Oh Look, Last.fm Lost Passwords Too!

Sidebar Sidebar
Status
Not open for further replies.
The real problem is that the passwords are stored in the first place. If the site only stores hashes that problem will never occur. You can't login using a hash...
 
Please excuse my ignorance, but I thought they were only stored as the product of some hashing algorithm, meaning they can't be plugged into the password field...
And I really, really doubt fb yt or tw would fall prey to this. They are in a totally different league than these guys.
 
this is getting out of hand. If these companies are not able to secure there networks, they need to stop asking for personal information, or the government needs to put a penalty in place for when they do get breached (feeding those penalties into a research effort for better security).

 
We need to make these companies suffer a lot more for these kinds of breaches, I say levy a penalty for every password compromise, double that penalty for every year that it is not reported, and put all that cash into research dedicated to network security. On top of that let that money flow into the companies with effective security track records.

If these companies are comfortable with the courts, then the only way to make them change is to have the fear that the next time can wipe out even Apples profit for the year, make it so that if they "forget" to report this information they get heavy penalties.

In short if these companies keep loosing information that can be detrimental to our privacy, and the security of our Identity the penalties have to be strong enough to be detrimental to there stability and there sustainability.

let them fall, so others can build something better.
 
[citation][nom]agnickolov[/nom]The real problem is that the passwords are stored in the first place. If the site only stores hashes that problem will never occur. You can't login using a hash...[/citation]

This, assuming your website is not built by complete idiots...

I wouldn't want my Facebook account to get out though, that would be really annoying. Tom's, I hope you're keeping our details safe too! =)
 
[citation][nom]agnickolov[/nom]The real problem is that the passwords are stored in the first place. If the site only stores hashes that problem will never occur. You can't login using a hash...[/citation]Yes, it's a basic procedure, and I have no idea why so many companies do it wrong...
 
[citation][nom]agnickolov[/nom]The real problem is that the passwords are stored in the first place. If the site only stores hashes that problem will never occur. You can't login using a hash...[/citation]

No, but you can brute-force a hash (or have a "rainbow table" of the common ones, which people will use surprisingly commonly). If your hash isn't salted with something specific to the site, but stored separately from the password, then the attacker can get a lot of passwords very quickly by comparing hashes.

That said, I do know some sites that can send you your original password in plain text when you forget it (including sites that should know better - like the British Computing Society!). Most of these stories have been leaks of hashes, though.
 
[citation][nom]jryan388[/nom]Please excuse my ignorance, but I thought they were only stored as the product of some hashing algorithm, meaning they can't be plugged into the password field...And I really, really doubt fb yt or tw would fall prey to this. They are in a totally different league than these guys.[/citation]
yes but still with that hash how will it be verified as the genuine password? Because as you said you cannot plug in the hash into the password field to log in well that goes the same for both sides how can you check it if you do not know the password to check against ?
What i would want to see is better encryption for website passwords and such in the hopes that different and/or multiple layers of encryption using different styles of encryption will prevent this from happening as much anymore
 
[citation][nom]Khimera2000[/nom]this is getting out of hand. If these companies are not able to secure there networks, they need to stop asking for personal information, or the government needs to put a penalty in place for when they do get breached (feeding those penalties into a research effort for better security).[/citation]

What's next, penalize the bank after it gets robbed and let the robbers go free ?
Let's face it, we need to stop glorifying hackers and put them away for a fair amount of time, just like the common criminals they are.
And I am not talking 12 month at a golf resort either !

 
[citation][nom]yumri[/nom]yes but still with that hash how will it be verified as the genuine password? Because as you said you cannot plug in the hash into the password field to log in well that goes the same for both sides how can you check it if you do not know the password to check against ?[/citation]
Read about how hashing works and you will understand.
 
Status
Not open for further replies.

Similar threads

Southern Belle1
Info TABLETS, LAPTOPS CAN’T UPGRADE!!!
Replies
3
Views
2K
Laptop General Discussion
USAFRet
USAFRet
signofthecrow2
Question Durable budget laptop recommendations for work and art
Replies
2
Views
2K
Laptop General Discussion
COLGeek
COLGeek
S
Question Old iPad 4th Gen, cannot log into FB from browser
Replies
10
Views
9K
iPad
shawnhalf
S
W
Question Lost drivers for trusty old Toshiba P50-t-10K (9PSPNVE-00X00CEN)
Replies
2
Views
4K
Laptop Tech Support
COLGeek
COLGeek
B
Review Creative Software - Corel, CSP Recent Experiences
Replies
3
Views
3K
Apps General Discussion
betterphotos
B

TRENDING THREADS

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom