You don't have to write anything down KeePass can create a file for you with your passwords in plain text that you can print out. (Menu) File > Export To...Duke49th wrote:...where shall I write this down? Writing down passwords is stupid...isnt it?
I use keepass now and generate better passwords. Worst case would be to lose the database lol...
All forums user should reset their password
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Re: All forums user should reset their password
Mint 17.3 x64 Cinnamon - Rosa
When stating what version of Mint you are using remember to include the "Edition". Is it "Cinnamon", "Mate", "KDE" or "XFCE"? This helps others help you.
When stating what version of Mint you are using remember to include the "Edition". Is it "Cinnamon", "Mate", "KDE" or "XFCE"? This helps others help you.
Re: All forums user should reset their password
For what purpose? Let KPX do its job, the user doesn't even need to know the passwords.Radish wrote:KeePass can create a file for you with your passwords in plain text that you can print out. (Menu) File > Export To...
A really good idea is to make regularly backups of the KPX-database.
Re: All forums user should reset their password
Oh, I see, Cosmo. You are misinterpreting me. I was only suggesting printing it out (so that you can hide it somewhere safe) in case your entire computer, or the KPX database ever got so mangled that you couldn't retrieve your passwords. In that instance you would though have a printout to get you out of the fix of having just 'lost' all your passwords.Cosmo. wrote:For what purpose? Let KPX do its job, the user doesn't even need to know the passwords.Radish wrote:KeePass can create a file for you with your passwords in plain text that you can print out. (Menu) File > Export To...
I agree, the user doesn't need to know their passwords. I only know my passwords for my email addresses and for my bank - those are in my memory and nowhere else. For every other password I have I haven't a blind-clue what it is - KPX manages all that for me, has done for years. (Though, I do have a printout in case things ever go seriously wrong.)
Mint 17.3 x64 Cinnamon - Rosa
When stating what version of Mint you are using remember to include the "Edition". Is it "Cinnamon", "Mate", "KDE" or "XFCE"? This helps others help you.
When stating what version of Mint you are using remember to include the "Edition". Is it "Cinnamon", "Mate", "KDE" or "XFCE"? This helps others help you.
Re: All forums user should reset their password
printing it out would be great. I would like to put a paper copy in my safe.Radish wrote:Oh, I see, Cosmo. You are misinterpreting me. I was only suggesting printing it out (so that you can hide it somewhere safe) in case your entire computer, or the KPX database ever got so mangled that you couldn't retrieve your passwords. In that instance you would though have a printout to get you out of the fix of having just 'lost' all your passwords.Cosmo. wrote:For what purpose? Let KPX do its job, the user doesn't even need to know the passwords.Radish wrote:KeePass can create a file for you with your passwords in plain text that you can print out. (Menu) File > Export To...
I agree, the user doesn't need to know their passwords. I only know my passwords for my email addresses and for my bank - those are in my memory and nowhere else. For every other password I have I haven't a blind-clue what it is - KPX manages all that for me, has done for years. (Though, I do have a printout in case things ever go seriously wrong.)
I am a total noob with KeyPass (24 hours+/-) and have been unable to figure out how to print to a text file. The html export creates a blank file for me
Do I need some sort of add-on?
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Re: All forums user should reset their password
Wanted to thank Clem and the whole team for their fast response to this issue
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Re: help changing password
Here you go.
Re: All forums user should reset their password
What accounts/addresses exactly are vulnerable to being hacked with decrypted data from your server (if they use the same password)?
