0792: "Password Reuse"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: "Password Reuse" Discussion (#792)

Postby hintss » Mon Sep 13, 2010 5:30 am UTC

hatten wrote:Same username everywhere, different passwords everywhere. I keep all my passwords in a text file hidden somewhere in my directory structure. Got a bash script for accessing passwords, and another for creating new.

This was a real funny one!

awesome, I'll just send you a rootkit, get the path, search through it, then find your file using the bash script. :P

also, my private key for ssh is over 100. because someone said it had to be over 15 :D

keyboardtalk
Posts: 1
Joined: Wed Jan 13, 2010 11:49 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby keyboardtalk » Mon Sep 13, 2010 5:36 am UTC

I think the March 1997 event was the banning of human cloning research.

unlofl
Posts: 8
Joined: Fri Aug 27, 2010 6:13 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby unlofl » Mon Sep 13, 2010 5:39 am UTC

I see this comic and then I come across what might be the mother of all password harvesters on reddit. Its a search tool that searches multiple sites, including facebook, twitter and others if you hand over your secrets. http://chrome-ozone.appspot.com/

Any way to be sure what they're up to? Being able to audit access to free accounts would be nice to at least detect this sort of thing. Set up fake gmail accounts, register each to a different small time free site using the same password, and look for a few "extra" logins on the accounts.

Now I'm off to diversify my passwords a bit more.

Malph
Posts: 11
Joined: Fri Jun 11, 2010 5:57 am UTC

Re: "Password Reuse" discussion (#792)

Postby Malph » Mon Sep 13, 2010 5:39 am UTC

I don't care if the Heaven's Gate thing is the real answer, I like to believe that the ban on cloning is what he's talking about (imagine what he could do if he was allowed to clone).

Malph
Posts: 11
Joined: Fri Jun 11, 2010 5:57 am UTC

Re: "Password Reuse" Discussion (#792)

Postby Malph » Mon Sep 13, 2010 5:45 am UTC

keyboardtalk wrote:I think the March 1997 event was the banning of human cloning research.


There were only 3 types of people majorly effected by that: Mad Scientists, accident prone children of scientists, and guys who wear black hats and create chaos.

dookiecheese
Posts: 22
Joined: Thu Feb 04, 2010 7:50 pm UTC

Re: "Password Reuse" discussion (#792)

Postby dookiecheese » Mon Sep 13, 2010 5:52 am UTC

I don't think the date has any meaning, when a person loses faith or stops believing in nonsense is not often dictated by a historic event.

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: "Password Reuse" Discussion (#792)

Postby hintss » Mon Sep 13, 2010 5:59 am UTC

affected, you idiot! :P

anyway, now to go make a certain rhyme true: http://unitednuclear.com/index.php?main ... cts_id=203

User avatar
Maurog
Posts: 842
Joined: Tue Jul 10, 2007 7:58 am UTC

Re: "Password Reuse" Discussion (#792)

Postby Maurog » Mon Sep 13, 2010 5:59 am UTC

Hmm, this comic is why I have the same weak password for social networking, and other, stronger passwords for anything that deals with money. So like, with my xkcd username/password, Randall can access a variety of other forums in my name, and make a fool of myself, but that's about it.
Slay the living! Raise the dead! Paint the sky in crimson red!

User avatar
Max2009
Posts: 160
Joined: Mon Mar 09, 2009 2:20 pm UTC
Location: Where?
Contact:

Re: "Password Reuse" discussion (#792)

Postby Max2009 » Mon Sep 13, 2010 6:03 am UTC

I think BHG either had high hopes that comets were in fact harbingers of doom (and was really looking forward to this), and when Hale-Bopp arrived and doom was postponed (at least for the time being) he sort of lost faith.
Or he strongly believed in assisted evolution and Bill Gates Clinton shot that one out of the water.

I remember being equally amazed at both Clinton's ruling, and looking at Hale-Bopp through my binoculars.
Cogito ergo surf - I think therefore I network

Registered Linux user #481826 Get Counted! http://counter.li.org

Image

Isaac20
Posts: 19
Joined: Mon Oct 05, 2009 4:33 am UTC

Re: "Password Reuse" Discussion (#792)

Postby Isaac20 » Mon Sep 13, 2010 6:08 am UTC

I realized this a while ago, and at that point changed my password to all important things (Gmail, Bank, Paypal, and Steam) to quite secure, unique passwords. Nothing else matters much at all. My Facebook has a fake name and no uniquely identifying information. Same with Twitter.

