Re: Improved password change security!
Mine perpetually says that my new password is too similar to my old one.
... I've tried a dozen so far.
Yahoo! is urging users of its Mail service to change their passwords to something secure and unique to the web giant – after a security breach exposed account login details to theft. The company said that it has reset the passwords on accounts connected to what it termed a "third-party database compromise" – that database …
All operating systems can and in secure settings are configured to remember x number of previous passwords and prevent you from using them again. Whether the password is encrypted or they are just checking against a hash I don't know, but it's pretty much irrelevant. At my current work location I believe they are tracking the previous 24 for both network and email accounts. Damn thing remembers passwords I don't remember having used.
I understand the reason for the check and the absurdly high number of remembered passwords. Back when it remembered the last 5 passwords we had people who would change the password 6 times to get back to their original password. Personally I'd rather those idiots were throw into the Hell of the Upside Down Sinners.
"Please change your password with the form that won't let you change your password. One line asks for current password, second line asks for new password, then click Save. So sez the instructions.
Error pops up telling you the passwords don't match.
Seriously?"
Are you using firefox by any chance?
I almost tore my hair out with this, checking and rechecking i was tapping in the right characters only to have the bloody thing moan about pw not matching.
After pissing about, changing characters, case and symbols thinking it was their shit pw system not recognising certain characters, I tried it in chrome, and it worked first time.
Dont know if its an compatibility thing with an add -on or yahoo are just shit at making websites function properly. Il go with the second option.
Yes, I anticipated this could happen. And decided beforehand that if Yahoo flucked up and locked me out I'd simply abandon the account I've had for 15 years and move to a different provider.
Luckily my password change went smoothly -- apart from their stupid demand for a cellphone number (which I ignored by simply signing out). But Yahoo remain on a short leash as far as I am concerned. Too many more screw ups and slowdowns and I'll look elsewhere.
Keepass is a brilliant piece of software. I just need to persuade the other half to use it. As for blame, there are the users using the same password on multiple sites (I am sure plenty people do it), but Yahoo! should take the majority of it for giving out users passwords (and usernames) to another company. You just don't do that, unless you're Yahoo. I have been threatening to dump Yahoo for a while, now seems as good a time as any.
Just why, exactly, was Yahoo sharing user's passwords with a third party? The only reason to have the password is if you're going to log into the account. What was that third party doing?
Regardless of the fact that it was the third party's systems that were hacked, it is an enormous breach on the part of Yahoo for even sharing passwords with that third party. The liability is Yahoo's.
Was spammed from the Yahoo! account of a friend on Tuesday, presumably one of those thusly cracked. The spam contained nothing but a hyperlink, which I entirely failed to follow. I'm guessing some exploit attempt was on the other end.
Worryingly, the following day I got three very similar spams from the webmail of a relative, but not using a Yahoo! account. This time it was AOL. Is there some link between the two?
-A.
"GIVE US URE PHONE NUMBER! U CAN TRUST US!"
Like hell.
Well, Google's been doing it for ages, it was only a matter of time until Yahoo decided they needed to sell ads to phones too.
Thing is, I don't need secure. Anyone could hack my gmail or yahoo or facebook or TheRegister accounts, and I couldn't care less, so having to jump hoops for a "strong" protection I don't need is really fucking annoying.
I suspect that this was an extremely bad breach.
One that reveals Yahoo was passing plaintext passwords over to partners.
When I logged in today I got the "suspicious activity detected on your account" message, along with "UPDATE YOUR PASSWORD RIGHT NOW NOW NOW NOW".
I had already read a headline about the compromise and I had a unique username and password on Yahoo. Otherwise I would have read the accompanying words as meaning some other site had been compromised and hackers were using that login info to abuse my Yahoo account. That's extremely sleazy. There was no apology, not acknowledgement of a massive screw-up.
Someday Britain will wake up and find that the London Financial District has been successfully migrated overnight to Lagos. Fortunately being an English speaking country business will continue uninterrupted and Abu Dabai will purchase the vacant real estate from the owners for a pittance. Britain will then apply for membership in the African Union.....