Updated password policy (1 Viewer)

thumped

chronic procrastinator
Staff member
Since 1999
Joined
Nov 14, 1999
Messages
57,148
Solutions
3
Location
iPanopticon
Website
thumped.com
I've put some new rules in place around passwords for whenever you're next updating your password (you do update your passwords, right? Right?).

We are now using:

  • Dropbox/Dan Wheelers's zxcvbn, a "password strength estimator inspired by password crackers. Through pattern matching and conservative entropy calculations, it recognizes and weighs 10k common passwords, common names and surnames according to US census data, popular English words, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.

    Consider using zxcvbn as an algorithmic alternative to password policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}"."

  • Troy Hunt's Pwned Passwords service, to protect against password reuse and credential stuffing. "Password reuse is normal. It's extremely risky, but it's so common because it's easy and people aren't aware of the potential impact. Attacks such as credential stuffing take advantage of reused credentials by automating login attempts against systems using known emails and password pairs. The Pwned Passwords service was created in August 2017 after NIST released guidance specifically recommending that user-provided passwords be checked against existing data breaches . The rationale for this advice and suggestions for how applications may leverage this data is described in detail in the blog post titled Introducing 306 Million Freely Downloadable Pwned Passwords. In February 2018, version 2 of the service was released with more than half a billion passwords, each now also with a count of how many times they'd been seen exposed. "

  • Look! It's a password strength indicator.

  • Minimum password length of 8 characters
 

thumped

chronic procrastinator
Staff member
Since 1999
Thread starter
Joined
Nov 14, 1999
Messages
57,148
Solutions
3
Location
iPanopticon
Website
thumped.com
There was a little bar telling me how strong it was(n't) but all went smoothly, it turns out this password was used somewhere else, although I have no idea where

View attachment 15014
Yeah I upgraded some of that password related stuff a couple of days ago…. and then completely forgot to test it.
 

thumped

chronic procrastinator
Staff member
Since 1999
Thread starter
Joined
Nov 14, 1999
Messages
57,148
Solutions
3
Location
iPanopticon
Website
thumped.com
The warning notification should appear once every 24 hours when you login with a password that appears anywhere in the haveibeenpwnd database. It doesn’t mean that the password is linked to your username specifically.
 

Lili Marlene

FURIOUS
Supporter
Contributor
Joined
Oct 14, 2002
Messages
30,422
Solutions
3
Location
Way beyond the Rubicon
lol


I am aware OLDPASSWORD is one of your pass. Lets get directly to the point. Not a single person has compensated me to check about you. You may not know me and you are most likely thinking why you are getting this email?

Well, i actually placed a malware on the adult videos (pornography) web-site and there's more, you visited this web site to have fun (you know what i mean). When you were watching video clips, your web browser started out working as a Remote control Desktop with a key logger which provided me accessibility to your screen and also webcam. after that, my software collected every one of your contacts from your Messenger, Facebook, as well as e-mail. after that i created a video. 1st part displays the video you were viewing (you have a fine taste rofl), and second part shows the recording of your web cam, and it is u.

You get two different options. Why dont we take a look at the options in details:

1st alternative is to ignore this e-mail. in such a case, i will send out your very own video clip to all your contacts and then consider concerning the humiliation you will see. and definitely if you are in a romantic relationship, just how it will certainly affect?

Second option would be to compensate me $5755. Lets refer to it as a donation. Then, i most certainly will straightaway erase your video. You could keep daily life like this never happened and you would never hear back again from me.
 

thumped

chronic procrastinator
Staff member
Since 1999
Thread starter
Joined
Nov 14, 1999
Messages
57,148
Solutions
3
Location
iPanopticon
Website
thumped.com
lol


I am aware OLDPASSWORD is one of your pass. Lets get directly to the point. Not a single person has compensated me to check about you. You may not know me and you are most likely thinking why you are getting this email?

