On 9/25/2016 11:47 AM, firstname.lastname@example.org wrote:
If that's his problem, perhaps he shouldn't be on the computer. Under
your theory, he has his password stored and doesn't "remember" it.
That's fine. It will still allow him to log on and once logged in,
Yahoo does NOT require the entry of one's password a second time in
order to change passwords. You merely enter your new password, confirm
it and you're done until the next time.
On Sun, 25 Sep 2016 12:51:44 -0400, burfordTjustice
In my case I don't even have my Yahoo password anywhere. I only use it
for one Yahoo group and I just answer the Emailed post. I never
actually log in. I have tried recovering the PW but none of my answers
match what I wrote 17 years ago when I set up the account.
Is it stored in an encrypted password manager program or the web
browser for auto login purposes? If the latter, nirsoft utils are
your friend. If the former, you'd have to login to your password
manager to recover the current password so you can change it to
Oh, one more thing, stop having your web browser store
login/passwords for you, if that's something you do.
As you'll learn by using the utils I mentioned, it's obviously, NOT
secure. Anyone who has access to your computer with a brain (read:
knows how to pull up the passwords using Nirsoft or a variety of
other tools) can recover them, with ease.
MID: <nb7u27$crn$ email@example.com>
Hmmm. I most certainly don't understand how I can access a copy of a
On 9/25/2016 12:14 PM, Unquestionably Confused wrote:
Why? If it has been working, what makes it more vulnerable with time?
What makes a new password more secure than an old one? Maybe the new
one is easier to crack.
Given the number of web sites I use it would be an all day job to change
"Ed Pawlowski" wrote
| > How difficult is it change passwords? I routinely change mine every six
| > months or so. Just change it and move on.
| Why? If it has been working, what makes it more vulnerable with time?
Did you read about the news? It's a dramatically clear
answer to your question. Yahoo was hacked a couple
of years ago. Chinese hackers might be scanning your
email now, waiting for something like a credit card number
or bank account info, or enough personal info to spoof
your identity. The passwords might have been sold.
The data was stolen by breaking into Yahoo and stealing
their member/password list, not by hacking passwords.
If you changed your password periodically you would have
been protected for most of the last two years.
Think about it, Ed. time has nothing to do with it really. There was a
breach and the password you may have thought to be secure has been leaked.
If your current password is "jTR653ew$*LvfddseZ+" that is a pretty
secure password. However, if there is a data breach on Thursday and
that password and your email account/Yahoo account user name is leaked,
it's worthless. If you change it to "jghfgfd$#cds@--:<Y" the day after
the breach (before some hacking AH changes your old one and locks you
out) you are now secure again. (until the next breach)
"Unquestionably Confused" wrote
| If your current password is "jTR653ew$*LvfddseZ+" that is a pretty
| secure password.
I read an interesting article awhile back saying
that one of the best ways to make a password is to
just join 4 words. Cracking algorythms necessarily
look for patterns. Four words is very memorable
to humans, but not a pattern mathematically. For
More memorable, yet still seemingly random,
things could be invented that mean something
only to the inventor. For instance:
For your aunt Ruth who like doilies and invites
the family every Christmas to her house in Barnard.
It's memorable to you but for a computer it's
just 20 random characters.
"Unquestionably Confused" wrote
| Run those through any password strength meter of your choice and you'll
| find that they are woefully inadequate
No link. No explanation. Did you have a
reason to say that other than impluse or
personal instinct? Here's the source:
You can *seem* to make more obscure passwords
by adding *, !, etc. And you could add those to the 4
words. The author of the articles linked also uses
spaces between words. You could also capitalize some
characters. But as long as the password cracker
assumes those characters are possibilities it will test
for them, so they're no more unique than "a". Menawhile,
you have a 20-character password that you can remember.
I don't doubt that somebody wrote that about passwords, but I don't buy
it and I don't take it as gospel just because somebody did.