As for March '97, BHG's clearly referring to no funding of cloning.

User avatar
Sulayman-F
Posts: 17
Joined: Fri Feb 22, 2008 8:48 am UTC
Location: New York, NY
Contact:

Re: "Password Reuse" Discussion (#792)

Postby Sulayman-F » Mon Sep 13, 2010 6:11 am UTC

Shhh, Randall! Now millions of AOL accounts will be hacked.

This wasn't that big of a secret, I'm surprised it's not mentioned in TOSes for websites, e.g. "We will never be able to see your actual password (due to one-way hashing) or use it anywhere else"

calvinhobbes
Posts: 2
Joined: Mon Sep 13, 2010 6:24 am UTC

Re: "Password Reuse" Discussion (#792)

Postby calvinhobbes » Mon Sep 13, 2010 6:26 am UTC

What sort of dingus web developer doesn't salt+hash (at the very least) passwords before storing them?

I'm a noob when it comes to web dev, but even I know that's what you're supposed to do,
so that way, even if your DB is compromised, no one (not even you) can discover your users' passwords.

calvinhobbes
Posts: 2
Joined: Mon Sep 13, 2010 6:24 am UTC

Re: "Password Reuse" Discussion (#792)

Postby calvinhobbes » Mon Sep 13, 2010 6:28 am UTC

I must add, sometimes I'm a dingus when it comes to other things.
Last edited by calvinhobbes on Mon Sep 13, 2010 9:21 am UTC, edited 1 time in total.

lancequagmire
Posts: 1
Joined: Mon Sep 13, 2010 6:21 am UTC

Re: "Password Reuse" discussion (#792)

Postby lancequagmire » Mon Sep 13, 2010 6:37 am UTC

This is not correct, but still: imdb.com/title/tt0119528/

westrim
Posts: 153
Joined: Mon Mar 30, 2009 4:51 am UTC

Re: "Password Reuse" Discussion (#792)

Postby westrim » Mon Sep 13, 2010 6:41 am UTC

Roses!
Last edited by westrim on Wed Sep 15, 2010 2:34 am UTC, edited 1 time in total.

User avatar
weex
Posts: 87
Joined: Wed Oct 29, 2008 5:50 am UTC

Re: "Password Reuse" Discussion (#792)

Postby weex » Mon Sep 13, 2010 6:41 am UTC

Keepass can be of service here and it's good security to be as paranoid about your secret questions as you are choosing passwords.

The great thing for BHG here is that the masses will not significantly change this behavior until the browser or OS start to compare the usernames and passwords they use.
Salvador Dali wrote:Those who do not want to imitate anything, produce nothing.

Simple Pen Art, now with an Archive page.

Realpra
Posts: 3
Joined: Fri Sep 18, 2009 3:37 pm UTC

Re: "Password Reuse" discussion (#792)

Postby Realpra » Mon Sep 13, 2010 6:54 am UTC

Well Carl Sagan died in 1996 I think and "Contact" came out some time in 1997, maybe march? Might have something to do with that...
Anyway my paypal account, email and bank account are safe to hell with the rest.

User avatar
estheral
Posts: 4
Joined: Thu Jun 04, 2009 5:11 am UTC

Re: "Password Reuse" discussion (#792)

Postby estheral » Mon Sep 13, 2010 7:03 am UTC

My friends would say something like that, referring to the date the love of their life broke up with them. Usually high school or college. One has a tattoo of the date. He does have other issues too :)

User avatar
angETF
Posts: 1
Joined: Mon Sep 13, 2010 7:13 am UTC

Re: "Password Reuse" discussion (#792)

Postby angETF » Mon Sep 13, 2010 7:17 am UTC

I don't know if BHG is supposed to be from Europe or another country where the Special Edition of Star Wars was screened in March of 1997, but I can't see anything else significant in that time-frame. I was sure the USA also had it first screened in March that year, but IMDB says otherwise.

Kyrn
Posts: 937
Joined: Sat Sep 05, 2009 3:55 pm UTC
Location: The Internet

Re: "Password Reuse" discussion (#792)

Postby Kyrn » Mon Sep 13, 2010 7:23 am UTC

Uninfinity wrote:It feels like the black hat guy is slowly turning into the joker for some reason. This is good. :D

Which Joker?
I am NOT a snake.

Opinions discussed are not necessarily the opinions of the people discussing them.

