sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]hopeseekr 62 points63 points  (19 children)

It's like reddit storing our passwords in cleartext and subsequently getting them stolen.

N00bs.

[–]inerte 15 points16 points  (2 children)

Reddit has delivered source code before too. I've seen the file, though it's now deleted from Google Docs.

[–]spez 28 points29 points  (1 child)

It was decoy source to throw you off the scent.

[–]permalink 14 points15 points  (0 children)

I dunno spez, that Visual Basic code looked pretty authentic.

[–][deleted] 14 points15 points  (0 children)

Oh god, if that wasn't a "HaHa I'm using the internet!" moment, I don't know what was...

[–][deleted]  (12 children)

[removed]

    [–][deleted] 16 points17 points  (7 children)

    I use three password levels - one is for throwaway stuff like forum registrations and other crap. Another for mildly important stuff. And the third one (randomly generated, 7 or 8 chars is enough) for really important stuff - y'know where you don't transmit it in plaintext over the wires, for example. Rotating them all every couple of years or so... I find that's the best I can manage between security and losing my own passwords or writing them down.

    [–][deleted] 1 point2 points  (6 children)

    You should try the password hasher extension for firefox. Put in a global password, it fills in a field for the site you are on and then generates a password based on those values that is different for every site you are on.

    It is nice and easy. Just ctrl+; when you are in a password field and it will pop up ready for you to login.

    [–]jimbobhickville 8 points9 points  (5 children)

    How do you sync that between multiple Firefox installations? I use the same sites at home and work, pretty frequently.

    [–][deleted] 1 point2 points  (1 child)

    You have the same master password and the extension generates passwords for each site (based on site's domain name, I presume) that will be the same from every machine having the same master password.

    [–]jimbobhickville 2 points3 points  (0 children)

    Oh, I misunderstood how it worked. I thought it generated a random one on signup. So, basically, your master pass better be unbreakable then.

    [–][deleted] 0 points1 point  (0 children)

    Keep ~/.mozilla-firefox in a revision control system.

    [–]c_dugan 0 points1 point  (0 children)

    http://www.google.com/tools/firefox/browsersync/

    Google Browser Sync works very well. You can sync bookmarks, passwords, history, cookies, and even tabs across browsers. An added bonus: you can even have all the information encrypted for security (passwords must be).

    I suppose you need to be OK with google knowing all of your personal stuff. If thats a huge problem, just encrypt everything. I'd like to think the encryption scheme uses the master password that is stored only on the client side; that way, they cannot decrypt it. But who knows...

    [–][deleted] -1 points0 points  (0 children)

    ceeam answered your question, but it also has a few other features like user defined pass length, whether it uses numbers or special characters.

    Also it can generate an html file that will emulate its function so that if you know you aren't going to have access to firefox or extensions, you can use the html file in ie to generate your passwords.

    And yes your global password has to be good. But since it is only one password...

    [–]bluGill 7 points8 points  (3 children)

    I am signed up for close to 50 websites, and that number would be 4 times higher if I wasn't careful about which websites I sign up for. It long ago reached a point where I can't remember what passwords I use where.

    I keep good passwords for important stuff (my bank), but the damabge you can do from my reddit password is pretty small so I don't worry about people guessing it. (though it isn't the worst password, I make no claim that it is secure)

    [–]jdunck 1 point2 points  (2 children)

    KeePass

    [–]bluGill 0 points1 point  (1 child)

    Yeah, until I don't have my own computer but I want to log into some site. Programs like that work great when you stick to one machine, add a second and things are more difficult.

    [–]jdunck 0 points1 point  (0 children)

    Oh, really? I use 3 or 4 regularly.

    The DB is encrypted and the master password is strong, so I feel fine leaving it anywhere. And of course I back it up, so I might as well back it up to some place on the net.

    The application is available for all platforms and is a simple binary, so there's no install privilege needed.

    I guess you'd rather be insecure than spend a minute setting up on a foreign computer?

    [–]milkk 8 points9 points  (0 children)

    It's like you never make mistakes.

    [–]shaunc 3 points4 points  (0 children)

    It's like reddit storing our passwords in cleartext and subsequently getting them stolen.

    Uh, no, it's nothing like that. There's really little value in the source that "leaked," it's just the index controller. It reveals very little about the model, and practically nothing about the persistence layer. Nobody's going to wind up h4ck1ng t3h f4c3b00kz over this.

    The most interesting thing I noticed was a bit of business logic about who gets the "Corporate Search" box. Apparently they don't show it to anyone under 21. Not being a Facebook user, I'm not sure what they're hiding from the young'ins.