I also didn't include a link to password checker simply because my
suggestion was that you run it through any one that you might choose -
and there are plenty.
Here's a couple, so go ahead and give it a try. If you find that these
don't support your position, go ahead and find some more and try them.
Depending upon which one you use - actually, make that REGARDLESS of
which checker you use - you'll find that simply adding a space between
the words of your pass phrase will dramatically increase the difficulty
Then, so long as you're out there trying, try running something like
FU2&es&dye! and see what happens. Or, one of my favorites, something
like "Hgb^7*?/,<dPoo" (with or without the quotation marks, tho if you
use the quotes the time frame runs into the trillions of years<g>)
I use a pass phrase similar to what you suggest (but including some
clinkers to increase difficulty) as a Master Password for my password
manager. Trust me when I say that no matter how I check it, my Master
PW will withstand a couple of billion years of hammering with a computer
and the individual passwords for financial accounts and the like will
withstand trillions. I feel that's adequate as I doubt that I'll be
around much more than 15 or 20 years if I'm really lucky<g>
"Unquestionably Confused" wrote
| I also didn't include a link to password checker simply because my
| suggestion was that you run it through any one that you might choose -
| and there are plenty.
| Here's a couple, so go ahead and give it a try. If you find that these
| don't support your position, go ahead and find some more and try them.
| Good luck.
I did. If you'd bothered to check yourself you would
have found that a 20 character password is considered
very strong, no matter what the characters. Such
password checkers are of little value for anything other
than learning basic rules. They're just simple scripts
that assign points based on unusual characters, length
of password, etc. An OSS example that can be
downloaded is here:
If you try that you'll find that anything over about
12-13 characters is rated strong, even if it's just
13 lower case alphabetic characters. As I noted before,
it's been a long time since unusual characters were
worth much. Many places now require upper and
lower case, at least one number, and at least one
unusual character. So any worthwhile cracker has
already increased its check from 62 alphanumeric
characters to include a dozen or so more. Those
other characters, like #>1, may look exotic, but all
characters are just numeric byte values.
| I use Yahoo's Two-step verification. Even if the perp knows my simple
| password he won't be able to bring up my account on a strange machine.
Isn't that for when you change your password?
I assume you don't answer a security question
every time you log on.
The issue here is that passwords were stolen and
Yahoo didn't know or didn't tell people. So the
thieves could have been logging into any Yahoo
account over the past two years without being
No. It has nothing to do with changing the password.
When I log into Yahoo from a strange (unknown to Yahoo) computer, Yahoo
verifies it's me by texting me a code on my cell phone. When I enter
that code on the strange machine it becomes a known machine and from
that point on there is no more Two-step verification necessary to access
my account on *that particular computer*.
Anyone trying to log in to my account from a strange computer will be
unsuccessful even if they know my password because they don't have my
cell phone for the verification code.
I agree that's bad. But the issue here is also how to protect yourself
now. I suggest activating Two-step verification.
With Two-step verification I would notice an *attempt* to log on to my
account because I would get an unasked for text code.
| When I log into Yahoo from a strange (unknown to Yahoo) computer, Yahoo
| verifies it's me by texting me a code on my cell phone. When I enter
| that code on the strange machine it becomes a known machine and from
| that point on there is no more Two-step verification necessary to access
| my account on *that particular computer*.
That's a clever idea. I had no idea that webmail
companies were now tagging devices. I guess that
makes sense, since many people are now checking
their email mainly from a phone, rather than from
constantly changing desktops in hotels and
Actually, it's not the devices they are "tagging", it's the IP address
which you are using. If I log in from either home or office where I
have static IP addresses, I don't get the verification. If I log in
from any other location, a pass code is sent to my smart phone and I
have to enter it on the computer before my regular log in credentials
Some systems look for a specific IP address while other will allow for a
certain range (in the case of a dynamic IP address assignment by your
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.