75 users online (1 members and 74 guests)  


  Results 1 to 11 of 11

Related

  1. password protection    Forum: Javascript Forum
    Replies: 2
  2. Replies: 1
  3. log in and password code    Forum: Website Scripts Forum
    Replies: 7
  1. #1
    Lars's Avatar
    New User

    Status
    Offline
    Join Date
    Nov 2004
    Location
    New York City
    Posts
    5

    Booted because site objected to my password

    I wonder if you've ever heard of a situation like this... I registered for free access to a website. The next day my registration was no longer valid. I sent an email to customer service ("cs").

    It turns out "cs" (I assume the site owner) was offended by my password. Not my user name, my password! He/she ended their email "get lost".

    Granted, my password *was* offensive, but I wrongly assumed it was private.

    What are your thoughts on this? Of course I'll never go back to that site, but part of me is itching to bust the guy for unethical behavior.

    Any guidance would be appreciated. Thanks.
    Last edited by Lars; 11-02-2004 at 02:29 PM.

  2. #2
    QuietDean's Avatar
    Administrator

    Status
    Offline
    Join Date
    Oct 2000
    Location
    Bournemouth, UK
    Posts
    2,662
    To be honest, if its for a free service then there is not much you can do. Have you checked the Terms Of Service?
    If one of our members helps you, please click the icon to add to their reputation!
    No support via email or private message - use the forums!
    Before you ask, have you Searched?

  3. #3
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    Count your blessings!! It is better than being a member and not knowing the idiot is watching your passwords.

    Dave

  4. #4
    Lars's Avatar
    New User

    Status
    Offline
    Join Date
    Nov 2004
    Location
    New York City
    Posts
    5
    Thanks, yes, I'm glad to be away from that site.

    I guess my real question is whether anyone here -- any of you webmaster-types -- have access to people's passwords, and/or look at them?

    In my organization, no one looks at passwords. Ever. If a user forgets a password, for example, we don't ever re-send it -- we just delete it and send them a random, temporary new one. They then log on and change the password to whatever they want.

  5. #5
    QuietDean's Avatar
    Administrator

    Status
    Offline
    Join Date
    Oct 2000
    Location
    Bournemouth, UK
    Posts
    2,662
    If I have to store a password, it gets md5 hashed. One-way only.
    If one of our members helps you, please click the icon to add to their reputation!
    No support via email or private message - use the forums!
    Before you ask, have you Searched?

  6. #6
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    In VBulletin 3 the passwords are md5 hashed.

  7. #7
    Rincewind's Avatar
    New User

    Status
    Offline
    Join Date
    Nov 2004
    Posts
    4
    Most sites should encrypt passwords for storage. However, many sites are built by people with little or no knowledge of security. Even though vb3 uses md5 to encrypt the pass, it wouldn't take long to un encrypt the password give that you know how it was encrypted in the first place.

    I am often worried about username and passwords. Many people, out of habbit, use the same password on everything they do. Wither it's a forum or their bank account. This is very bad practice. Also few sites use an ssl (even a self signed ssl) for the login. Though even when they do, there is no gaurantee that your details are stored properly once they are on the server. As far as you know you credit card and personal info could be printed hardcopy and sitting in someones filing cabnet.

    I hope you are now changing your passwords cause now i know it's a rude word it wouldn't take me long to crack your login. It's not like there are that many rude words to try out.

  8. #8
    QuietDean's Avatar
    Administrator

    Status
    Offline
    Join Date
    Oct 2000
    Location
    Bournemouth, UK
    Posts
    2,662
    A hash (like md5) is not the same as encryption. A hash is one-way only, and cannot be de-crypted. It can, however, be 'brute-forced' but this obviously takes a long long time.

    Encryption is useful for things like emails and documents. Passwords should be hashed.
    If one of our members helps you, please click the icon to add to their reputation!
    No support via email or private message - use the forums!
    Before you ask, have you Searched?

  9. #9
    orisma's Avatar
    Junior Member

    Status
    Offline
    Join Date
    Jun 2004
    Location
    london, England
    Posts
    34

    How should people stored there passwords

    HI

    I was wondering if anyone had any thought on the methods of storing passwords should people just use an office supply that they can easily remember but is easy for hackers ect to just guess, or should be have very complicated passwords but write them down and risk the consequences if our home is broken into or use one of these "store your password safely on your pc programs" i even think norton make one of these programs, but just what if someone somehow got into this data ... then what so I ask how should people store there password

    (I no this isnt exactly html but is to do with web hosing passwords ect and is very related the other posts in this thread)

    Thanks orisma

  10. #10
    Enchantress's Avatar
    Junior Member

    Status
    Offline
    Join Date
    Mar 2005
    Location
    Ontario, Canada
    Posts
    26

    Re: Booted because site objected to my password!

    Quote Originally Posted by Rincewind
    Though even when they do, there is no gaurantee that your details are stored properly once they are on the server. As far as you know you credit card and personal info could be printed hardcopy and sitting in someones filing cabnet.
    I used to work for a very well-known and well-respected
    fortune-500 company, that handled telecommunications.
    I was in a fairly sensitive department (this was a few years ago), and we used to handle credit card numbers, and addresses. These were printed out daily in large quantities and attached with one big looseleaf binder ring.
    I and others, would have to go over them and sign each one in addition to a heavy workload. It was impossible to get through them all, so we were instructed to "just leave them on the window-sill". They just kept piling up over the months, until they were stacked at least knee high all over the floor.
    This was a room that was not locked.
    No, I would not assume that my information is very safe.

  11. #11
    Kabu's Avatar
    New User

    Status
    Offline
    Join Date
    Feb 2007
    Location
    California
    Posts
    10

    Re: Booted because site objected to my password!

    Not in a million years would I go back to that site!

    Anything that can be seen by the entire forum should be moderated, like your user name, where you live, etc.. A password is private and should not be known by anyone, even a supermod.

    I'm a mod at another forum and cannot see anyone's password, nor can my "boss" see mine. By the way, it is a vBulletin as well



Tags for this Thread