Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Mad Scientist
18695 posts

Uber Geek
+1 received by user: 2379

Trusted
Lifetime subscriber

Topic # 151670 1-Sep-2014 18:25
Send private message

I have had a few of these shockers in the past but the latest one was mindboggling. Registered at the ODT website and they emailed me this


Thank you for registering at Otago Daily Times Online News. You may now log in to http://www.odt.co.nz/user using the following username and password:
username: xxx
password: yyy

You may also log in by clicking on this link or copying and pasting it in your browser:  This is a one-time login, so it can be used only once. After logging in, you will be redirected to  so you can change your password. Kind Regards,
The ODT Online Team


ok ... this was obvious, as they don't have a delete account button I changed my password to yourpasswordiss#it and to an email that doesn't exist and never log in again

but is there a way to tell if they don't do this to warn you?

Create new topic
What does this tag do
960 posts

Ultimate Geek
+1 received by user: 194

Subscriber

  Reply # 1119832 1-Sep-2014 18:48
Send private message

I can't think of any way you could tell no, even if they were encrypting it unless they are salting it correctly etc it would mean nothing anyway.
Did they email you the password you registered with, or a temporary password? (I'm guessing the password you put in).

Only way is to use LastPass/similar to generate a random per-site password.
Or, if it is an account of absolutely no importance, just use a password that you only share with equally unimportant accounts.

597 posts

Ultimate Geek
+1 received by user: 132


  Reply # 1120045 1-Sep-2014 22:14
Send private message

Well just a few of things to point out here:
1) when you type the password into your browser and click update or whatever, it's not encrypted.
2) the password encryption happens on the server unless otherwise specified.
3) there are multiple types of encryption, 1 way and 2 way. 1 way means you can't retrieve the information while 2 way means you can.
4) going on from 1, since the server receives the password in plain text it can do whatever it wants with it, including sending it to you via email


unless you use a managed system, don't bother trying to have a password for each site, have a few different passwords with different security levels.
For example I have 4 passwords I spread across the websites I use, then I have a separate password for bank accounts and such.




Regards
Stefan Andres Charsley

1508 posts

Uber Geek
+1 received by user: 213


  Reply # 1120057 1-Sep-2014 22:19
Send private message

Stay away from small local sites that are unlikely to know or care about being overly secure? Unless something happens, I am guessing most sites rely on good enough and security by obscurity. 




Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B


3241 posts

Uber Geek
+1 received by user: 1764

Lifetime subscriber

  Reply # 1120210 2-Sep-2014 08:17
2 people support this post
Send private message

1. Register your own domain, sign up for every site with sitename@yourdomain.com, so the same email address is not used across multiple accounts.
2. Use Lastpass, create long, strong, random passwords for every site.
3. ??
4. Profit




Information wants to be free. The Net interprets censorship as damage and routes around it.

 

Thinking about signing up to BigPipe? Get $20 credit with my referral link.


11674 posts

Uber Geek
+1 received by user: 3780

Trusted
Lifetime subscriber

  Reply # 1120351 2-Sep-2014 11:07
One person supports this post
Send private message

It seems very true that we will all end up with a bazillion passwords to remember, none of which are anything but random strings of letters and numbers, if we follow the standard advice.

From a human POV that is untenable - no one will comply, no one will remember.

Biometric scanners or something where you can scan fingerprints or iris as a log on to a site seems inevitable.

Also, creating a legal liability where you can sue site operators who get hacked might encourage more investment in security at that end...!





3165 posts

Uber Geek
+1 received by user: 890

Trusted

  Reply # 1120362 2-Sep-2014 11:17
One person supports this post
Send private message

Lias:
2. Use Lastpass, create long, strong, random passwords for every site.


+1 though I use keepass, synced through something like dropbox, to do similar.  It has a bunch of implementations and ports:

http://keepass.info/download.html

3282 posts

Uber Geek
+1 received by user: 208

Trusted

  Reply # 1122022 4-Sep-2014 17:27
Send private message

Lias: 1. Register your own domain, sign up for every site with sitename@yourdomain.com, so the same email address is not used across multiple accounts.
2. Use Lastpass, create long, strong, random passwords for every site.
3. ??
4. Profit

You can do something similar with gmail, just add "+sitename" to your email address, e.g. email+sitename@gmail.com. Some websites don't like the + though.

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44


OPPO brings advanced technology to the smartphone market with new device
Posted 24-Jul-2018 09:20


Hawaiki Transpacific cable ready-for-service
Posted 20-Jul-2018 11:29



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.