up into Ubuntu from the USB stick, great! bad news is I am presented with a login form.... I did not set a password so I have no idea what it could be.... username: other password: I have tried no password, no luck... I tried ubuntu, no luck Any Ideas why it has a password, and what it might be or how I can set the password?

    Read the article

  • HOWTO: Disable complex password policy on Hyper-V Server 2008?

    - by Ian Boyd
    How do you disable the password complexity requirements on a Microsoft Hyper-V Server 2008 R2? Keep in mind that when you log into the server, the only UI you have is: And you cannot run gpedit.msc: C:\Users\Administrator>gpedit.msc 'gpedit.msc' is not recognized as an internal or external command, operable program or batch file. because there are no .msc snap-ins installed with Microsoft Hyper-V Server 2008 R2. The problem comes when you're trying to add an account to the server, so you can manage it, but it doesn't like most passwords: And, predictably, typing NET HELPMSG 2245 gives you The password does not meet the password policy requirements. Check the minimum p assword length, password complexity and password history requirements. i hoped it would have been a friendly user experience, and either: offered to disable the password policy tell me how to disable the password policy tell me how to check the minimum password length, password complexity and password history requirements. Password Complexity Requirements The Microsoft's default password complexity for Server Core is: Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters. Passwords must be at least six characters in length. Passwords must contain characters from three of the following four categories: 1.English uppercase characters (A through Z). 2.English lowercase characters (a through z). 3.Base 10 digits (0 through 9). 4.Non-alphabetic characters (for example, !, $, #, %). External links Technet Forums: Hyper-V Server disable complex passwords Technet: Passwords must meet complexity requirements of the installed password filter Update: 2k views? So many people keep coming coming to it: up-vote it!

    Read the article

  • Mysql password hashing method old vs new

    - by The Disintegrator
    I'm trying to connect to a mysql server at dreamhost from a php scrip located in a server at slicehost (two different hosting companies). I need to do this so I can transfer new data at slicehost to dreamhost. Using a dump is not an option because the table structures are different and i only need to transfer a small subset of data (100-200 daily records) The problem is that I'm using the new MySQL Password Hashing method at slicehost, and dreamhost uses the old one, So i get $link = mysql_connect($mysqlHost, $mysqlUser, $mysqlPass, FALSE); Warning: mysql_connect() [function.mysql-connect]: OK packet 6 bytes shorter than expected Warning: mysql_connect() [function.mysql-connect]: mysqlnd cannot connect to MySQL 4.1+ using old authentication Warning: mysql_query() [function.mysql-query]: Access denied for user 'nodari'@'localhost' (using password: NO) facts: I need to continue using the new method at slicehost and i can't use an older php version/library The database is too big to transfer it every day with a dump Even if i did this, the tables have different structures I need to copy only a small subset of it, in a daily basis (only the changes of the day, 100-200 records) Since the tables are so different, i need to use php as a bridge to normalize the data Already googled it Already talked to both support stafs The more obvious option to me would be to start using the new MySQL Password Hashing method at dreamhost, but they will not change it and i'm not root so i can't do this myself. Any wild idea? By VolkerK sugestion: mysql> SET SESSION old_passwords=0; Query OK, 0 rows affected (0.01 sec) mysql> SELECT @@global.old_passwords,@@session.old_passwords, Length(PASSWORD('abc')); +------------------------+-------------------------+-------------------------+ | @@global.old_passwords | @@session.old_passwords | Length(PASSWORD('abc')) | +------------------------+-------------------------+-------------------------+ | 1 | 0 | 41 | +------------------------+-------------------------+-------------------------+ 1 row in set (0.00 sec) The obvious thing now would be run a mysql SET GLOBAL old_passwords=0; But i need SUPER privilege to do that and they wont give it to me if I run the query SET PASSWORD FOR 'nodari'@'HOSTNAME' = PASSWORD('new password'); I get the error ERROR 1044 (42000): Access denied for user 'nodari'@'67.205.0.0/255.255.192.0' to database 'mysql' I'm not root... The guy at dreamhost support insist saying thet the problem is at my end. But he said he will run any query I tell him since it's a private server. So, I need to tell this guy EXACTLY what to run. So, telling him to run SET SESSION old_passwords=0; SET GLOBAL old_passwords=0; SET PASSWORD FOR 'nodari'@'HOSTNAME' = PASSWORD('new password'); grant all privileges on *.* to nodari@HOSTNAME identified by 'new password'; would be a good start?

