Updated password policy (1 Viewer)

  • Thread starter pete
  • Start date
  • Replies 15
  • Views 2K
  • Watchers 0

pete

chronic procrastinator
Staff member
Since 1999
Joined
Nov 14, 1999
Messages
62,900
Solutions
3
Location
iPanopticon
Website
thumped.com
I've put some new rules in place around passwords for whenever you're next updating your password (you do update your passwords, right? Right?).

We are now using:

  • Dropbox/Dan Wheelers's zxcvbn, a "password strength estimator inspired by password crackers. Through pattern matching and conservative entropy calculations, it recognizes and weighs 10k common passwords, common names and surnames according to US census data, popular English words, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.

    Consider using zxcvbn as an algorithmic alternative to password policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}"."

  • Troy Hunt's Pwned Passwords service, to protect against password reuse and credential stuffing. "Password reuse is normal. It's extremely risky, but it's so common because it's easy and people aren't aware of the potential impact. Attacks such as credential stuffing take advantage of reused credentials by automating login attempts against systems using known emails and password pairs. The Pwned Passwords service was created in August 2017 after NIST released guidance specifically recommending that user-provided passwords be checked against existing data breaches . The rationale for this advice and suggestions for how applications may leverage this data is described in detail in the blog post titled Introducing 306 Million Freely Downloadable Pwned Passwords. In February 2018, version 2 of the service was released with more than half a billion passwords, each now also with a count of how many times they'd been seen exposed. "

  • Look! It's a password strength indicator.

  • Minimum password length of 8 characters
 
I've had the same password on here since 2002.

I don't think I actually use it anywhere else.
 
Did it give you any grief?
There was a little bar telling me how strong it was(n't) but all went smoothly, it turns out this password was used somewhere else, although I have no idea where

1627289232372.png
 
There was a little bar telling me how strong it was(n't) but all went smoothly, it turns out this password was used somewhere else, although I have no idea where

View attachment 15014
Yeah I upgraded some of that password related stuff a couple of days ago…. and then completely forgot to test it.
 
The warning notification should appear once every 24 hours when you login with a password that appears anywhere in the haveibeenpwnd database. It doesn’t mean that the password is linked to your username specifically.
 
lol


I am aware OLDPASSWORD is one of your pass. Lets get directly to the point. Not a single person has compensated me to check about you. You may not know me and you are most likely thinking why you are getting this email?

Well, i actually placed a malware on the adult videos (pornography) web-site and there's more, you visited this web site to have fun (you know what i mean). When you were watching video clips, your web browser started out working as a Remote control Desktop with a key logger which provided me accessibility to your screen and also webcam. after that, my software collected every one of your contacts from your Messenger, Facebook, as well as e-mail. after that i created a video. 1st part displays the video you were viewing (you have a fine taste rofl), and second part shows the recording of your web cam, and it is u.

You get two different options. Why dont we take a look at the options in details:

1st alternative is to ignore this e-mail. in such a case, i will send out your very own video clip to all your contacts and then consider concerning the humiliation you will see. and definitely if you are in a romantic relationship, just how it will certainly affect?

Second option would be to compensate me $5755. Lets refer to it as a donation. Then, i most certainly will straightaway erase your video. You could keep daily life like this never happened and you would never hear back again from me.
 
lol


I am aware OLDPASSWORD is one of your pass. Lets get directly to the point. Not a single person has compensated me to check about you. You may not know me and you are most likely thinking why you are getting this email?

Well, i actually placed a malware on the adult videos (pornography) web-site and there's more, you visited this web site to have fun (you know what i mean). When you were watching video clips, your web browser started out working as a Remote control Desktop with a key logger which provided me accessibility to your screen and also webcam. after that, my software collected every one of your contacts from your Messenger, Facebook, as well as e-mail. after that i created a video. 1st part displays the video you were viewing (you have a fine taste rofl), and second part shows the recording of your web cam, and it is u.

