Google Gurgle

[Roedy Green]

For some reason, Google stopped letting me login. To rectify the
problem they will send a link to reset your password, to your gmail
account. Of course you need to login to google to access it.

You wonder if anyone ever tests these things.

I have wasted over an hour with Google this week with their rats' nest
of accounts and ids not working.

If a form wants an email address as a account id, let them say so!
--
Roedy Green Canadian Mind Products
http://mindprod.com

"The telephone is the greatest single enemy of scholarship; for what our intellectual forebears used to inscribe in ink now goes once over a wire into permanent oblivion."
~ Dr. Stephen Jay Gould (born: 1941-09-10 died: 2002-05-02 at age: 60)

 

[Arved Sandstrom]

[ SNIP ]

If a form wants an email address as a account id, let them say so!

I'm with you on that one. Especially if the %^&$#!@ site in question has
had you spend some quality time constructing a "6-32 character,
alphanumeric, at least one number" username...

AHS

 

[Qu0ll]

For some reason, Google stopped letting me login. To rectify the
problem they will send a link to reset your password, to your gmail
account. Of course you need to login to google to access it.

You wonder if anyone ever tests these things.

I have wasted over an hour with Google this week with their rats' nest
of accounts and ids not working.

If a form wants an email address as a account id, let them say so!

Have you considered that perhaps your account was hacked and the password
changed? Maybe by one of those anti-Roedy people we spoke of a couple of
weeks ago.

--
And loving it,

-Qu0ll (Rare, not extinct)
_________________________________________________
(e-mail address removed)
[Replace the "SixFour" with numbers to email me]

 

[Roedy Green]

Have you considered that perhaps your account was hacked and the password
changed? Maybe by one of those anti-Roedy people we spoke of a couple of
weeks ago.

My passwords do not live in a dictionary, but I have reused the same
password for unimportant accounts. I will have to stop doing that. I
may have reused one of the google passwords, though I did not use the
"throwaway" password.

Does anyone use a tool to store all those dozens of passwords
securely, and have them paste in, like the old Gator did in years
past? Opera works ok, but sometime forgets passwords, or gets
confused it website layouts change, so I don't trust it for permanent
storage.


--
Roedy Green Canadian Mind Products
http://mindprod.com

"The telephone is the greatest single enemy of scholarship; for what our intellectual forebears used to inscribe in ink now goes once over a wire into permanent oblivion."
~ Dr. Stephen Jay Gould (born: 1941-09-10 died: 2002-05-02 at age: 60)

 

[Martin Gregorie]

Does anyone use a tool to store all those dozens of passwords securely,
and have them paste in, like the old Gator did in years past?

Yep. A private Apache web server with the password-holding pages
requiring master password access and stored in an encrypted partition.

 

[Joshua Cranmer]

Does anyone use a tool to store all those dozens of passwords
securely, and have them paste in, like the old Gator did in years
past?

~/foobar, where I don't list my passwords but my hints for all my
passwords. I somehow manage to remember what "munged squalene" is,
although USACO and cranberries are two of my random hints.

On a related topic, I'd like to voice my everlasting displeasure at
sites that make you choose password reminder questions from a
ridiculously small, easily-derived guess. Anyone doing research on me
could probably easily find my birthday, mother's maiden name, and the
first school I went to. My first pet's name probably isn't that hard as
well.

Now, things like the first anime I got interested in without my sister's
involvement (which even she couldn't tell you ;-) ), the names of
interesting-sounding mathematical theorems (such a plethora to choose
from), the topic I did my differential equations project on (for some
definition of `did')... those would be much harder for would-be
malicious persons to discover.

 

[Martin Gregorie]

On a related topic, I'd like to voice my everlasting displeasure at
sites that make you choose password reminder questions from a
ridiculously small, easily-derived guess. Anyone doing research on me
could probably easily find my birthday, mother's maiden name, and the
first school I went to. My first pet's name probably isn't that hard as
well.

I agree with you. Once a site has gone to the trouble of securely storing
and changing a password, the additional cost of letting you supply the
question as well must be minimal.

Mind you, its even more stupid to tell you, as some sites and OSes do,
whether you got the user name or the password wrong. Simply replying
'Wrong!' is much more secure.

 

[Andreas Leitgeb]

On a related topic, I'd like to voice my everlasting displeasure at
sites that make you choose password reminder questions from a
ridiculously small, easily-derived guess.

I'd like to further differentiate among such sites, as some of them
use this ridiculously easily guessable question just to write a mail
to my (other) account, with a reset-link. Why then at all that
question? So I do not receive a bulk of reset-mails triggered by users
who idly(or accidentally) attempt the password-reset for my account
without at least the effort of getting to know something about me, or
trying a couple of answers.

I do share your everlasting displeasure for any other sites, that
indeed open up to any successful Q/A-guesser directly, but haven't
met such a site, yet, myself.

 

[Donkey Hottie]

For some reason, Google stopped letting me login. To
rectify the problem they will send a link to reset your
password, to your gmail account. Of course you need to
login to google to access it.