    Read the article

  • user model password field default password field in django

    - by imran-glt
    Hi, I've created a custom user model in my application. This user model is working fine, but there are a couple of problems I have with it. 1) The change password link in the my register.html page doesn't work? 2) The default password box on the add/edit page for a user is a little unfriendly. Ideally, what I'd like is the two password fields from the change password form on the add/edit user form in the admin, which will automatically turn convert the entered password into a valid encrypted password in Django. This would make the admin system MUCH friendlier and much more suited to my needs, as a fair number of user accounts will be created and maintained manually in this app, and the person responsible for doing so will likely be scared off at the sight of that admin field, or just type a clear text password and wonder why it doesn't work. Is this possible / How do I do this?

    Read the article

  • Remotely set VNC service password

    - by FreshCode
    After a Windows update I cannot connect to a Windows Server 2008 machine via RDP. As an alternative, I remotely installed UltraVNC using PsExec. The WinVNC service starts successfully but when I try to connect remotely, I receive the following error message: This server does not have a valid password enabled. Until a password is set, incoming connections cannot be enabled. Since I don't have desktop access to the machine, how do I set the password?

    Read the article

  • Recover a lost IBM DS4300 SAN password?

    - by Daniel
    I have a pair of IBM DS4300 SAN units that I need to perform a firmware upgrade on. Unfortunately the admin passwords on these units have been lost and now need to be reset. I had hoped the default password of 'infiniti' would work but it seems that it must have been changed. I know the method here is to contact IBM but the cost of that phone call is ludicrous if someone out here knows what they're going to tell me to do. These units are out of warranty and the cost of support is beyond what we have the budget for. Is there an interrupt I can enter during the boot process (similar to a cisco password recovery) or is there a hardware/software tool I require? Please, if anyone has ever gone through the process of an IBM password recovery I’m asking for a little help. EDIT: Just to clarify, the password I need to reset is the one used for serial cable access and not for storage manager. Sorry if I have caused more confusion.

    Read the article

  • Wake on Lan password.

    - by user18151
    I have a Windows 7 machine, with Intel 82567LM LAN Card. I am trying to enable Wake on Lan with password. Can somebody please tell me how to set the password for Wake on Lan. I shall be grateful for any pointers/links etc. Thanks. PS. Can someone please suggest a small utility for wake on lan, that supports password.

    Read the article

  • Change password via NetScreen remote

    - by Marcelo Cantos
    I'm using NetScreen remote to VPN from home. I recently changed my password at work, and now my home system keeps complaining, "Windows needs your current credentials to ensure network connectivity." I can't change the cached password for peanuts. I can't find an option in NetScreen remote to connect to the VPN before logging in, as suggested here. How do I change the cached password?

    Read the article

  • Blocking password policy (expiry) for a particular OU in AD

    - by Kip
    Hey SF Folks, Situation is this: I need to have a particular container in my AD environment which blocks password expiry policy, but accepts all other policies. Is this something that would work by simply adding in a GPO at the sub-ou level (the ou in question is a child of ou's where GPO's including password stuff is set). These accounts (and this ou) already exist and will have the default domain policy as well as other policies applied and they should continue to receive policy settings as per those GPO's, with the exception of the Password Expiry. We have tried the password do not expire tickbox and that seems not to have worked. Thanks in advance. Kip

    Read the article

  • Update password for scheduled task

    - by UserXIII
    I have a scheduled task that needs to run as a service account. The service account's password resets every 100 days, so I need to update the password for the scheduled task. I cannot figure out how to do this. When I select "Change User or Group" in the scheduled tasks' properties I get no prompt to update the password. This scheduled task will be deployed on Windows Server 2008 R2 and Windows 7.

    Read the article

  • Password-checking program for webmin

    - by Hubert Kario
    I'm trying to perform password quality checks using pwqcheck (part of passwdq) in webmin. Unfortunately when I set in "Users and Groups" module settings the "External password-checking program" to the same value that works for samba check password script: /usr/bin/pwqcheck -1 I get following error when I try to create a user (named test-user): Failed to save user : pwqcheck: Error parsing parameter "test-user": Invalid parameter So, How do I configure Webmin together with pwqcheck?

    Read the article

  • WebSphere 7 password recovery

    - by heavybytes
    On my local box I have RAD 7.5 and WebSphere 7. When I run the administrative console it asks me for the username/password. I tried all the default password/users combinations wasadmin/wasadmin wasadmin/wsadmin and so on an none of the works. How do I recover my password/username? Thank you very much.

    Read the article

  • Unix Password Management Keyring

    - by Phil
    I am looking for a password manager for a command-line Unix environment. So far all I can find are keyring applications for Windows, Linux, and Mac. But no command-line Unix interfaces. My main goal is to be able to access a password keyring through an SSH connection to a machine that has no graphical user interface. If there are no good unix password keyrings out there, what would be a better way to store personal passwords in a central location?

