Jump to content


Welcome to DBSTalk


Sign In 

Create Account
Welcome to DBSTalk. Our community covers all aspects of video delivery solutions including: Direct Broadcast Satellite (DBS), Cable Television, and Internet Protocol Television (IPTV). We also have forums to discuss popular television programs, home theater equipment, and internet streaming service providers. Members of our community include experts who can help you solve technical problems, industry professionals, company representatives, and novices who are here to learn.

Like most online communities you must register to view or post in our community. Sign-up is a free and simple process that requires minimal information. Be a part of our community by signing in or creating an account. The Digital Bit Stream starts here!
  • Reply to existing topics or start a discussion of your own
  • Subscribe to topics and forums and get email updates
  • Send private personal messages (PM) to other forum members
  • Customize your profile page and make new friends
 
Guest Message by DevFuse

Photo

Most common passwords 2012


  • Please log in to reply
58 replies to this topic

#26 OFFLINE   RunnerFL

RunnerFL

    Hall Of Fame

  • DBSTalk Club
  • 16,224 posts
Joined: Jan 04, 2006

Posted 24 October 2012 - 04:55 PM

Very true. Fortunately more and more sites are defaulting to https, especially after Firesheep. Unfortunately, it means nothing for how they actually store your password.


I can't speak for other packages but I know Apache comes with a self-signed cert. Too many people are happy enough just using that and people who come to their site think that's safe enough. :(

I use namecheap.com and get a $10 a year cert for my personal domains and I don't even collect people's info.
THIS SPACE FOR RENT

...Ads Help To Support This Site...

#27 OFFLINE   dennisj00

dennisj00

    Hall Of Fame

  • DBSTalk Club
  • 9,228 posts
  • LocationLake Norman, NC
Joined: Sep 27, 2007

Posted 24 October 2012 - 05:46 PM

I would expect anyone collecting financial information of any kind to have a valid SSL cert.

However, how they store your password and keep it away from hackers is a different story these days. Never use the same login with the same password for critical sites.

Spending to stimulate the economy as fast as the credit cards will allow!

My Setup / Weather at Lake Norman!/ Boathouse BEES
DLB, MRV, nomad, HDGUI are HERE! . . . We're DONE!


#28 OFFLINE   spartanstew

spartanstew

    Dry as a bone

  • Registered
  • 12,526 posts
  • LocationWylie, Texas
Joined: Nov 16, 2005

Posted 24 October 2012 - 06:06 PM

For a site like this, it's easy. I use the same password for all of my forums. Right now it's an unusual, probably not in the dictionary, word but it was a common five letter word for over a decade.


Bosco?

I'm sure Directv can't wait to get their hands on your unit.

 
Directv customer since 2000

#29 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 14,171 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 24 October 2012 - 06:13 PM

I would expect anyone collecting financial information of any kind to have a valid SSL cert.

However, how they store your password and keep it away from hackers is a different story these days. Never use the same login with the same password for critical sites.


Unfortunately some companies etc are just cheap. I've seen many times, security is not taken seriously until a breach, and sometimes not even then. Or they take it seriously for 6 months etc, then back to the old ways.

#30 OFFLINE   dennisj00

dennisj00

    Hall Of Fame

  • DBSTalk Club
  • 9,228 posts
  • LocationLake Norman, NC
Joined: Sep 27, 2007

Posted 24 October 2012 - 06:37 PM

I don't bank or buy from those companies. . .

Spending to stimulate the economy as fast as the credit cards will allow!

My Setup / Weather at Lake Norman!/ Boathouse BEES
DLB, MRV, nomad, HDGUI are HERE! . . . We're DONE!


#31 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 14,171 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 24 October 2012 - 06:56 PM

But you don't know. Sure they may have a valid signed ssl cert. You have no idea how its stored, some sort of breach due to lax security.

How long was it before B&N realized they had credit card machines tampered with?

#32 OFFLINE   Drucifer

Drucifer

    Hall Of Fame

  • Registered
  • 8,491 posts
  • LocationNY Hudson Valley
Joined: Feb 12, 2009

Posted 24 October 2012 - 07:05 PM

I have a method for remembering different PW for different sites by matching up the initials of the site with initials of relatives in my family tree and using a date of importance to that relative.

It does help being the family genealogist.

DREW
Do it Right, Do it Once
LR: HR34-7, Bsm: HR24-1, Den HR24-2, MB: HR24-5, Kit: H25-5
PrimeStar '95, DirecTV  '00


#33 OFFLINE   Davenlr

Davenlr

    Geek til I die

  • Registered
  • 9,090 posts
Joined: Sep 16, 2006

Posted 24 October 2012 - 07:53 PM

All this about security, and the banks only allow a 4 number pin...go figure.