You get two different options. Why dont we take a look at the options in details:

1st alternative is to ignore this e-mail. in such a case, i will send out your very own video clip to all your contacts and then consider concerning the humiliation you will see. and definitely if you are in a romantic relationship, just how it will certainly affect?

Second option would be to compensate me $5755. Lets refer to it as a donation. Then, i most certainly will straightaway erase your video. You could keep daily life like this never happened and you would never hear back again from me.
Ah the good old credential stuffing extortion attempts.
 
lol


I am aware OLDPASSWORD is one of your pass. Lets get directly to the point. Not a single person has compensated me to check about you. You may not know me and you are most likely thinking why you are getting this email?

Well, i actually placed a malware on the adult videos (pornography) web-site and there's more, you visited this web site to have fun (you know what i mean). When you were watching video clips, your web browser started out working as a Remote control Desktop with a key logger which provided me accessibility to your screen and also webcam. after that, my software collected every one of your contacts from your Messenger, Facebook, as well as e-mail. after that i created a video. 1st part displays the video you were viewing (you have a fine taste rofl), and second part shows the recording of your web cam, and it is u.

You get two different options. Why dont we take a look at the options in details:

1st alternative is to ignore this e-mail. in such a case, i will send out your very own video clip to all your contacts and then consider concerning the humiliation you will see. and definitely if you are in a romantic relationship, just how it will certainly affect?

Second option would be to compensate me $5755. Lets refer to it as a donation. Then, i most certainly will straightaway erase your video. You could keep daily life like this never happened and you would never hear back again from me.
Send him a link to the Bratz dolls thread and watch him cower.
 
lol


I am aware OLDPASSWORD is one of your pass. Lets get directly to the point. Not a single person has compensated me to check about you. You may not know me and you are most likely thinking why you are getting this email?

Well, i actually placed a malware on the adult videos (pornography) web-site and there's more, you visited this web site to have fun (you know what i mean). When you were watching video clips, your web browser started out working as a Remote control Desktop with a key logger which provided me accessibility to your screen and also webcam. after that, my software collected every one of your contacts from your Messenger, Facebook, as well as e-mail. after that i created a video. 1st part displays the video you were viewing (you have a fine taste rofl), and second part shows the recording of your web cam, and it is u.

You get two different options. Why dont we take a look at the options in details:

1st alternative is to ignore this e-mail. in such a case, i will send out your very own video clip to all your contacts and then consider concerning the humiliation you will see. and definitely if you are in a romantic relationship, just how it will certainly affect?

Second option would be to compensate me $5755. Lets refer to it as a donation. Then, i most certainly will straightaway erase your video. You could keep daily life like this never happened and you would never hear back again from me.
I have tape over my laptop camera. so I told him to feck off.

the first one of these scams I saw in the mid 90's was a letter from Nigerian dude 'Nkoda Collins' who embezzled money from road building projects and wanted to put the money in my friend's account.
 

Users who are viewing this thread

Activity
So far there's no one here
Old Thread: Hello . There have been no replies in this thread for 365 days.
Content in this thread may no longer be relevant.
Perhaps it would be better to start a new thread instead.

21 Day Calendar

Mohammad Syfkhan 'I Am Kurdish' Dublin Album Launch
Bello Bar
1 Portobello Harbour, Saint Kevin's, Dublin, Ireland
Mohammad Syfkhan 'I Am Kurdish' Dublin Album Launch
Bello Bar
1 Portobello Harbour, Saint Kevin's, Dublin, Ireland
Gig For Gaza w/ ØXN, Junior Brother, Pretty Happy & Mohammad Syfkhan
Vicar Street
58-59 Thomas St, The Liberties, Dublin 8, Ireland
Bloody Head, Hubert Selby Jr Infants, Creepy Future - Dublin
Anseo
18 Camden Street Lower, Saint Kevin's, Dublin, Ireland

Support thumped.com

Support thumped.com and upgrade your account

Upgrade your account now to disable all ads... If we had any... Which we don't right now.

Upgrade now

Latest threads

Latest Activity

Loading…
Back
Top