    Read the article

  • Software to store my password on a crypted file and access it through another password

    - by Fire-Dragon-DoL
    I'm looking for a software that allows me to store some passwords in something like "a text file", access it through a password, read my passwords if required and close it again. I want something really straightforward, double click on file, right click "Add new password", add password, description and close. The file must be really secure, I'll store all my passwords there. I know about some command line solutions but I want my setup to be really fast on reading. Do someone know if such a software exist and can point me in the correct direction? I would like to find it freeware, but I'm ok with some low cost tools too.

    Read the article

  • Firefox's master password does not protect my web accounts

    - by Mehper C. Palavuzlar
    I've set up a master password in Firefox 3.6 but it's not working as I expected. I always save my passwords within Firefox for frequently visited sites like Facebook, Yahoo! mail, Gmail, Twitter etc. and this way I don't have to type in my password every time I open that site. When I open Firefox, it asks for the master password but when I click Cancel, it opens normally, and lets me directly in my Facebook page, or Yahoo! Mail page. Why doesn't it protect my accounts? This way, anyone using my computer can see my accounts and it's totally pointless for me to use this master password. How can I protect my accounts with saved passwords in Firefox?

    Read the article

  • BIOS password and hardware clock problems

    - by Slartibartfast
    I have HP 6730b lap top. I've bought it used and installed (Gentoo) linux on it. BIOS is protected with password, and guy I bought it from said "I've tweaked BIOS from Windows program, it never asked me for password". I've tried to erase password by removing battery, but it's still there. What did get erased obviously is hw clock. This is what hapends: a) I can leave lap top in January 1980 and it works b) I can correct system time, but boot wil fail with "superblock mount time in future" from where I need to manually do fsck and continue boot c) I can correct system time and sync it with hwclock -w but than it will behave as b) and it will reset BIOS time to 1.1.1980 00:00 So I need either a way to bypass a BIOS password (wich after lot of googling seems impossible),a way to persist a clock, or a setup that will enable hw clock in eighties, system clock in present time and normal boot.

    Read the article

  • Password Won't Work after Crash

    - by Jack Cornell
    My Win 7 computer locked up, so I shut it down (holding down the power button till it shut off). Logging back on, I got an error message that it couldn't load my profile (like I'm entering the wrong password). I logged on the guest account, but can't change anything because it won't accept my password. Is this a serious problem or do I just need to reset the password with one of the options available on your site?

    Read the article

  • KeePass lost password and/or corruption due to Dropbox/KeePassX

    - by GummiV
    I started using Keepass about a month ago to hold my passwords and online accounts info. Everything was stored in a single .kdb file, only protected with a password. I'm using Windows 7. Now Keepass can't open my .kdb file with the error "Invalid/wrong key". I'm fairly confident I have the right password. Altough I might have mixed up a few letters I've tried about two dozen different combinations to minimize that possibility - but can't rule it out though. My guess is however that the .kdb file got corrupted, either due to Dropbox syncing (only using it on one computer though) or because I edited the file using KeePassX on Ubuntu (dual boot on the same computer, accessing a mounted Win7 NTFS partition), or possibly a combination of both. I have tried restoring older versions(even the original one) from Dropbox and trying out all possible passwords without any luck. (which does seem to rule out KeePassX as the culprit, since oldest copies are before I edited the file from Ubuntu) I have tried opening the file with the "Repair KeePass Database file" which always gives the "0xA Invalid/corrupt file structure" (the same error for when a wrong password is typed). I was wondering if there was any way for me to salvage my hard-gathered data. I know generally that brute force cracking is not feasible, but since I can remember probably more than half of the usernames/passwords, any maybe the fact that one of them does come up fairly often (my go-to pass for trivial stuff), that might simplify the brute force process to a doable time frame. Maybe the brute-force thing might incorporate the fact that I know the password length and what characters it's made from. (If we assume corruption, not a password-blackout on my part) I could do some programming if there are any libraries or routines that I could use. Other people seem to have had a similar probem http://forums.dropbox.com/topic.php?id=6199 http://forums.dropbox.com/topic.php?id=9139 http://www.keepassx.org/forum/viewtopic.php?t=1967&f=1 So hopefully this question will become a suitible resource for people when searching the web. Feel free to tell me if you think this should rather be a community wiki.

    Read the article

  • password protect apache user directory using system passwords

    - by Jeff
    I have set up Apache to check user passwords using these modules: LoadModule authz_user_module modules/mod_authz_user.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule auth_basic_module modules/mod_auth_basic.so However, these modules require me to manually add everyone to a new password file (which requires every user to type in their password). Is there a way to have Apache check the system passwords, so that anyone who can ssh can use the same password for web login?

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >