0792: "Password Reuse"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

wmhunter
Posts: 8
Joined: Mon Nov 10, 2008 4:34 am UTC

Re: 0792: "Password Reuse"

Postby wmhunter » Wed Oct 13, 2010 3:44 pm UTC

I used to have a problem with this, then I got LastPass. Works wonders, and their security model is solid. Too lazy to see it is secure yourself? See below info then.

Info : grc.com/sn Podcast #256 or http://www.grc.com/sn/sn-256.htm

As for usability, auto-fill, auto-login, auto-form fill, login on website gives access to username/password if away from home, changing passwords is picked up by the software, can generate random passwords, many things.


Note: I am not an affiliate or sponsor of LastPass at all, it's just made my life on the internets and juggling multiple passwords a breeze. keepass is too dependent on software IMO, you still need that keepass-portable app to get your password vault. lastpass is better, for me.

User avatar
DragonHawk
Posts: 457
Joined: Sat Sep 15, 2007 1:20 am UTC
Location: NH, US, Earth
Contact:

Re: 0792: "Password Reuse"

Postby DragonHawk » Thu Oct 14, 2010 1:19 am UTC

tixrus wrote:I fly so far under the radar no one would care......

It's a common misconception that just because you're an "ordinary Joe", nobody wants to attack your account. While you may not have data of particular value stored somewhere, your account itself has value. Attackers want to have as many compromised accounts from "real people" as they can -- they can then use those accounts to stage their attacks against *other* targets. Same with home computers. The vast majority of spam is sent from compromised home computers. Attackers use automated scanners and attacks to hijack your resources for their own purposes.

Bottom line: You're still at risk.
Ben'); DROP TABLE Users;--

GENERATION 42: The first time you see this, copy it into yοur sig on any forum and stick a fork in yοur еyе. Social experiment.

User avatar
Pfhorrest
Posts: 4242
Joined: Fri Oct 30, 2009 6:11 am UTC
Contact:

Re: 0792: "Password Reuse"

Postby Pfhorrest » Thu Oct 14, 2010 4:01 am UTC

DragonHawk wrote:Bottom line: You're still at risk.

And you are a risk, to others. It's like herd immunity: since others can get sick from you, even if you don't show any severe symptoms, they all have reason to be concerned with your 'immunity'.
Forrest Cameranesi, Geek of All Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
The Codex Quaerendae (my philosophy) - The Chronicles of Quelouva (my fiction)

User avatar
Red Hal
Magically Delicious
Posts: 1445
Joined: Wed Nov 28, 2007 2:42 pm UTC

Re: 0792: "Password Reuse"

Postby Red Hal » Wed Dec 15, 2010 9:26 pm UTC

And so in the wake of the Gawker hack, BHG once again proves to be prescient.
http://www.codinghorror.com/blog/2010/1 ... um=twitter
Lost Greatest Silent Baby X Y Z. "There is no one who loves pain itself, who seeks after it and wants to have it, simply because it is pain..."

User avatar
StClair
Posts: 402
Joined: Fri Feb 29, 2008 8:07 am UTC

Re: 0792: "Password Reuse"

Postby StClair » Wed Dec 15, 2010 9:31 pm UTC

"'1 2 3 4 5'? That's amazing! I've got the same combination on my luggage!"

User avatar
cjmcjmcjmcjm
Posts: 1158
Joined: Tue Jan 05, 2010 5:15 am UTC
Location: Anywhere the internet is strong

Re: 0792: "Password Reuse"

Postby cjmcjmcjmcjm » Fri Dec 17, 2010 5:46 am UTC

"12345"? That's the kind of password an idiot would use on his luggage
frezik wrote:Anti-photons move at the speed of dark

DemonDeluxe wrote:Paying to have laws written that allow you to do what you want, is a lot cheaper than paying off the judge every time you want to get away with something shady.

