Quote:
|
Originally Posted by Tyhm
That's a fair point: Only thing it really helps against is bruteforcers, people who got your encrypted password a long time ago and eventually figured out how to decrypt it.
Another semirelated tangent, or tangentially related semi?: I've never agreed with the theory that you must never write down your password. On a local network it's very much true; if I had a dime for every guidance councellor who wrote her password on a sticky note ON HER MONITOR and left kids unattended within 3 feet of the system to change their own grades, I could retire...but on Graal, if you wrote your password in your diary, not gonna matter much to a script kiddy in Australia. That's in no way a blanket recommendation; if you've got a little brother whose best friend idolizes Pachuka, might not be the wisest thing to write it down and leave it out, but I'd personally rather people change their passwords every few months and write it down until it's memorized.
|
That was the point, the hash is stolen through a cookie, and no its not just brute force, you can use cryptology, which is faster. For many of us the password on the forum is the same as our account, so you, as administrators, should have it different, and probably change so often.