meester wrote: »
Speaking of risky behaviour, Martin could equally well post three passwords of three users of this site. He and an unknown number of people would be able to access this information and use it to access other sites, obvious examples would be ebay, paypal, amazon. I'm not saying that Martin or any of the people that have access to the MSE database are untrustworthy, but people sign up to lots of sites using the same password. Any of them could turn out to have a rogue employee, and it's easy to use this data to hack into paypal etc. (a process which can be automated on grand scale).
HobbesUK wrote: »
Password security is certainly a very important issue, and it is always wise to have a different password for each website you use. However, just as an aside, it is fairly likely that the passwords on this forum (as with almost all websites now) are encrypted by the forum software so that neither Martin, the builders on the forum, nor yourself can actually view them. This is why you often have to "reset" a password entirely if you have forgotten it, or have it sent via email to you. If your password is discovered, it is most likely because a) it was too easy to guess b) it was entered onto a fake/phishing site (i.e. a site linked to from an email that looks and pretends to be your bank's website and asks for security information, but is actually just a means to get hold of your passwords) or c) was picked up by a keylogger held within a virus on your computer system.
Most user databases hold passwords in an encrypted form, so that they cannot be viewed as simply as you may think.
meester wrote: »
Speaking of risky behaviour, Martin could equally well post three passwords of three users of this site
redfred wrote: »
With respect to websites and passwords you really should use different passwords for each site.
JimmyTheWig wrote: »
While I can see the point in this, how many passwords would that entail? I can think of a dozen, at least.
How could you possibly remember all of these passwords, and which password goes with which site? I think you'd end up with a written list (which a lot of people do in workplaces where IT insist on "difficult" passwords) which is much more dangerous.
I think a better solution is to treat a password like you do a toothbrush - change it regularly and don't share it with anyone!
billbennett wrote: »
No he couldn't...
1) He probably doesn't have direct access to the SQL database in question,
2) The MSE forums run on VBulletin, which MD5-Hashes everyone's passwords on registration.
Here’s how to extend them
They’re normally £10
Have any suggestions for this Forumite?