Tivo Premier XL4, Tivo Premier, Tivo HD whole home on Xfinity HD, DirecTv Whole Home with 39" high gain KaKu dish, Roku3,SageTv 8 TB Win8 Server -> DVDO Edge-> Denon AVR, Klipsch KB15's/Panasonic 55ST60 plasma"


#34 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 14,171 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 24 October 2012 - 08:51 PM

All this about security, and the banks only allow a 4 number pin...go figure.


The story goes that the inventor was going to use a 6 digit number, but his wife said she could only remember 4.

#35 OFFLINE   RunnerFL

RunnerFL

    Hall Of Fame

  • DBSTalk Club
  • 16,224 posts
Joined: Jan 04, 2006

Posted 24 October 2012 - 09:52 PM

I would expect anyone collecting financial information of any kind to have a valid SSL cert.


You would expect it but it isn't always that way.
THIS SPACE FOR RENT

#36 ONLINE   yosoyellobo

yosoyellobo

    Icon

  • Registered
  • 2,187 posts
  • LocationJacksonville Fl
Joined: Nov 01, 2006

Posted 16 November 2012 - 10:34 PM

I was wondering what was the most secure password that could use and not have any trouble remembering. I come up with this.

Thereare45lettersand1specialcharactorsinmypassword@

According to howsecureismypassword.net

It would take a desktop PC about 3 septendecillion years to crack your password.

Damm now I have to change it.:)

#37 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 14,171 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 17 November 2012 - 08:55 AM

But most sites wouldn't let you use it. That's the real issue. We need all sites to get rid of their max length and allow all special characters.

#38 OFFLINE   wilbur_the_goose

wilbur_the_goose

    Hall Of Fame

  • Registered
  • 4,426 posts
Joined: Aug 16, 2006

Posted 17 November 2012 - 09:30 AM

passwords will be ancient history in 10 years. Biometrics will rule the day.

Three factor authentication will be commonplace.

#39 ONLINE   yosoyellobo

yosoyellobo

    Icon

  • Registered
  • 2,187 posts
  • LocationJacksonville Fl
Joined: Nov 01, 2006

Posted 17 November 2012 - 10:07 AM

passwords will be ancient history in 10 years. Biometrics will rule the day.

Three factor authentication will be commonplace.


Until we get to the quantum computer age.

#40 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 14,171 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 17 November 2012 - 11:31 AM

passwords will be ancient history in 10 years. Biometrics will rule the day.

Three factor authentication will be commonplace.


Just hoping its good biometric security, not like we got with UPEK. But I don't see that becoming common with online accounts. Maybe OpenID or Steve Kirsch's OneID, but having it controlled by one company is problematic. Liked his mouse though.

Edited by dpeters11, 17 November 2012 - 03:30 PM.


#41 OFFLINE   djlong

djlong

    Hall Of Fame

  • Registered
  • 4,273 posts
  • LocationNew Hampshire
Joined: Jul 08, 2002

Posted 17 November 2012 - 05:50 PM

Any site that lets a 'bot slam an account for a million tries without shutting it off is NOT a secure site.

#42 OFFLINE   AntAltMike

AntAltMike

    Hall Of Fame

  • Registered
  • 3,152 posts
  • LocationCollege Park MD (just outside Wash, DC)
Joined: Nov 20, 2004

Posted 16 January 2014 - 08:36 PM

It was just reported on Russia Today that, until 1977, the passcode to launch United States nuclear missles was 00000000.



#43 OFFLINE   AntAltMike

AntAltMike

    Hall Of Fame

  • Registered
  • 3,152 posts
  • LocationCollege Park MD (just outside Wash, DC)
Joined: Nov 20, 2004

Posted 16 January 2014 - 08:50 PM

It must be true.  it's on the internet.

http://gizmodo.com/f...n-si-1473483587

For 20 Years the Nuclear Launch Code at US Minuteman Silos Was 00000000
197u0mkeaf3x0jpg.jpg

Today I found out that during the height of the Cold War, the US military put such an emphasis on a rapid response to an attack on American soil, that to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes.

We guess the first thing we need to address is how this even came to be in the first place. Well, in 1962 JFK signed the National Security Action Memorandum 160, which was supposed to ensure that every nuclear weapon the US had be fitted with a Permissive Action Link (PAL), basically a small device that ensured that the missile could only be launched with the right code and with the right authority.

There was particularly a concern that the nuclear missiles the United States had stationed in other countries, some of which with somewhat unstable leadership, could potentially be seized by those governments and launched. With the PAL system, this became much less of a problem....