User avatar
DragonHawk
Posts: 457
Joined: Sat Sep 15, 2007 1:20 am UTC
Location: NH, US, Earth
Contact:

Re: 0792: "Password Reuse"

Postby DragonHawk » Fri Dec 17, 2010 6:11 am UTC

I know! I'll post a quote from Spaceballs! Nobody has ever done that before!
Ben'); DROP TABLE Users;--

GENERATION 42: The first time you see this, copy it into yοur sig on any forum and stick a fork in yοur еyе. Social experiment.

User avatar
BioTube
Posts: 362
Joined: Sat Apr 11, 2009 2:11 am UTC

Re: 0792: "Password Reuse"

Postby BioTube » Sat Dec 18, 2010 2:30 am UTC

You'll need to go straight - to Ludicrous Speed!
Frédéric Bastiat wrote:Government is the great fiction through which everybody endeavors to live at the expense of everybody else.

User avatar
cjmcjmcjmcjm
Posts: 1158
Joined: Tue Jan 05, 2010 5:15 am UTC
Location: Anywhere the internet is strong

Re: 0792: "Password Reuse"

Postby cjmcjmcjmcjm » Sat Dec 18, 2010 2:36 am UTC

It's
...plaid!
frezik wrote:Anti-photons move at the speed of dark

DemonDeluxe wrote:Paying to have laws written that allow you to do what you want, is a lot cheaper than paying off the judge every time you want to get away with something shady.

Steriema
Posts: 1
Joined: Wed Dec 29, 2010 11:28 pm UTC

Re: 0792: "Password Reuse"

Postby Steriema » Wed Dec 29, 2010 11:32 pm UTC

Guys, I got it. The one and only thing that could have BHG stop believe in anything:
http://xkcd.com/455/

HiFranc
Posts: 31
Joined: Fri Dec 31, 2010 11:44 am UTC

Re: 0792: "Password Reuse"

Postby HiFranc » Fri Dec 31, 2010 6:48 pm UTC

Once upon a time I was willing to cut Google slack but now I try to avoid using them. In Europe, there's been a major scandal because they illegally obtained personal information by checking for open wifi networks when taking pictures for Google Street view. When it had been discovered that they had done that (I can't remember the exact circumstances but they didn't proactively tell anyone), they denied that they had any sensitive information (when it was clear that they have). In fact their attitude was that they were in the right and that the European Data Protection Laws were too strong.

After months of investigations by various authorities, Google admitted that it had obtained sensitive information but that it had destroyed them. They provided no evidence of that assertion just as, earlier, they provided no evidence that they had not obtained sensitive information.

In short, Google is definitely evil and should not be trusted. It also shows that our Data Protection Laws here are not strong enough because it looks like Google is going to get away with it.

Bean_Delphiki
Posts: 58
Joined: Thu Dec 23, 2010 5:39 am UTC

Re: 0792: "Password Reuse"

Postby Bean_Delphiki » Sun Jan 16, 2011 9:10 pm UTC

The smarter thing to do would be to set up a meaningless website like hat-guy does...

...but then one day set the system to automatically reject all usernames and passwords. People will systematically enter every one of their common user names and common passwords before they finally hit the "forgot username" or "forgot password" button.

...then you own every facet of their lives.

samcan
Posts: 12
Joined: Wed Jan 19, 2011 6:15 pm UTC
Contact:

Re: 0792: "Password Reuse"

Postby samcan » Wed Jan 26, 2011 9:33 pm UTC

Bean_Delphiki wrote:The smarter thing to do would be to set up a meaningless website like hat-guy does...

...but then one day set the system to automatically reject all usernames and passwords. People will systematically enter every one of their common user names and common passwords before they finally hit the "forgot username" or "forgot password" button.

...then you own every facet of their lives.


I like it for the evulz, especially since that's the kind of thing I do sometimes with my passwords. "What do you mean this didn't work? Okay, maybe it was this variant..." I use KeePassX, but since I don't have it on every computer (like those in public) I use, it's kind of necessary to remember at least some passwords.

