Brain Teasers
Brain Teasers Trivia Mentalrobics Games Community
Personal Links
Your Friends
Your Watchlist
Public Forums
Writing Teasers
Teaser Answers
Ask a Question
The Human Mind
Trivia and Quizzes
New? Start Here!

General Discussion
Current Events

Bugs & Requests

High Scorers
High Karma
More Community
Teaser Comments
Trivia Comments

User Rankings
Search for User
Add to Google delicious Add to

More ways to get Braingle...

Braingle Time
6:38 pm

Public Forums >> General Discussion >>

Forum Rules View Watchlist

Password Security


Posts: 166

new Posted: 01:30PM Jan 27, 2014

I've been reading some interesting stuff on password security. I'm not expert whatsoever, but I was reading this article that pertains to hacking/security breaches and password exposure:

Security Breach

more info

and then followed it up with a few google searches for my own curiosity.

Anyway, these sites talk about how user passwords are hashed and salted (ideally) and stored in an encrypted form, so that the user's password never appears in plain text in the database or whatever. Just to experiment, I clicked the forgot password link and was emailed back my own password in plain text.

Basically this means, this site uses an extremely insecure method of handling user passwords (no hashing or salting). Getting your Braingle account hacked is probably not high on your list of concerns, but a lot of people use the same or very similar passwords for multiple sites, which can be very dangerous (especially as this site stores your email address as well).

I'm not terribly worried, but I did change my password, and if you use the same password here as other places you should at least consider doing it yourself. Anyway I do find the reading pretty interesting, regardless.....this site was made specifically for calling attention to this practice haha

Plan Text

---This message was edited on 01:49PM Jan 27, 2014---

Here is Sub-Zero, now PLAIN ZERO
Back to Top View Profile     Send PM     Visit Wiki

Posts: 296

new Posted: 07:48PM Jan 28, 2014

The website my school uses for us to plan out course schedules apparently saves students' passwords in plain text... And allows teachers to access them. The administrators actually printed out all of our passwords in plain text and gave them to the teacher to give to us during class. so the teacher was commenting on all of our passwords (some of them were kind of ridiculous, mine included) while passing them out. not good since I'm sure a lot of us use that as sword for everything.

Happy ever after in the marketplace, Desmond lets the children lend a hand. Molly stays at home and does her pretty face, and in the evening she's the singer with the band!
Back to Top View Profile     Send PM     Visit Wiki

Posts: 166

new Posted: 06:33AM Jan 29, 2014

Wow, that's pretty ridiculous haha. I never thought much about it, but yeah with a well run system, none of the administrators even know what your password is. There's a neat little blurb about how sites that do it right should handle it if you forget your password. Anyway, I'm not much of a whiz on the technical stuff, but I found this to be pretty interesting.

Here is Sub-Zero, now PLAIN ZERO
Back to Top View Profile     Send PM     Visit Wiki

Grayma V
Posts: 3588

new Posted: 08:07AM Feb 5, 2014

I would dearly love to change my password here on Braingle, but have run into a real bug. Many years ago I agreed to let my password be stored so consequently as long as I am on my home computer I can log into here almost automatically no matter how long it has been since my last log on. But while I was in the hospital I attempted to log on with first my Kindle and then after about a week on my laptop. Neither would pick up the password when I attempted this. Even right here at home and on my PC I have tried to change my Braingle password, but because I have to first type in my old password before I can attempt to change it, I am stymied because my password always comes up in dots, as it should, but I can't remember what the dots were to begin with.

Anyone have any ideas? I don't want to be hacked here or anywhere and on the other sites I do change my passwords quite often.

The sound of the wild, but if there is no one there, does anyone hear their howls?
Back to Top View Profile     Send PM    

Magical Sorceress Frog
Posts: 9377

new Posted: 10:56AM Feb 5, 2014

Grayma, send Jake a PM and ask him how to go about changing your password since you no longer remember your original one. I'm sure he can help you.

By the way, great to see you back and doing well.

SMILE and people will wonder what you are up to!
Back to Top View Profile     Send PM     Visit Wiki

Grayma V
Posts: 3588

new Posted: 02:43PM Feb 5, 2014

Thanks Froggy. don't know if I'm doing well yet, but am definitely better than I was. It has been a very rough winter for the old Grayma. Didn't get to see the little tykes for Halloween because I was in one hospital. Family was planning a big family reunion for Thanksgiving. Nope, not for this old gal, first one hospital and then the second one. Finally got home just before Christmas and 3 days after Christmas back we went to the local hospital, then to the out of town hospital, surgery, and then back to the local one - for swing bed care. Wound up getting six pints of blood and really thought for a while they were going to have to put me in a mental place for a while as I flipped out twice. Has anyone ever had sepsis? Blood poisoning? Really makes a person go off the deep end. I feel bad because there was so much of the Writer's Block that slipped by and is gone never to recover. But if I get through the winter I am trying to look forward to Spring. Am no longer in the Whinkle Dorm (nursing home). I am now living with my one daughter and her three sons. Just got too homesick for my family. That is one thing I will state loudly and clear. If your parent has to be in a nursing home, please, please go see them. They have decent physical care in a care home, but the mental pain of not seeing their family, at least in my case, was almost the death of me. Hugs to all my friends here.

