Home

[Thackary]

Because apparently someone got hold of the entire list of usernames and passwords. Oops.

Admittedly, they're encrypted, but let's face it - that's only going to delay the process of cracking them.

So - if you haven't changed your password already, you might want to think about doing it sometime soon. Especially if you use that password for other stuff.

And do follow IT Services' instructions about choosing a complex password. It may be difficult to remember at first, but hey - so's tying your shoelaces, and most of you have got that one cracked...


edit: Please note that it is your ITS password that you need to change, not your Sinner password.

[Haunted]

Quoting thackary from 10:30, 3rd Feb 2006
Because apparently someone got hold of the entire list of usernames and passwords. Oops.

How did that happen?

[BackwardsMan]

Gee, thanks. Good old Sinner

[Me]

How do you do it? *Blush* I can't find it on Student Portal or Webmail

[Thackary]

You can change your password via the IT Services webpage:
http://www.st-andrews.ac.uk/its/

There's a link to "Change Passwords".

There's other useful information on there, such as the messages from ITS, which detail any other security measures you should take.

[Thackary]

That's weird - my previous one contained a dictionary word, and I was allowed to change it.

Have another go!

[Dave the Explosive Newt]

Quoting thackary from 10:30, 3rd Feb 2006
Because apparently someone got hold of the entire list of usernames and passwords. Oops.

How did that happen? Was the university hacked?

[hr]

This Sinner account is not affiliated with Will Watson.

[Don]

Has anyone else noticed that if your password is longer than 8 characters the rest is just ignored? I have a 15 character password and I can still access everything by just typing the first 8 characters of it.

[hr]

Daz, makes your whites #gggggg

[munchingfoo]

hmm

thats an issue you should probably e-mail ITS about

That leaves a hacking search space of only 23535820(approx), not that big for a computer really.

[hr]

Anyone questioning how I post on the sinner, my new way of life, will offend my "religion" and as such will be dealt with in manners inclusive but by no means exlusive of death threats, random acts of violence, maiming of the general public not involved in this matter and finally a Jihad from all my fellow religious sinners.

For years we have been oppressed by you post nazis, the time of change is upon us.

[Gubbins]

Quoting Don from 15:32, 3rd Feb 2006
Has anyone else noticed that if your password is longer than 8 characters the rest is just ignored?

Yes, by design. ITS passwords are between 5 and 8 letters long. I think it says that when you choose one. It used to anyway.

[hr]

...but then again, that is only my opinion.

[Don]

Quoting Gubbins from 15:54, 3rd Feb 2006
Yes, by design. ITS passwords are between 5 and 8 letters long. I think it says that when you choose one. It used to anyway.

There isn't anything about the maximum length on the main password changing page, or in the general information, the only place it says it is in the "How to create a strong password" page, which I'm guessing not everyone will look at, I certainly never. I feel for a password to be secure it should be as long as possible, definitely longer than 8 characters.

[hr]

Daz, makes your whites #gggggg

[Gubbins]

Quoting Don from 16:06, 3rd Feb 2006
I feel for a password to be secure it should be as long as possible, definitely longer than 8 characters.

True. My account was created more than five years ago at the time when you went to ITS in the Terrapin Huts to set up your account. The idiot's guide they gave us said to create a password between 5 and 8 characters.

Typically my passwords are randomly generated nine-character alphanumeric strings that I commit to memory, which I feel is one of the safer ways to do it. I just keep generating them until I find one easily memorisable.

[hr]

...but then again, that is only my opinion.

[Don]

Quoting Gubbins from 16:12, 3rd Feb 2006

Typically my passwords are randomly generated nine-character alphanumeric strings that I commit to memory, which I feel is one of the safer ways to do it. I just keep generating them until I find one easily memorisable.

Mine are pretty much the same, except longer.

[hr]

Daz, makes your whites #gggggg

[flarewearer]

I just make up a random, memorable word, then start randomly replacing letters out of it with similar looking numbers. It therefore bemuses me when I get told my password contains a dictionary word, as its nothing of the sort.

[hr]

image:www.magnificentoctopus.com/x/elgar.png

[BackwardsMan]

Quoting flarewearer from 18:02, 3rd Feb 2006
randomly replacing letters out of it with similar looking numbers

Don't you think the hackers have thought of that too? Completely pointless.

[flossy]

Dear Knowledgeable peeps,

I have two Webmail accounts (personal and a society one). I've changed the personal one so will the society one change automatically as I'm the owner, or do I have to change that too?

[hr]

Not to put too fine a point on it, say I'm the only bee in your bonnet

[munchingfoo]

It'l be automatic. You username is linked to the account, the password is not associated with the account. The password is associated with the username so provided you login using the same username there should be no issues.

[hr]

Anyone questioning how I post on the sinner, my new way of life, will offend my "religion" and as such will be dealt with in manners inclusive but by no means exlusive of death threats, random acts of violence, maiming of the general public not involved in this matter and finally a Jihad from all my fellow religious sinners.

For years we have been oppressed by you post nazis, the time of change is upon us.

[Nickel]

Quoting munchingfoo from 15:33, 3rd Feb 2006

thats an issue you should probably e-mail ITS about

That leaves a hacking search space of only 23535820(approx), not that big for a computer really.

I think they probably know that. The old password systems used to be limited to 8 characters, and once you are using one system it is a real pain to migrate to a new one.

[Fawksie]

Quoting BackwardsMan from 19:35, 3rd Feb 2006

Quoting flarewearer from 18:02, 3rd Feb 2006
I just make up a random, memorable word, then start randomly replacing letters out of it with similar looking numbers

Don't you think the hackers have thought of that too? Completely pointless.

It's still a made up word. How exactly are the hackers going to think of that one?

[Atangaladhion]

Apparently it seems to think that 1QwTysD contains a dictionary word, so I won't be using that as my password :S

[hr]

Numbers are good; functions are better.