Home

[Bonnie]

(I was nerdy enough to read all the ITS stuff recently).
There two different things to do but it matters whether you have a secondary or non-personal society account. In my experience, normal students don't know what type they have by name, so I'll describe each.

If your society's e-mail account is a "secondary account"-- it's tied to your personal account like it used to be in the old days, where your personal account and the society account had the same password and you were told to never ever ever share your society e-mail account password, you will have had to at one time go on to Telnet to except ownership of this type of account so if you've never heard of Telnet, you probably have the other type: with this type you should change your personal password and about an hour later or so your society e-mail account will switch over by itself.

If your society's e-mail account is a "non-personal account"-- if you created the account within the past year or if you had problems with the account and were told by ITS that they had created you the non-peronal type, if you've never heard of things called PINE or Telnet (secondary accounts would have made you come into contact with those at least once in your life), especially if you went online and filled out an online form on the ITS website to get the account set up (as opposed to came in person to the Student Union or sent doserv an e-mail, which is what people used to do), if you were told that it's okay to share your password with anyone that the society felt needed access to the account even though you owned the account because the society's non-personal e-mail account's password should not be the same as your personal account: with this type you have to change both your personal account password and change your society's account password and then retell those society people the new password. Just changing your own password will still have your society e-mail account in risk and if someone were to do nasty things with your society account, you'd get blamed because you're the owner who didn't change the password like you were supposed to!

[hr]

I love cheese.

[flarewearer]

Quoting BackwardsMan from 19:35, 3rd Feb 2006

Quoting flarewearer from 18:02, 3rd Feb 2006
randomly replacing letters out of it with similar looking numbers

Don't you think the hackers have thought of that too? Completely pointless.

Then they'd have to A/ know the word i made up and B/ know which letters I had randomly changed to numbers. Its just a way for me to make a random alphanumeric phrase memorable to myself.

[hr]

image:www.magnificentoctopus.com/x/elgar.png

[Bonnie]

I've already forgot my new password-- DAMN!

Well, forgot isn't the right word-- committed one to memory which evidently isn't correct is a better way to describe it.

[hr]

I love cheese.

[munchingfoo]

women

*shakes head*



[hr]

Anyone questioning how I post on the sinner, my new way of life, will offend my "religion" and as such will be dealt with in manners inclusive but by no means exlusive of death threats, random acts of violence, maiming of the general public not involved in this matter and finally a Jihad from all my fellow religious sinners.

For years we have been oppressed by you post nazis, the time of change is upon us.

[BackwardsMan]

Quoting flarewearer from 00:00, 4th Feb 2006

Quoting BackwardsMan from 19:35, 3rd Feb 2006

Quoting flarewearer from 18:02, 3rd Feb 2006
randomly replacing letters out of it with similar looking numbers

Don't you think the hackers have thought of that too? Completely pointless.

Then they'd have to A/ know the word i made up and B/ know which letters I had randomly changed to numbers. Its just a way for me to make a random alphanumeric phrase memorable to myself.

[hr]

image:www.magnificentoctopus.com/x/elgar.png

You said similar looking numbers - i.e. an L becomes a 1, and E becomes a 3, etc. Am I right? If so then words with those combinations of numbers and letters will be in the hackers dictionary of words to attack.

The only completely safe solution is a completely random alpha-numeric word in both cases.

A good plan would be to use a passphrase - ie. make up a sentence, then use the first letter of each word.

[OffHeGoes]

if only 8 characters are counted, and we can use both cases of 26 alphabet letters and 10 numbers shouldn't there still be 218340105584896 possible passwords?

plus you can use some symbols

[munchingfoo]

Hmm, i have no idea how i got that figure i posted earlier, i had a hangover and just wrote down the first thing i produced from typing factorials into my calculator

[hr]

Anyone questioning how I post on the sinner, my new way of life, will offend my "religion" and as such will be dealt with in manners inclusive but by no means exlusive of death threats, random acts of violence, maiming of the general public not involved in this matter and finally a Jihad from all my fellow religious sinners.

For years we have been oppressed by you post nazis, the time of change is upon us.

[flarewearer]

Quoting BackwardsMan from 02:44, 4th Feb 2006

The only completely safe solution is a completely random alpha-numeric word in both cases.

And that's what I have, you don't seem to have read that I make up my own word here, that doesnt exist anywhere else but in my imagination, and then randomly throw in some numbers.