User avatar
WolfieMario
Posts: 120
Joined: Fri Jan 28, 2011 10:45 pm UTC
Contact:

Re: 0792: "Password Reuse"

Postby WolfieMario » Sat Jan 29, 2011 1:12 am UTC

Now, my problem is neither reusing passwords or having simple passwords - it's remembering what the hell my password is and what specific things I did to it (e.g. random capitalization, 1337 text on some parts of words, reversing fragments of words, etc.). Honestly, I blame Firefox's offer to remember my passwords as the reason I don't remember any of my passwords (besides my computer login and e-mail. Heh, I gotta thank Microsoft for something :P).
Bean_Delphiki wrote:The smarter thing to do would be to set up a meaningless website like hat-guy does...

...but then one day set the system to automatically reject all usernames and passwords. People will systematically enter every one of their common user names and common passwords before they finally hit the "forgot username" or "forgot password" button.

...then you own every facet of their lives.

Now, going in line with what I just said, if that would happen to me, you'd get about a dozen variations of the same password, with different capitalizations or random letters swapped with numbers, and only one will be the correct password, but even that wouldn't help you derive my password to any other site :D :roll:.

User avatar
Max™
Posts: 1792
Joined: Thu Jun 21, 2012 4:21 am UTC
Location: mu

Re: 0792: "Password Reuse"

Postby Max™ » Tue Sep 11, 2012 11:15 pm UTC

I was talking about the Charles Stross story Antibodies with the gf, showed her the Password Entropy comic, wound up reading the Password Reuse one again and noticed the "March 1997" and had to check the thread to see if it was mentioned, but then realized I hadn't yet checked the comic I was thinking of to see if I was screwing up the date.

http://questionablecontent.net/view.php?comic=2070

I was thinking the Gary Email was March 1997 for some reason, not Jan 1st 1997, rats.

Very weird path to get here to bump a thread about a comic posted the day after my birthday 2 years ago, on my birthday today.
mu

***
Posts: 28
Joined: Fri Sep 14, 2012 4:47 am UTC

Re: 0792: "Password Reuse"

Postby *** » Tue Sep 18, 2012 7:42 pm UTC

My password at my last job was the document number of the computer use policy, which forbid the exchange of passwords and the use of other people's accounts.
Belief and Seeing: They're both often Wrong.

gladiolas
Posts: 74
Joined: Tue Nov 06, 2012 1:41 am UTC

Re: 0792: "Password Reuse"

Postby gladiolas » Fri May 31, 2013 4:55 pm UTC

An Analog story, whose title and author I don't remember, but it had an interesting twist. You were *supposed* to enter an incorrect password twice, and then the correct password.

I was thinking of ways to make passwords even more complex.

Instead of entering something like taupe)!*ninE, we have to speak some words. And the computer will(?) be able to know if we're simply entering an audio file of somebody speaking words.

So the password can be a specific person singing "Jingle Bells".
Or that person singing "A hundred bottles of Beer on the Wall" all the way through...or stopping at a specific point in the song.

Or the password only works if the computer detects that the person's blood alcohol level is exactly
0.017.

Or suppose, to enter the password, you have to download a sequence of files.

Suppose you start with a password of Ab8&ICEDdfgh!!.

Then you use a substitution cipher.

We all know the idea, A=1, B=2, C=3, D=4, etc.

But computers can handle vast amounts of data, so instead of A= one specific digit...

A=the complete works of Shakespeare, Wordsworth Royals Series, 1st edition.
B=a hundred youtube videos of cats playing pianos.
C=Gadsby: A Story of Over 50,000 Words Without Using the Letter "E", a 1939 novel by Ernest Vincent Wright.
D=An edition of War and Peace, by Tolstoy.
E=The same edition, but the word "the" is misspelled "teh" on page 897.
F=G
G=F
H=the DVD of the director's cut edition of Apocalypse Now complete with interviews from the main cast and crew.
I=an audio file of an interview with some obscure actress who is now a high school teacher.

And so on.

Similarly insanely large files would represent other ASCII symbols.

So to enter the password you have to download a sequence of insanely large files.

The problem is remembering, but people have been able to memorize amazingly large amounts of stuff...

That substitution cipher doesn't have to be for the password.

The password could be something a little bit easier, like putting on a live performance of "Moulin Rouge."
Then when you and your cohorts have finished the performance, the computer lets you into the system, where you find encrypted files where A=the complete works of Shakespeare, etc.