To give you an idea of how secure the PAL system was at this time, bypassing one was once described as being "about as complex as performing a tonsillectomy while entering the patient from the wrong end." This system was supposed to be essentially hot-wire proof, making sure only people with the correct codes could activate the nuclear weapons and launch the missiles.

However, though the devices were supposed to be fitted on every nuclear missile after JFK issued his memorandum, the military continually dragged its heels on the matter. In fact, it was noted that a full 20 years after JFK had order PALs be fitted to every nuclear device, half of the missiles in Europe were still protected by simple mechanical locks. Most that did have the new system in place weren't even activated until 1977.

Those in the U.S. that had been fitted with the devices, such as ones in the Minuteman Silos, were installed under the close scrutiny of Robert McNamara, JFK's Secretary of Defence. However, The Strategic Air Command greatly resented McNamara's presence and almost as soon as he left, the code to launch the missile's, all 50 of them, was set to 00000000.

Oh, and in case you actually did forget the code, it was handily written down on a checklist handed out to the soldiers. As Dr. Bruce G. Blair, who was once a Minuteman launch officer, stated:....

This ensured that there was no need to wait for Presidential confirmation that would have just wasted valuable Russian nuking time. To be fair, there was also the possibility that command centers or communication lines could be wiped out, so having a bunch of nuclear missiles sitting around un-launchable because nobody had the code was seen as a greater risk by the military brass than a few soldiers simply deciding to launch the missiles without proper authorization.

Dr. Blair, whose resume to date is far to long to write out here, is the one who broke this "8 zeros" news to the world in his 2004 article "Keeping Presidents in the Nuclear Dark." He also outlined the significant disconnect between the nation's elected leaders and the military when it came to nuclear weapons during the Cold War....


Edited by AntAltMike, 16 January 2014 - 08:51 PM.


#44 OFFLINE   AntAltMike

AntAltMike

    Hall Of Fame

  • Registered
  • 3,152 posts
  • LocationCollege Park MD (just outside Wash, DC)
Joined: Nov 20, 2004

Posted 16 January 2014 - 08:56 PM

The source report that the world ignored was published on February 11, 2004.  http://web.archive.o...ction-links.cfm



#45 ONLINE   yosoyellobo

yosoyellobo

    Icon

  • Registered
  • 2,187 posts
  • LocationJacksonville Fl
Joined: Nov 01, 2006

Posted 16 January 2014 - 09:05 PM

At least it was not 12345.

#46 OFFLINE   carl6

carl6

    Hall Of Fame

  • Moderators
  • 11,608 posts
  • LocationSeattle, WA
Joined: Nov 15, 2005

Posted 16 January 2014 - 11:54 PM

Having worked with quite a few nuclear weapons in that time frame, some with and some without Permissive Action Link locks, I will assure you that at least part of that report is not accurate. Other parts I do not have first hand knowledge of to comment on, other than to seriously doubt the validity or accuracy of the report.



#47 OFFLINE   AntAltMike

AntAltMike

    Hall Of Fame

  • Registered
  • 3,152 posts
  • LocationCollege Park MD (just outside Wash, DC)
Joined: Nov 20, 2004

Posted 17 January 2014 - 03:30 AM

At least it was not 12345.

I remember back when vanity plates were uncommon, and a university professor I was with noticed the license plate of the car in front of us, 0 2 4 6 8 0, and said "Look at that!  If it wasn't for the "6", they'd be in a pattern."



#48 ONLINE   Laxguy

Laxguy

    Never say 'never'.

  • DBSTalk Club
  • 14,649 posts
  • LocationWinters, CA, between Napa and Sacramento
Joined: Dec 02, 2010

Posted 17 January 2014 - 09:40 PM

My password strength varies by the site.

My bank ones? Capitals, lower case letters, symbols and numbers. And long. Long is the best bet.

But, but, that's only four letters!


"Laxguy" means a guy who loves lacrosse.

#49 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 14,171 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 17 January 2014 - 10:02 PM

I think Fidelity's password policy is the worst I've ever seen. Even to log in online, it's all based on a phone compatible password. So for the letter b in a password, the system will accept a,b, c or the number 2. And of course it's case insensitive.



#50 OFFLINE   dennisj00

dennisj00

    Hall Of Fame

  • DBSTalk Club
  • 9,228 posts
  • LocationLake Norman, NC
Joined: Sep 27, 2007

Posted 18 January 2014 - 07:49 AM

But you're always behind a https page even before you login with Fidelity and most banks.(all banks that I use)


Spending to stimulate the economy as fast as the credit cards will allow!

My Setup / Weather at Lake Norman!/ Boathouse BEES
DLB, MRV, nomad, HDGUI are HERE! . . . We're DONE!





Protected By... spam firewall...And...