|
You are right, I am supposed to say 'they are doing it'
I do not fear of failure. I fear of giving up out of frustration.
|
|
|
|
|
KarstenK wrote: when one database is stolen the attackers can try to use the data on multiple services.
Reputable services do not keep passwords in a database - just a salted hash.
|
|
|
|
|
There are certain things you ask, and certain things you don't. This survey classifies as one of those things you don't.
|
|
|
|
|
I'd say it's not: it's a wake up call to those who voted "I use insecure passwords".
It's the same as publicising Bobby Tables[^] - I'd make T-shirts explaining how to do it and give them away for free if I could afford it.
If you don't think about password security - or SQL Injection - you don't do anything about it. And if this survey persuades one person to think about it, and change their behavior then it's a good thing
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Ok... so here is my argument. Lets say that The Code Project is like every other scum of the earth company and they are into selling people's information to other companies or hackers or whatever. Now imagine them having the user's password and a answer of a forum he voted in where he states he never changes his password and uses the same for all accounts.... they have his password and they have his account password behaviour... they also have his email address where code project sends there daily news to. What more do they require.
Ok, ok... lets say they are not scum... (e.g. they're a free site for all who makes no money whatsoever and who pays their employees from the billions they've inherited from their rich parents and never have to work for the rest of their life but they do coz they just love the world and its people so much)... what happens if they get hacked and the hacker stumbles across this information?
|
|
|
|
|
So the sooner they find out that it's a dangerous procedure, the better no? Before they come across a "bad" site, or a hacked one?
If there is nothing to say "you did this wrong", how will they know until it is too late?
This survey adds no risk: emails aren't shared as a matter of course, and the site owners don't know your password - it's salted and hashed rather than encrypted, just as it should be - so there is no risk added by this survey.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I get your point... and the point of this survey. Which is awareness maybe. But I don't know the owner from a bar of soap. The things you claim happens on the security side is hear say.
My point is that, One: it is ignorant to share information about one's password. Two: It is not a question that should be asked.
That is just my opinion in any case. You can agree or disagree. I do feel however that your opinion might be bias as you work for Code Project.
|
|
|
|
|
R. Erasmus wrote: I do feel however that your opinion might be bias as you work for Code Project.
Then Chris has been very remiss with the wage cheques - I better have a word with him...
I'm just a member, like you - I do not now, and have never have worked for CodeProject. My opinions are my own, and do not necessarily reflect those of the website or it's owners. All I have received from CP in the eight years I've been here is a T shirt, a laptop case (I don't have a lappie), and a couple of Bob stickers. And a lot of knowledge. Loads of that!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
lol, ok. My bad... you can't blame me for that mistake though.
|
|
|
|
|
OriginalGriff wrote: ...All I have received from CP in the eight years I've been here is a T shirt, a laptop case (I don't have a lappie), and a couple of Bob stickers. And a lot of knowledge. Loads of that!
And the points. Don't forget the rep points.
I'm retired. There's a nap for that...
- Harvey
|
|
|
|
|
They are virtual: what the hamsters giveth, the hamsters can taketh away.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
About 100 to 200 people out of 12.955.118 people vote on average and the vote is anonymous.
As a regular I can guess about 10 to 20 people who probably voted, but I still don't know what they voted.
I'd say voting in this survey is pretty safe
I always use the same password, 123456, for all my accounts by the way.
Would be fun if other people let us know what they did as well so we can learn from each other
|
|
|
|
|
Damit!!! you stole my password
|
|
|
|
|
Sander Rossel wrote: I always use the same password, 123456
The same combination you use for your luggage?
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
For luggage, it is just 123!
|
|
|
|
|
Quote: That's the stupidest combination I've ever heard of in my life! That's the kinda thing an idiot would have on his luggage!
* CALL APOGEE, SAY AARDWOLF
* GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
* Never pay more than 20 bucks for a computer game.
* I'm a puny punmaker.
|
|
|
|
|
+5 for the Spaceballs quote
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
Quote: I always use the same password, 123456 Hah! That is so insecure! I always use 123457; that last digit totally freaks out those trying to guess it.
- I would love to change the world, but they won’t give me the source code.
|
|
|
|
|
Definitely one not to answer. (I won't.)
|
|
|
|
|
Agreed...
It's a huge security risk & Code-project didn't understand it. This pole should be removed asap. Also the associate data.
|
|
|
|
|
This survey is no more a risk than a question asking which month your BDay is in.
Which reminds me: @chris-maunder, that needs to be the next weekly poll / question (which month is our BDay...)
Mine is JanFebAugDec, depending upon how necessary the security of the info is.
|
|
|
|
|
@DavidCunninghamm and I were joking that we should have a survey "what's the name of your first pet", "Who was your favourite teacher in high school" etc
cheers
Chris Maunder
|
|
|
|
|
... and they are GUID based, but I have a simple, easily remembered "throwaway" password I use for sites I'm not planning on re-visiting and that get little or no real info (most of these get a throwaway email such as mailinator as well).
Then I have an encrypted password store to manage them - and that uses a strong password that isn't used anywhere else.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|