1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. We've had very few donations over the year. I'm going to be short soon as some personal things are keeping me from putting up the money. If you have something small to contribute it's greatly appreciated. Please put your screen name as well so that I can give you credit. Click here: Donations
    Dismiss Notice

Is there a good password holder program out there?

Discussion in 'Tilted Gear' started by Freetofly, Jul 15, 2013.

  1. On a related subject, the entire concept of passwords is being debated today. And probably replaced at some point in the future. I am a consultant to banks on technology. There's been plenty written in trade journals regarding passwords and how easily they can be compromised. Not the authentication system, but the human the password belongs to. As password requirements become stronger, they are less likely to be remembered by anyone. Hence this thread.

    Here's a good article that sums up the issues.
    BBC - Future - Technology - Time to forget your online passwords?
     
  2. skitto

    skitto Harmonic chaos redundancy limiter

    Location:
    Deschutes, Oregon
    Thaat is as low tech as it gets, my friends.

    But yeah, just don't lose the paper. Put it in your wall safe, lol.
    --- merged: Aug 16, 2013 at 8:00 PM ---
    Again, I didn't read so don't know if anyone has brought up this unique side-topic, it's related to what Craven brought up:

    The Obama administration has evidently requested a database be compiled in HLS of every password entered into every website based in the U.S., or dealing with U.S. citizens.

    Great spirit of cooperation they have, that's what I say. ;) I say we use ours to legally bind them from collecting that information.
     
    Last edited by a moderator: Aug 23, 2013
  3. martian

    martian Server Monkey Staff Member

    Location:
    Mars

    Got a source? That sounds like scaremongering Facebook copypasta to me.

    Won't do them a hell of a lot of good even if it is true -- any properly designed site doesn't store the passwords in a retrievable format. I can't look up your TFP password if I wanted to, because we don't have it.
     
    • Like Like x 1
  4. the_jazz

    the_jazz Accused old lady puncher

    No, they haven't. And as Martian said, that's pretty much impossible. Not to mention an incredibly inefficient use of resources. I call bullshit just for the fact that it would be an incredibly dumb idea.
     
    • Like Like x 1
  5. Sure. They can have it. From what I understand, any self-respecting website is salting and encrypting their passwords in the databases they're being stored in, so if the government wants to divert it's attention from... whatever it's doing... to trying to crack billions of salted passwords, I say let them try.

    ...

    Even if this is Facebookmongering, it's still something that doesn't (or wouldn't) surprise me. The reason for which is something that should be discussed in another section of this site.
    Either way, it's still just sad.
     
  6. the_jazz

    the_jazz Accused old lady puncher

    Outrageous claims call for at least some sort of proof, especially when there's no source at all cited. So I'm just going to chalk this up as further proof of my theorem that people are stupid and will believe anything if said with enough energy.
     
    • Like Like x 1
  7. ^ I'll believe that.

    proof
     
    • Like Like x 1
  8. skitto

    skitto Harmonic chaos redundancy limiter

    Location:
    Deschutes, Oregon
    Well, maybe it's just web 2.0 sites with charters and legal teams.
    --- merged: Aug 19, 2013 at 2:55 AM ---
    I thought it was prevalent in the media, but then again, I am idealistic.

    Here's some credible sources:
    Feds tell Web firms to turn over user account passwords | Politics and Law - CNET News
    "A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies 'really heavily scrutinize' these requests, the person said. 'There's a lot of 'over my dead body.' '
    Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts"

    A lot of contacts are cited from the CNET source a lot of the big companies actually said they "never" did, would, or did without legal requirements give the passwords, encryptions, or algorithms, but this caught my eye:

    "Apple, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users' passwords and how they would respond to them."


    That is, however, the only source I'd consider credible with the whole media state our country has become over the last few decades.
     
    Last edited by a moderator: Aug 26, 2013
  9. the_jazz

    the_jazz Accused old lady puncher

    skitto, you realize that there is a huge difference between what you're citing and what you're claiming, right? The article you cited is about requests for specific individual's passwords. You're claiming that the US government is after all the passwords from all the websites. There is a huge difference.
     
  10. skitto

    skitto Harmonic chaos redundancy limiter

    Location:
    Deschutes, Oregon
    I'm he citation said there were requests on the encryption, that counts.

    But we're now off topic, sorry.