Jatopian
Posts: 21
Joined: Sat Jul 14, 2007 5:35 am UTC
Location: Jatopia
Contact:

Re: "Password Reuse" Discussion (#792)

Postby Jatopian » Mon Sep 13, 2010 7:37 am UTC

Man, so it's no longer enough to have a handful of strong passwords? I mean, I knew this intellectually all along, but geez, what good are passwords when I can't even remember them all?

hatlessguy
Posts: 1
Joined: Mon Sep 13, 2010 7:17 am UTC

Re: "Password Reuse" discussion (#792)

Postby hatlessguy » Mon Sep 13, 2010 7:40 am UTC

In order to be evil, Google must in sequence

1. Eliminate competition (by law?)
2. Make their products suck

Mandatory gmail that requires mind-bending captchas for every email you send would be a good start.
Last edited by hatlessguy on Mon Sep 13, 2010 9:44 am UTC, edited 1 time in total.

Technical Ben
Posts: 2986
Joined: Tue May 27, 2008 10:42 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby Technical Ben » Mon Sep 13, 2010 7:44 am UTC

I was guessing march 1997 was the day Black Hat Girl dumped him. :(
It's all physics and stamp collecting.
It's not a particle or a wave. It's just an exchange.

User avatar
Arancaytar
Posts: 1642
Joined: Thu Mar 15, 2007 12:54 am UTC
Location: 52.44°N, 13.55°E
Contact:

Re: "Password Reuse" Discussion (#792)

Postby Arancaytar » Mon Sep 13, 2010 7:44 am UTC

I thought of doing this whenever I set up a website that accepted user accounts, but decided against with much the same reasoning as Black Hat Guy. There's no real benefit other than the tingle of potential power to be worth the risk of getting caught - plus, I like being not evil. Or seeming. :lol:
"You cannot dual-wield the sharks. One is enough." -Our DM.
Image

User avatar
Amarantha
Posts: 1638
Joined: Tue Nov 27, 2007 4:56 am UTC
Location: Melbourne, Australia

Re: "Password Reuse" Discussion (#792)

Postby Amarantha » Mon Sep 13, 2010 8:05 am UTC

I went and wiki'd "March 1997" before I'd even finished reading the comic. Then came here to read everyone's interpretation of the possible significance. Then realised we've all been well and truly nerd-sniped. Randall is having a beer somewhere imagining this thread and laughing his arse off.

melladh
Posts: 68
Joined: Fri Jul 30, 2010 2:06 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby melladh » Mon Sep 13, 2010 8:10 am UTC

I used to keep a hotmail account for crap signups for this reason... then I got lazy :(
Image Image

mjk0104
Posts: 1
Joined: Fri Jul 09, 2010 5:17 am UTC

Re: "Password Reuse" Discussion (#792)

Postby mjk0104 » Mon Sep 13, 2010 8:24 am UTC

Reading through this, thought it was interesting, a bit of a warning into the dangers of the interwebz. Then I got to the last two frames and couldn't stop laughing. Excellent work once again Randall :-D

User avatar
darknut
Posts: 228
Joined: Wed Aug 25, 2010 8:40 am UTC
Location: here

Re: "Password Reuse" Discussion (#792)

Postby darknut » Mon Sep 13, 2010 8:40 am UTC

been in a situation where ive had access to some elses password
thought " :twisted: HA! now i can... i can... um :| "

and then i did nothing
poxic wrote: Take a source of light and cook it up until it lases -- now you have a laser.

Rikki-Tikki-Tavi
Posts: 2
Joined: Tue Oct 27, 2009 10:41 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby Rikki-Tikki-Tavi » Mon Sep 13, 2010 9:07 am UTC

Skynet was set to nuke the Earth in 1997. Not in March, though.

User avatar
BurningLed
Posts: 561
Joined: Tue Feb 09, 2010 5:42 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby BurningLed » Mon Sep 13, 2010 9:30 am UTC

Randall has been on a roll lately. This is one of my favorites since "Abstraction" xD
Axman wrote:Some people blow their cash on watches that they show off to people who think said watches make a person cool. Some people spend a weekend buying everyone fake gifts in a game of make-believe.
I think the latter group is awesome.

gtkarber
Posts: 28
Joined: Wed May 30, 2007 12:57 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby gtkarber » Mon Sep 13, 2010 9:48 am UTC

This was actually one of the first things that Mark Zuckerberg used Facebook for after it was founded: he hacked in to the email accounts of a few writers of the Harvard Crimson using exactly this same strategy.