You wonder if anyone ever tests these things.

I have wasted over an hour with Google this week with
their rats' nest of accounts and ids not working.

If a form wants an email address as a account id, let
them say so!

An what has this to do with Java the programming language?

That's the question the newbies see when they ask their stuff. Why not old
farts as well..

 

[Tom Anderson]

Yup - Password Safe:

http://passwordsafe.sourceforge.net/

Originally written by none other than Bruce 'The Chuck Norris of Crypto'
Schneier [1]:

http://www.schneier.com/passsafe.html

And now open source.

~/foobar, where I don't list my passwords but my hints for all my passwords.
I somehow manage to remember what "munged squalene" is,

Hopene?

tom

[1] I'm not even kidding:

http://www.schneierfacts.com/

 

[RedGrittyBrick]

For some reason, Google stopped letting me login [...]

An what has this to do with Java the programming language?

That's the question the newbies see when they ask their stuff. Why not
old farts as well..

It's been said to Roedy before. Roedy is just as good at ignoring it as
some newbies are.

Newbies should learn that, for their idiosyncrasies to be tolerated
without comment, they must post a *lot* of helpful stuff too.

 

[markspace]

Does anyone use a tool to store all those dozens of passwords
securely,

Yes, I have a bound notebook that I write down the root account and root
password of all my sites, plus other important personal information.
It's not hackable because it's not on the net, and it stays in a secure
location with my personal things.

I've never been robbed, and I've never had a fire (bigger than a frying
pan, anyway). If the information were more valuable (websites
generating revenue) I'd have duplicates in a safe-deposit box.

 

[Donkey Hottie]

Does anyone use a tool to store all those dozens of
passwords securely, and have them paste in, like the old
Gator did in years past? Opera works ok, but sometime
forgets passwords, or gets confused it website layouts
change, so I don't trust it for permanent storage.

I use TrueCrypt, and a txt file on a TC volume. That goes with with me on a
ram stick wherever I go.

TrueCrypt has its binary in the stick, and starts automatically whenever I
put the device in.

 

[RedGrittyBrick]

Does anyone use a tool to store all those dozens of passwords
securely, and have them paste in, like the old Gator did in years
past? Opera works ok, but sometime forgets passwords, or gets
confused it website layouts change, so I don't trust it for permanent
storage.

I used Keyring for PalmOS (http://gnukeyring.sourceforge.net/) together
with a Java KeyRing viewer (see, it's not 100% off-topic).

I added/updated/viewed on the Palm device, the encrypted database got
hot-synced by the Palm to various PCs where I could also view the data
using the Java viewer. Of course my Palm died and the Pré doesn't
hostsync :-(

I've considered switching to Password Safe (Bruce Schneier's) on a U3 stick.

 

[Lew]

... learn that, for their idiosyncrasies to be tolerated
without comment, they must post a *lot* of helpful stuff too.

Without comment?

 

[Roedy Green]

An what has this to do with Java the programming language?

I am asking this stuff because of two Java Applets I wrote:
Password Generator and Holiday Calculator, but mainly because you are
the people I know.


http://mindprod.com/applet/password.html

http://mindprod.com/applet/holidays.html

also the entry in the Java glossary on passwords:

http://mindprod.com/jgloss/password.html
--
Roedy Green Canadian Mind Products
http://mindprod.com

"The telephone is the greatest single enemy of scholarship; for what our intellectual forebears used to inscribe in ink now goes once over a wire into permanent oblivion."
~ Dr. Stephen Jay Gould (born: 1941-09-10 died: 2002-05-02 at age: 60)

 

[Nigel Wade]

My home version of Norton anti-virus has a web credentials locker which can do
this. Supply it with a master password and it will auto-fill login credentials
to sites you allow it to. However, I removed NAV when I found it was diverting
all failed DNS lookups to an advertising web site - not what I expect from
commercial, purchased, security software.

What I use to record web logins (and other info as well) is eWallet, a secure
vault which runs on both Windows Mobile and on Windows PCs, and syncs between
them. It doesn't enter info directly into websites, but it does mean I always
have the information with me (unless I forget my mobile phone).

On a related topic, I'd like to voice my everlasting displeasure at
sites that make you choose password reminder questions from a
ridiculously small, easily-derived guess. Anyone doing research on me
could probably easily find my birthday, mother's maiden name, and the
first school I went to. My first pet's name probably isn't that hard as
well.

There is no requirement to tell the truth. Tell them anything - give your
Mother's maiden name as Eton College, what does it matter? As long as you never
forget the password, or remember which question and what incorrect answer you
gave, then you have no problem.

 

[Arne Vajhøj]

On a related topic, I'd like to voice my everlasting displeasure at
sites that make you choose password reminder questions from a
ridiculously small, easily-derived guess. Anyone doing research on me
could probably easily find my birthday, mother's maiden name, and the
first school I went to. My first pet's name probably isn't that hard as
well.

And it is not just theoretical:

http://www.huffingtonpost.com/2008/09/18/sarah-palins-e-mail-hacke_n_127553.html

Arne