Profile

unixronin: Galen the technomage, from Babylon 5: Crusade (Default)
Unixronin

Links

December 2012

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Navigation

Page Summary

Most Popular Tags

Expand Cut Tags

No cut tags

Suspicious

unixronin: Galen the technomage, from Babylon 5: Crusade (Default)
[personal profile] unixronin
Saturday, October 29th, 2005 07:31 pm

So now [livejournal.com profile] cymrullewes has got the "We advise you to change your password now!" message I got the other day.  Seems like a hell of a LOT of people are getting it.

This leads me to wonder:  Is there something we should know, that LiveJournal isn't telling us...?  Did their registration database maybe get hacked, or something like that?

  • Current Mood: dubious
Tags:
Flat | Top-Level Comments Only

[identity profile] ttocs.livejournal.com
Saturday, October 29th, 2005 04:41 pm (UTC)
if you find out followup? I got one, but ignored it.

Password Standards

[identity profile] adriang.livejournal.com
Saturday, October 29th, 2005 04:59 pm (UTC)
I read a post in one of their announcement communities. They are trying to encourage people to use stronger passwords. In particular, passwords are not considered strong enough if they do not contain at least one number or symbol.

They say that, at some point, they will require that passwords which are not strong enough be changed. For the moment, they are only warning users.

I imagine they've always had occasional reports of people breaking into other people's accounts. I don't think they've had minimum password standards before, and I think they've decided it's time to start encouraging better passwords.

Adrian

Re: Password Standards

[identity profile] yndy.livejournal.com
Saturday, October 29th, 2005 06:10 pm (UTC)
Awhile back, they stopped allowing "new account" passwords to be based on dictionary words - even if numeric equivalents were used... like, say "b1cycl3" would trip the 'choose another password' script.

BUUUUT... there wasn't any mechanism at the time iirc, to alert users already using iffy passwords.

Still, I highly doubt that [livejournal.com profile] unixronin and [livejournal.com profile] cymrullewes are the type o' folks to use easily broken passwords...

I know I don't - but then, I haven't gotten an email yet.

Re: Password Standards

[identity profile] cymrullewes.livejournal.com
Sunday, October 30th, 2005 07:04 am (UTC)
Wasn't an e-mail. I went to make a post with LogJam yesterday and a dialog popped up saying my password is too weak.

[identity profile] jilara.livejournal.com
Saturday, October 29th, 2005 10:51 pm (UTC)
LJ has been telling me my passwords suck for a long time Even with a number or two. It's because there is usually a real word in there, somewhere, even if it's unintentional.

Our system at work enforces "strong passwords" so my elaborite hard-to-decode passwords are no longer allowed. I've taken to using very easy to break, brain-dead algorythms, because for some reason the encryption system thinks those are just fine. (I was shocked, the first time it allowed me to use one, and I think I keep doing this out of horrified fascination.)

[identity profile] olafthunderfoot.livejournal.com
Sunday, October 30th, 2005 06:07 am (UTC)
great point, i just changed my password!
Flat | Top-Level Comments Only