User avatar
cephalopod9
Posts: 1985
Joined: Sat Dec 02, 2006 7:23 am UTC

Re: "Password Reuse" Discussion (#792)

Postby cephalopod9 » Mon Sep 13, 2010 9:52 am UTC

You know, an idea doesn't have to be, or even approximate a belief in order to... I just remembered I have an unintentional proclivity towards evil, and feel irresponsible completing this thought. Maybe I will post it to one of the blogs I keep starting and never doing anything with...

I've been secretly paranoid about this for a while, but having multiple passwords seems to end up in having to go through all of them to remember which match with which service. That face book guy sure seems like a jerk.
Image

Tobu
Posts: 22
Joined: Mon Aug 10, 2009 10:09 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby Tobu » Mon Sep 13, 2010 10:10 am UTC

Do none of you use PwdHash? Salt your password on the client side. With the firefox extension, you'll also be immune to keystroke-logging javascript.

March 1997 reminds me of the “9/11 changed everything” meme. When those numbers are mentioned we have a readily-supplied narrative (a senseless one that made invading Iraq seem like a good idea) and we can't ignore it. When black hat guy substitutes a date for his own momentous, life changing event we have to keep guessing.

AmbroseChapel
Posts: 1
Joined: Mon Sep 13, 2010 10:18 am UTC

Re: "Password Reuse" Discussion (#792)

Postby AmbroseChapel » Mon Sep 13, 2010 10:23 am UTC

I think it was "The English Patient" winning the Oscar. Seriously. Watch that movie again and tell me I'm wrong.

khaighle
Posts: 6
Joined: Fri Dec 05, 2008 11:38 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby khaighle » Mon Sep 13, 2010 10:28 am UTC

March 1997 coincides with the international release of Star Wars: Special Edition, at which point it was established that "Greedo Shot First."

I haven't believed in anything since then either.

User avatar
Karilyn
Posts: 282
Joined: Thu Oct 15, 2009 6:09 pm UTC

Re: "Password Reuse" discussion (#792)

Postby Karilyn » Mon Sep 13, 2010 10:30 am UTC

Steve the Pocket wrote:So I randomly guessed that March 1997 was when they passed the DMCA, because that sounds like the sort of thing that would make Randall "stop believing in anything." I guessed wrong. Who else wants to take a stab at it?

I poked around, and for the lack of anything that would seem relevant, I'm going to say it's a random date and/or a variation of a Noodle Incident
Gelsamel wrote:If you punch him in the face repeatedly then it's science.

SpaceShipRat
Posts: 55
Joined: Sat Jul 10, 2010 8:18 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby SpaceShipRat » Mon Sep 13, 2010 10:36 am UTC

I've always wanted to do this, to con people out of their Neopoints. Luckily I grew up, but still... neeeopoints...
I use unique passwords for both the most important and the most untrustworthy sites.

User avatar
okvol
Posts: 13
Joined: Mon Jun 18, 2007 9:52 pm UTC

Re: "Password Reuse" Discussion (#792)

Postby okvol » Mon Sep 13, 2010 10:51 am UTC

"Focus on the Family" started by Dr. James Dodson. This guy makes Sarah Palin look liberal.
This signature left intentionally blank.

Uninfinity
Posts: 64
Joined: Wed Aug 25, 2010 8:25 am UTC
Contact:

Re: "Password Reuse" discussion (#792)

Postby Uninfinity » Mon Sep 13, 2010 11:05 am UTC

Kyrn wrote:
Uninfinity wrote:It feels like the black hat guy is slowly turning into the joker for some reason. This is good. :D

Which Joker?

I could just say Heath Ledger, but I haven't seen all the Batmans yet. It's just that his whole chaosy kick-schroedinger's-cat-off-the-universe vibe is gettin' at me.

Also, unrelatedly, look at the chairs in this comic.

Mekmek
Posts: 20
Joined: Fri Aug 15, 2008 9:17 pm UTC

Re: "Password Reuse" discussion (#792)

Postby Mekmek » Mon Sep 13, 2010 11:18 am UTC

Karilyn wrote:I'm going to say it's a random date and/or a variation of a Noodle Incident

I'm also in favor of no real event at all. Instead it's an in-character reference. Maybe to this?


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: orthogon, ZoomanSP and 47 guests