- Accounts with the same username and e-mail
- Accounts with the same username, but with a different e-mail
- Accounts with the same e-mail, but with a different username
- Accounts with the same full name (as the full name of the e-mail address)
- E-mail addresses that can send mail from the hacked address (and applicable accounts)
- E-mail addresses that can receive mail from the hacked address (and applicable accounts)
- E-mail addresses that the hacked address can send mail from (and applicable accounts)
- E-mail addresses that the hacked address can receive mail from (and applicable accounts)
- Accounts with the same username and e-mail
- Accounts with the same username, but with a different e-mail
- Accounts with the same e-mail, but with a different username
- Accounts with the same full name (as the full name of the e-mail address)
- E-mail addresses that can send mail from the hacked address (and applicable accounts)
- E-mail addresses that can receive mail from the hacked address (and applicable accounts)
- E-mail addresses that the hacked address can send mail from (and applicable accounts)
- E-mail addresses that the hacked address can receive mail from (and applicable accounts)
Re: All forums user should reset their password
Technicality, but as the FAQ in the first post here notes the passwords can't be decrypted. They can be brute forced by guessing, encrypting the guesses, and comparing the result to the encrypted passwords in the database till a match is found. Depending on how common/simple your password is that can take seconds or many years.rbenic wrote:What accounts/addresses exactly are vulnerable to being hacked with decrypted data from your server (if they use the same password)?
None of the examples you give describe the risks I think.
- If your password can be obtained through brute force, and you use that same password for your email, likely any accounts you have with that email address are then vulnerable as with most websites you can request a password reset by email.
- If you used a different password on your email, only accounts you have on other websites where you used the same email address and the same password are at risk.
- If you didn't use the same password on any other account for that email address you're only at risk if the (already public) profile information on your account (like location, occupation, birthday) would help with guessing passwords on other accounts that use that email address.
- Lastly, as noted 51% of the email addresses had already been stolen from other (not Linux Mint!) websites in earlier attacks. If you're one of those then the information stolen from those other websites can be combined with the information stolen from the Linux Mint forums. Possibly making guessing your passwords easier if on those other websites other personal information could be found and you used some of that information as part of your passwords (like your year of birth).
Re: All forums user should reset their password
Thanks,
Checked my password, and there is no way it can be compromized, it's unique.
So these who back doored have wasted time, their time.
Thanks LMF..., all good on my side of the street.
Checked my password, and there is no way it can be compromized, it's unique.
So these who back doored have wasted time, their time.
Thanks LMF..., all good on my side of the street.
Re: All forums user should reset their password
My password was also unique, and relatively strong. My new password is much stronger. Unfortunately many people are not quite so astute.BluuzMoBeeL wrote:Thanks,
Checked my password, and there is no way it can be compromized, it's unique.
So these who back doored have wasted time, their time.
Thanks LMF..., all good on my side of the street.
trivia: The 17th most common 10-digit password is 3141592654
a fun read: http://www.datagenetics.com/blog/september32012/
Bottom Line: we are thinking about it, that is a Good Thing!
Peter
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Mate desktop https://wiki.debian.org/MATE
Debian GNU/Linux operating system: https://www.debian.org/download
Re: All forums user should reset their password
I notice the password policy is excessive:
"Password must be between 10 characters and 32 characters long, must contain letters in mixed case, must contain numbers and must contain symbols."
How is this elegant or appropriate? This is a discussion forum, not an international banking establishment. Even if a forum member access password was hacked, would the attacker gain anything beyond the ability to post under the user name? Would the worst possible impact ever be greater than "mild annoyance"? Please consider consequence when addressing password policy.
Password should simply be LONG; e.g. mysistersallysellsseashells is easier and more secure than e.g. gr4v3ytr41n.
Sorry for the rant, but it makes me nuts when the maximum "war on terror" response is applied to every mundane issue. Yes, the SERVER was hacked, and yes the SERVER ADMINISTRATION access needs to be hardened. But no, individual user passwords remain trivial. To be random, passwords should be unrestricted; particularly when the access being protected is of trivial value. Overly restrictive password policy means one more password we will forget and need to reset next login. Please don't punish the users for an administrator mistake.
"Password must be between 10 characters and 32 characters long, must contain letters in mixed case, must contain numbers and must contain symbols."
How is this elegant or appropriate? This is a discussion forum, not an international banking establishment. Even if a forum member access password was hacked, would the attacker gain anything beyond the ability to post under the user name? Would the worst possible impact ever be greater than "mild annoyance"? Please consider consequence when addressing password policy.