Well, i actually placed a malware on the adult videos (pornography) web-site and there's more, you visited this web site to have fun (you know what i mean). When you were watching video clips, your web browser started out working as a Remote control Desktop with a key logger which provided me accessibility to your screen and also webcam. after that, my software collected every one of your contacts from your Messenger, Facebook, as well as e-mail. after that i created a video. 1st part displays the video you were viewing (you have a fine taste rofl), and second part shows the recording of your web cam, and it is u.

You get two different options. Why dont we take a look at the options in details:

1st alternative is to ignore this e-mail. in such a case, i will send out your very own video clip to all your contacts and then consider concerning the humiliation you will see. and definitely if you are in a romantic relationship, just how it will certainly affect?

Second option would be to compensate me $5755. Lets refer to it as a donation. Then, i most certainly will straightaway erase your video. You could keep daily life like this never happened and you would never hear back again from me.
Ah the good old credential stuffing extortion attempts.
 

Cornu Ammonis

Well-Known Member
Supporter
Contributor
Joined
Feb 1, 2011
Messages
8,515
Solutions
1
Location
Dublin
Website
brainwashed.com
lol


I am aware OLDPASSWORD is one of your pass. Lets get directly to the point. Not a single person has compensated me to check about you. You may not know me and you are most likely thinking why you are getting this email?

Well, i actually placed a malware on the adult videos (pornography) web-site and there's more, you visited this web site to have fun (you know what i mean). When you were watching video clips, your web browser started out working as a Remote control Desktop with a key logger which provided me accessibility to your screen and also webcam. after that, my software collected every one of your contacts from your Messenger, Facebook, as well as e-mail. after that i created a video. 1st part displays the video you were viewing (you have a fine taste rofl), and second part shows the recording of your web cam, and it is u.

You get two different options. Why dont we take a look at the options in details:

1st alternative is to ignore this e-mail. in such a case, i will send out your very own video clip to all your contacts and then consider concerning the humiliation you will see. and definitely if you are in a romantic relationship, just how it will certainly affect?

Second option would be to compensate me $5755. Lets refer to it as a donation. Then, i most certainly will straightaway erase your video. You could keep daily life like this never happened and you would never hear back again from me.
Send him a link to the Bratz dolls thread and watch him cower.
 

nuke terrorist

Well-Known Member
Supporter
Joined
Dec 21, 2004
Messages
2,688
Location
'north munster'
lol


I am aware OLDPASSWORD is one of your pass. Lets get directly to the point. Not a single person has compensated me to check about you. You may not know me and you are most likely thinking why you are getting this email?

Well, i actually placed a malware on the adult videos (pornography) web-site and there's more, you visited this web site to have fun (you know what i mean). When you were watching video clips, your web browser started out working as a Remote control Desktop with a key logger which provided me accessibility to your screen and also webcam. after that, my software collected every one of your contacts from your Messenger, Facebook, as well as e-mail. after that i created a video. 1st part displays the video you were viewing (you have a fine taste rofl), and second part shows the recording of your web cam, and it is u.

You get two different options. Why dont we take a look at the options in details:

1st alternative is to ignore this e-mail. in such a case, i will send out your very own video clip to all your contacts and then consider concerning the humiliation you will see. and definitely if you are in a romantic relationship, just how it will certainly affect?

Second option would be to compensate me $5755. Lets refer to it as a donation. Then, i most certainly will straightaway erase your video. You could keep daily life like this never happened and you would never hear back again from me.
I have tape over my laptop camera. so I told him to feck off.

the first one of these scams I saw in the mid 90's was a letter from Nigerian dude 'Nkoda Collins' who embezzled money from road building projects and wanted to put the money in my friend's account.
 

Users who are viewing this thread

Latest Activity

Loading…

We're listening to...

  • Pirates
    Skeletons
    Rickie Lee Jones
    Pirates
  • Brain Development Lullabies
    Menuetto from Gallimathias Musicum
    Music Box Orchestra
    Brain Development Lullabies

Support thumped.com

Support thumped.com and upgrade your account

Upgrade your account now to disable all ads... If we had any... Which we don't right now.

Upgrade now

Latest posts

Trending Threads

Latest threads

Top