That's solved by clearing the account's password field when locking it. The absence of a password could even be the flag that indicates an account is locked.
| [reply] |
Using the same password for all your online accounts in like using the same key for your house, car, office, bank deposit box, mail box, bike lock, etc, etc, etc and then leaving a copy of the key with every manager of every service and letting unknown third parties by the dozen tool the copies for you. No one in their right mind would consider doing that. I wish people would take a little more conscientious responsibility for their online lives too.
That said, I agree that deleting/locking is a good idea and of course it's quite sad that a place like this where everyone actually does know better was still keeping clear passwords at all. I'm not personally particularly worried about it because I have different passwords for every one of 100+ sites I have accounts. Anyone who doesn’t is inviting disaster. Some hackers don't announce their hacks. Some sites don't report, or even necessarily ever know about, security breaches.
| [reply] |
No one in their right mind would consider doing that. I wish people would take a little more conscientious responsibility for their online lives too.
In a perfect world everyone would do as you suggest. In an even more perfect world those 100+ passwords would be changed periodically. However, you will be fighting human nature every step of the way. The vast majority of people will not track and manage anywhere near 100 passwords.
I was once involved in a study of user habits. Not only were passwords extensively reused, but most were derived from:
- date or year of birth
- child/spouse/pet name
- organization/department/profession/job title
While I agree with your sentiments and applaud your diligence, short of threatening extreme bodily harm, getting most users to practice good password management is probably a lost cause, even among those who should know better.
btw: s/hackers/crackers/
| [reply] |
It's not humanly possible to remember 100+ everchanging passwords so you'd have to track them somewhere, then once the place you write them down is compromised all your passwords are. Isn't it better to remember (and keep changing) the two or three important passwords and reuse or nearly reuse the same password for the unimportant places? I mean ... I am registered on quite a few forums ... do I care someone might post something under my name on eg. PerlEnEspanol or one of the several database forums? Nope. Besides what would be the point? And what would be the harm? Most likely it would be just a silly "Fantomas was here" message.
Make sure your important passwords are safe and secure and don't sweat over the rest.
Jenda
Enoch was right!
Enjoy the last years of Rome.
| [reply] |
I agree with you. And I don't believe a "perfect" world is possible or even desirable. I just don't have a shred of sympathy for those who don't take responsibility for their online identities. And when they start getting threatening or talking about legalities, I start getting pretty upset because I *like* the wild west web. If the day comes when you have to get a government permit to put up a site with user accounts... well, there's no need to bring blue-language into the thread. :)
"Crackers" use the word "hackers" so I do as well.
| [reply] |