Password should simply be LONG; e.g. mysistersallysellsseashells is easier and more secure than e.g. gr4v3ytr41n.
Sorry for the rant, but it makes me nuts when the maximum "war on terror" response is applied to every mundane issue. Yes, the SERVER was hacked, and yes the SERVER ADMINISTRATION access needs to be hardened. But no, individual user passwords remain trivial. To be random, passwords should be unrestricted; particularly when the access being protected is of trivial value. Overly restrictive password policy means one more password we will forget and need to reset next login. Please don't punish the users for an administrator mistake.
Re: All forums user should reset their password
Not really, if one thinks about it;I notice the password policy is excessive:
If the, or a, forum is hacked, and it's a Linux forum of all things, I welcome them to hack it !
Why ?
How else do vulnerabilities become exposed ?
You are right in saying, "what can they gain by hacking a forum" ?
Absolutely nothing, except it's a win to the forum's admin etc *because* the vulnerability is exposed, the idiot hacker exposed the hole, here, first.
Don't you think then this, ( hack) is noted and fixed beyond the forum in our favor ?
Re: All forums user should reset their password
I notice no such thing. I think it's fine. Seems we disagree, then.prof_braino wrote:I notice the password policy is excessive
Certainly, if people use identical passwords in different places. Which is unfortunately not unheard of, by any means.prof_braino wrote:Even if a forum member access password was hacked, would the attacker gain anything beyond the ability to post under the user name? Would the worst possible impact ever be greater than "mild annoyance"?
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: All forums user should reset their password
Hey M0em, glad to see you are right side up again.
Re: All forums user should reset their password
No no, I'm upside up. My right side is at the right.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: All forums user should reset their password
Are we to understand that the hack of the mint download site was the result of a weak user password to access this forum? I did not understand that to be the case.
Unless the hack was due to a weak forum user password, changing the password policy to "difficult for the user to use" it not helping anything. If anything, the policy should be changed to "easy to use, difficult to crack". This is not the case here.
While it is trendy to set policy to something ridiculous such as require all of upper, lower, numbers, and special characters (rather than require a long sentence, etc) this is usually set for the benefit of those that do not understand passwords or security.
Anyway, we have heard the voice of the customer, now it is up management to choose whether or not to listen. I'm done, thank you for the responses.
Unless the hack was due to a weak forum user password, changing the password policy to "difficult for the user to use" it not helping anything. If anything, the policy should be changed to "easy to use, difficult to crack". This is not the case here.
While it is trendy to set policy to something ridiculous such as require all of upper, lower, numbers, and special characters (rather than require a long sentence, etc) this is usually set for the benefit of those that do not understand passwords or security.
Anyway, we have heard the voice of the customer, now it is up management to choose whether or not to listen. I'm done, thank you for the responses.
Re: All forums user should reset their password
I don't see any punishment. As already said, Firefox or a different software can remember the password for you. Therefore I don't see the deal with a short length like 12 characters.prof_braino wrote:Please don't punish the users
Re: All forums user should reset their password
You're right: it's not. This, however, is the case: there were two different breaches. The download site was compromised, and the forum user database was stolen. So the passwords we used on this forum before are in the hands of crackers, who can try their worst to unencrypt them, at their leasure. For that reason, we have been told to set a new password, of a decent quality. I don't consider that to be unreasonable in any way.prof_braino wrote:Are we to understand that the hack of the mint download site was the result of a weak user password to access this forum? I did not understand that to be the case.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: All forums user should reset their password
Yup, and since my forgetter is getting better that is exactly how I remember them too.killer de bug wrote:I don't see any punishment. As already said, Firefox or a different software can remember the password for you. Therefore I don't see the deal with a short length like 12 characters.prof_braino wrote:Please don't punish the users
Also...
So that's what happened here.killer de bug wrote:.. in it's sig:
If it ain't broke, fix it until it is.
Question: A bug is an "it" isn't it?