(Every performance of Moulin Rouge will be a little bit different, but the computer will take that into account.)

Of course I'm no computer expert, and maybe this all sounds ridiculous and/or stupid, let me know.
Thanks.

:lol: :roll: :wink:

User avatar
CocoaNutCakery
Posts: 66
Joined: Fri May 24, 2013 6:26 am UTC
Contact:

Re: 0792: "Password Reuse"

Postby CocoaNutCakery » Fri May 31, 2013 5:42 pm UTC

Well, since this has already been bumped, I'd like to point out that Google is pretty evil, especially in its ranking algorithms.

Because of this evilness, I only use two Google products:

1. YouTube
2. Adsense

And I'm kind of working on breaking the almost-monopoly of YouTube.

I'm getting an Android phone soon, but I'll be replacing it with Cyanogenmod. It's not ideal (it is based off of Android), but I'd rather avoid Windows and Apple phones completely than dismiss Cyanogenmod.

covale
Posts: 1
Joined: Wed Mar 30, 2011 2:01 pm UTC

Re: 0792: "Password Reuse"

Postby covale » Fri Jun 07, 2013 9:38 pm UTC

Now ofc, we know that Google (and all the others) were evil all along ,they just had enough sense to not get caught right away :p

Search the web for PRISM and NSA if you somehow haven't heard about the big "revelation".

selar
Posts: 3
Joined: Sat Mar 09, 2013 6:07 pm UTC

Re: 0792: "Password Reuse"

Postby selar » Tue Nov 05, 2013 3:06 pm UTC

This is getting bumped once again. See second last panel, then see this:

bbc co uk/news/technology-24819850

Kit.
Posts: 1038
Joined: Thu Jun 16, 2011 5:14 pm UTC

Re: 0792: "Password Reuse"

Postby Kit. » Tue Nov 05, 2013 3:19 pm UTC

selar wrote:See second last panel,

Personally, I'd say that the last panel was the coolest one(*).

Spoiler:
*)...as seen by a Motorola-turning-ARRIS employee

User avatar
PinkShinyRose
Posts: 830
Joined: Mon Nov 05, 2012 6:54 pm UTC
Location: the Netherlands

Re: 0792: "Password Reuse"

Postby PinkShinyRose » Tue Nov 05, 2013 5:10 pm UTC

gladiolas wrote:We all know the idea, A=1, B=2, C=3, D=4, etc.

But computers can handle vast amounts of data, so instead of A= one specific digit...

A=the complete works of Shakespeare, Wordsworth Royals Series, 1st edition.
B=a hundred youtube videos of cats playing pianos.
C=Gadsby: A Story of Over 50,000 Words Without Using the Letter "E", a 1939 novel by Ernest Vincent Wright.
D=An edition of War and Peace, by Tolstoy.
E=The same edition, but the word "the" is misspelled "teh" on page 897.
F=G
G=F
H=the DVD of the director's cut edition of Apocalypse Now complete with interviews from the main cast and crew.
I=an audio file of an interview with some obscure actress who is now a high school teacher.

And so on.

Similarly insanely large files would represent other ASCII symbols.

So to enter the password you have to download a sequence of insanely large files.

The problem is remembering, but people have been able to memorize amazingly large amounts of stuff...

That substitution cipher doesn't have to be for the password.

The password could be something a little bit easier, like putting on a live performance of "Moulin Rouge."
Then when you and your cohorts have finished the performance, the computer lets you into the system, where you find encrypted files where A=the complete works of Shakespeare, etc.

I think that would be nearly identical to using certificate based authentication, but I could be horribly wrong.
CocoaNutCakery wrote:Well, since this has already been bumped, I'd like to point out that Google is pretty evil, especially in its ranking algorithms.

Because of this evilness, I only use two Google products:

1. YouTube
2. Adsense

And I'm kind of working on breaking the almost-monopoly of YouTube.

I'm getting an Android phone soon, but I'll be replacing it with Cyanogenmod. It's not ideal (it is based off of Android), but I'd rather avoid Windows and Apple phones completely than dismiss Cyanogenmod.