[hr]

image:www.magnificentoctopus.com/x/elgar.png

[Guest]

Actually, it doesn't really matter what your password string is if we are dealing with 8 characters or less. I'm not exactly sure what form the list was stolen, but I'm assuming that it was from sort of database table where the passwords were hashed. If so, a rainbow attack would yield pretty much all passwords 8 to less than 8 characters in length worthless as these can be found very quickly.

At that kind of length, you might as well brute force anyway.

I find this mess about it to be ridiculous though. For one, this is my university password. What is someone going to do with my university password? Read the email that I don't read anyway? Secondly, ITS isn't even forcing people to change their passwords like they should.

Quoting BackwardsMan from 02:44, 4th Feb 2006

Quoting flarewearer from 00:00, 4th Feb 2006

Quoting BackwardsMan from 19:35, 3rd Feb 2006
[quote]Quoting flarewearer from 18:02, 3rd Feb 2006
randomly replacing letters out of it with similar looking numbers

Don't you think the hackers have thought of that too? Completely pointless.

Then they'd have to A/ know the word i made up and B/ know which letters I had randomly changed to numbers. Its just a way for me to make a random alphanumeric phrase memorable to myself.

[hr]

image:www.magnificentoctopus.com/x/elgar.png

You said similar looking numbers - i.e. an L becomes a 1, and E becomes a 3, etc. Am I right? If so then words with those combinations of numbers and letters will be in the hackers dictionary of words to attack.

The only completely safe solution is a completely random alpha-numeric word in both cases.

A good plan would be to use a passphrase - ie. make up a sentence, then use the first letter of each word.[/quote]

[tongueincheek]

Aww bless him - he's making up words now

[Akasha]

Quoting from 03:23, 4th Feb 2006

What is someone going to do with my university password? Read the email that I don't read anyway?

check your exam results for you...

access all your grades...

your personal information...

[Bonnie]

Hold on, forgot about the symbols... now vaguely remember a symbol being in my password which I had forgotten was there.
I'll now have to try it out.


I believe I once randomly posted "Shoot, I forgot my password" for LiveJournal many many many months ago, inviting people to guess what it was to jog my memory. Annoyingly, someone actually guessed it.

However, I've now changed that (to something I've forgotten-- yeah me! but luckily my computer remembers me and keeps me signed in) so don't try to guess it.

I'm hopeless with this stuff and have to write down all these passwords, PINs, usernames, etc. Hopefully no one will ever find them. Not that I'm keeping records important to national security or anything.

Yeah, forgot my PIN twice in the past year after not using it while in another coutnry for over a month and then again over the summer when I was paid in cash and never needed to get money out and hadn't written it down and I'm too embarassed to go into the bank and ask for another to be sent to me (again) so now I don't use cash machines anymore.

This is why I'm all for the fingerprint scheme.

[hr]

I love cheese.

[Bonnie]

YAY, it worked!

I can now go back to deleting all the spam.

[hr]

I love cheese.

[unregistered]

I can't remember any message about changing my password? Do we have to? My one is already the first letters of a random sentance only I would find significant, with numbers and letters, surely that's almost impossible to guess?
Why would someone want to read our emails anyway?

[Gubbins]

Quoting unregistered from 14:32, 4th Feb 2006
...Do we have to?...

I would imagine that the password list is a list encrypted with a single key. Therefore unless everyone in the university changes their passwords, once the key is cracked all it requires for someone to gain access to a user's account is for them to go down the list of passwords until they find someone who hasn't changed theirs.

Why would someone want to read our emails anyway?

It's more the danger of them getting into the depths of the computer systems and messing around with them. Once you have access to a user account, it is a lot easier to explore the filespace, allowing things like using discspace for data storage, using the university servers to host denial of service attacks against the university, bringing down the machines that hold EVERYONE'S mail, and potentially accessing the root account, enabling them to do things like modify records, including exam results. Obviously this is a worst-case scenario and there are other blocks to prevent them doing this, but if you know what you're doing, you can do some very worrying things with just a normal user account and terminal access.

[hr]

...but then again, that is only my opinion.

[ezra]

just thought I'd point out that you are free to use non-alphanumeric symbols (like .,/';) in your password, although I haven't yet checked whether the system treats them as interdistinguishable (sic) or not