The sound of the wild, but if there is no one there, does anyone hear their howls?
Back to Top View Profile     Send PM    

Posts: 848

new Posted: 09:02PM Feb 5, 2014

If your web browser is storing your password, you can probably retrieve it from it fairly easily without needing a reset.

For Google CHROME, follow these steps to see ANY password it has saved for you:

Click the Chrome menu Chrome menu on the browser toolbar. (Usually looks like 3 lines over each other in the top right corner of the browser, under the X you can use to force it to close.)

Select Settings.

Click Show advanced settings.

Down where the checkbox is that says: Offer to save passwords I enter on the web. Manage saved passwords, click the link there for Manage saved passwords.

You can then browse all the passwords that CHROME has stored for you, and see the old ones you've forgotten like for Braingle. ;D


I'm not certain exactly what the steps are in Firefox, Explorer, or Safari, but I imagine they have a similar process and a quick web search could help you retrieve the password back from your browser.

It might be easier than a reset for you.

---This message was edited on 09:03PM Feb 5, 2014---

Like to chat? Share links? Don't want to be told, it's a No-No to do so? Then come join us in THE REAL GENERAL DISCUSSION talkbox -- where you can post with only the lightest of moderation.
Back to Top View Profile     Send PM    

Posts: 166

new Posted: 07:32PM Feb 11, 2014

like I posted haha, they will send you a plain text password directly to your email, all you need is your email password to see your braingle password. My point was a secure sight can't send you your own password back since it should be encrypted. Braingle doesnt do that, but for you that might be a good thing since you will have no difficulty retrieving your password

Here is Sub-Zero, now PLAIN ZERO
Back to Top View Profile     Send PM     Visit Wiki

Posts: 15633

new Posted: 08:38PM Feb 11, 2014

So the point is, don't use the same password you use for your banking, credit cards, etc for your Braingle password. Makes sense.

Formula for success: rise early, work hard, strike oil. J. Paul Getty
Back to Top View Profile     Send PM     Visit Wiki

Posts: 848

new Posted: 02:35AM Feb 16, 2014

It doesn't really matter WHAT passwords you use. IF someone has access to your computer, they have access to your passwords. All these sites that have the "remember me" option for them, has to store that information somewhere so that it can remember you. Usually, it's in a few different places on your computer, depending on your OS and browser. (Linux and Windows stores them in different places for example, as would Firefox and Internet Explorer most likely.)

Knowing what OS a person has (just boot up their computer for that), and what browser they use (usually just click the Quick Launch icon at the bottom of the screen or on the desktop), you can more or less figure out what their passwords are for ANY online sites which they use. Cookies are NOT secure against a simple "browse and snoop" process if someone has access to the computer that is storing those cookies...

The point is, it doesn't matter how secure a website makes THEIR data. YOU need to take steps to secure your own as well -- especially if you live with someone whom you may not trust fully with your information. (Like a rebellious teenage child, or a disgruntled roommate.)

To stay secure yourself:
Clear your browsing history regularly -- this includes stored cookies and all.
Set a password on your screensaver or in the BIOS settings at start-up.
WATCH who has access to your personal electronic devices; don't just allow everyone to use them.
And most importantly: DON'T assume that even all these steps will keep your information secure. Check your credit score regularly, monitor your back accounts, and be proactive in keeping your digital information safe.

Passwords really aren't what a lot of people imagine them to be. They're not the "magic word" which keeps you safe. They're just a minor inconvenience which MOST people can't be bothered to bypass. After all, who's going to spend hours trying to decode the password for someone's name on a Brain Teaser site?? This place isn't your bank, so it certainly doesn't have the security you'd expect to see with your bank. ;D

Like to chat? Share links? Don't want to be told, it's a No-No to do so? Then come join us in THE REAL GENERAL DISCUSSION talkbox -- where you can post with only the lightest of moderation.
Back to Top View Profile     Send PM    
  Post from kittygirl19 deleted on 09:55AM Feb 16, 2014.

Posts: 166

new Posted: 06:05AM Feb 17, 2014

I'm willing to bet the vast majority of security concerns are not from people cracking into your personal computer. Yes in that regard, if you have your actual computer logged into then its significantly worse than the situation I'm talking about. But, the point is still the same, if someone were to hack Braingle in general, there is a database simply showing in plain text The_Spider's password is ABC123. If someone has that password (and email....which this site ALSO lists in the databse though its not my primary) and I kept the same password I do for other things, hackers could do some actual damage to me, far more significant than messing around with my Braingle account.

Here is Sub-Zero, now PLAIN ZERO
Back to Top View Profile     Send PM     Visit Wiki

Posts: 32

new Posted: 08:02PM Mar 6, 2014

Good info.... Thank you

Like what you love, and love what you got.
Back to Top View Profile     Send PM     Visit Wiki


Public Forums >> General Discussion >>

! Access Restricted

You'll need to create an account and sign in before you can post messages.

Users in Chat : None 

Online Now: 11 users and 471 guests

Copyright © 1999-2014 | Updates | FAQ | RSS | Widgets | Links | Green | Subscribe | Contact | Privacy | Conditions | Advertise

Custom Search

Sign In A Create a free account