Can firefox OS or any of the more open linux based OSes be installed on a phone not specifically created for them without too much trouble (=writing all drivers yourself)?

jewish_scientist
Posts: 766
Joined: Fri Feb 07, 2014 3:15 pm UTC

Re: 0792: "Password Reuse"

Postby jewish_scientist » Wed Dec 31, 2014 4:45 pm UTC

I think I have a system to reuse the "same" password, but stop this from happening.

People reuse the same password because it is easy to remember one password that works for everything. Instead, people could use a single formula to make different a lot of different passwords.

For example:
Last letter of the site's name + password + 1
Take the first letter, and press the key immediately to the right + password + 1. If the first letter is 'p', 'l', or 'm' then you press 'q', 'a', or 'z'
Turn the second letter into a number and divide by 2 + password + 1

Every person would have a different formula, so it would take a LOT of programming to get a proxy to recognize the patterns. More than the average identity thief could ever pull of. These formulas would be hard for even a person to crack, considering they have only one example to work off of. Even if he was a pattern master who could discover any pattern in a couple minutes, he would still be able to only get 10s of identities instead of millions.

So, what do you think. Could this system work? Is there some very obvious flaw that I just did not see? Thank you in advance for any comments you give.

User avatar
HES
Posts: 4809
Joined: Fri May 10, 2013 7:13 pm UTC
Location: England

Re: 0792: "Password Reuse"

Postby HES » Wed Dec 31, 2014 4:52 pm UTC

I hope it works, because it's what I do. One algorithm, many passwords. More important sites have additional elements.
He/Him/His Image

User avatar
Neil_Boekend
Posts: 3220
Joined: Fri Mar 01, 2013 6:35 am UTC
Location: Yes.

Re: 0792: "Password Reuse"

Postby Neil_Boekend » Wed Dec 31, 2014 4:53 pm UTC

I hope such a system works because my system is only slightly more complicated. It surely allows for complex but easy to remember passwords.
Mikeski wrote:A "What If" update is never late. Nor is it early. It is posted precisely when it should be.

patzer's signature wrote:
flicky1991 wrote:I'm being quoted too much!

he/him/his

Monox D. I-Fly
Posts: 71
Joined: Sat Mar 26, 2016 1:49 am UTC
Location: Indonesia

Re: 0792: "Password Reuse"

Postby Monox D. I-Fly » Sun Jan 21, 2018 2:40 pm UTC

What happened during March 1997 which made him don't believe anything?
Finally found one comic mentioning a Trading Card Game:
https://xkcd.com/696/

User avatar
GlassHouses
Posts: 71
Joined: Thu Nov 24, 2016 12:41 pm UTC

Re: 0792: "Password Reuse"

Postby GlassHouses » Mon Jan 22, 2018 4:45 am UTC

Monox D. I-Fly wrote:What happened during March 1997 which made him don't believe anything?


You may want to acquaint yourself with Explain Xkcd: https://www.explainxkcd.com/wiki/index.php/792:_Password_Reuse

You won't always find conclusive answers there to every xkcd-related question, including this one, but you may find plausible suggestions, again including this time.

However, I also wouldn't rule out Randall simply being random and trolling his readers here. :)

Monox D. I-Fly
Posts: 71
Joined: Sat Mar 26, 2016 1:49 am UTC
Location: Indonesia

Re: 0792: "Password Reuse"

Postby Monox D. I-Fly » Mon Jan 22, 2018 2:57 pm UTC

GlassHouses wrote:
Monox D. I-Fly wrote:What happened during March 1997 which made him don't believe anything?


You may want to acquaint yourself with Explain Xkcd: https://www.explainxkcd.com/wiki/index.php/792:_Password_Reuse

You won't always find conclusive answers there to every xkcd-related question, including this one, but you may find plausible suggestions, again including this time.

However, I also wouldn't rule out Randall simply being random and trolling his readers here. :)


Wow... I didn't know that this webcomic had its own Wiki.
Finally found one comic mentioning a Trading Card Game:
https://xkcd.com/696/


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: Google Feedfetcher and 16 guests