|
On August 13 2011 05:28 Badboyrune wrote: I find it absolutely mind boggling that people still store passwords in plain text. Are there any reasons for not encrypting passwords more than sheer laziness (even that is not a valid reason due to the easiness of encrypting passwords)? I just don't understand why you would ever set it up like that, still it seems to not be very uncommon even among big companies. Should be bloody common after SONY got hacked, thought that would make nearly everyone think twice about security.
|
On August 13 2011 03:28 EtohEtoh wrote:Show nested quote +On August 13 2011 03:26 ArnaudF wrote:On August 13 2011 03:24 R1CH wrote: Someone just pointed out that the exploit through which this information was gained may still exist, so you may want to hold off changing passwords until GomTV confirm it is safe. And I read this just after I changed my password xd same lol
Same. -__-
|
On August 13 2011 05:29 vyyye wrote:Show nested quote +On August 13 2011 05:28 Badboyrune wrote: I find it absolutely mind boggling that people still store passwords in plain text. Are there any reasons for not encrypting passwords more than sheer laziness (even that is not a valid reason due to the easiness of encrypting passwords)? I just don't understand why you would ever set it up like that, still it seems to not be very uncommon even among big companies. Should be bloody common after SONY got hacked, thought that would make nearly everyone think twice about security. Sadly many companies think exactly twice about security. They think about it once when they are designing their system then when they get the bill they think twice about having security.
|
Changed my PayPal password just to be safe. Glad I have non funds on there but my credit card is linked. No recent transaction history so looks like I'm safe.
|
Korean teams withdraw from NASL > Gom compromised...
/tinfoil hat
|
<3 r1ch for keepass, making my life so much easier :D
|
|
I use my real full name as my login, and social security number + credit card number as my password.
|
Thanks for the advice, just finished changing some passwords. I'll trust R1CH and get that keepass thing ... don't disappoint me, please. :p
|
On August 13 2011 05:38 FallDownMarigold wrote:I use my real full name as my login, and social security number + credit card number as my password. And I thought Login : Password was the dumbest login/pass combo, holy shit.
|
On August 13 2011 05:39 vyyye wrote:Show nested quote +On August 13 2011 05:38 FallDownMarigold wrote:I use my real full name as my login, and social security number + credit card number as my password. And I thought Login : Password was the dumbest login/pass combo, holy shit. Sadly I have to agree :/
|
On August 13 2011 05:26 ravemir wrote: But tell me this, if you want to adjust the iterations, won't you have to re-calculate every password for each user? Most systems store the algorithm and settings with the password hash and salt. For example, if your password hash is $2a$10$WyJ.NSYEmLixexXspQyoEOVYGK55cDjQd2cZedBN4t9.., the 2a identifies the algorithm (blowfish) and the 10 identifies the iterations (2^10). So if suddenly PCs become 100x faster I can just increase the 10 in our config and all new passwords become more secure, and old passwords are upgraded on successful logon.
|
I am so glad I took the lazy way out and just used my facebook.
|
|
I guess I will use FB/Twitter on Gom to login from now on... who would've thought that using those makes you safer? Hahah.
In any case, changed my pw's already to the more important things I'm aware of. Email is already a unique pw and paypal requires a security token generator so I'm covered.
|
I knew it, YellOw is a KeSPA spy.
|
Reading the bcrypt article made me laugh, every single way we encrypt our data at work appears in the 'DO NOT USE' list. md5, SHA and Salts.
|
you serious GOM? this shit got me so frustrated. had to change a lot of my passwords because of this, and that process is such a bitch.
|
Laziness ftw. Thank god I never bothered to change the original password they handed out when I created my account, since I certainly do use the same for all my accounts o.O
|
Great scott! Sound the alarms!
|
|
|
|