How much time managing passwords?

05-22-2003, 06:08 PM

Just wondering how much time does everyone spend managing their passwords everyday. I can spend from as little to an hour up to a few hours, depending on how many pennywise alerts I get. And then if I go digging into stats and start finding password sites and visiting password sites I know, it can sometimes eat a whole say up.

sweet · 05-22-2003, 06:22 PM

Its hard remembering all my passwords, seems like I got a million of them!!!

05-22-2003, 07:22 PM

I'm talking about user/pass for members of your paysites.

Mister X · 05-22-2003, 11:09 PM

I spend basically zero time managing my passwords. We have an in-house security program that sends an email alert if there is something funny and it has to disable a password. It also reenables that password if things go back to normal on it. So unless it's the 2nd or 3rd time it has disabled an account I don't have to do anything at all. I used to delete the old passwords and issue new ones but it seemed that that didn't make any difference so I don't bother anymore. And of course I check the server stats for the top referrers to see if some passboard has been sending a lot of hits.

05-22-2003, 11:31 PM

I change them all as they come if but I still always find they all over password sites. And going through them looking for our sites takes time too. Its like speed reading through tons of passes.

Mister X · 05-23-2003, 11:38 AM

Quote:

Originally posted by luke
I change them all as they come if but I still always find they all over password sites. And going through them looking for our sites takes time too. Its like speed reading through tons of passes.

That's the reason I stopped changing the passwords. The new one just got spread again anyways in many instances. It saves time to not issue a new login unless you get an email from the member requesting it.

But if you really have to spend that much time on it, maybe you need to get some better protection from brute force password hacking too. I know that there is no way to stop the guys who use proxies completely but if your security prog blocks after 3 unsuccessful login attempts it really does make it harder for them.

05-23-2003, 12:19 PM

Yeah, I'm sure that we don't have to change every single one that comes in but I guess we're just anal like that.

wsjb78 · 05-24-2003, 11:10 AM

Sweet:

Check out www.roboform.com

It's a great tool but doesn't support opera yet.

05-24-2003, 12:29 PM

I've seen that before, pretty cool. But I was talking about dealing with user/pass for surfers on paysites.

05-24-2003, 12:53 PM

For dealing with personnal passwords, a great little tool is PasswordSafe, written by Bruce Schneier (author of Applied Cryptography and other crypto and computer security books).

It's an open-source, peer reviewed piece of software that uses the Blowfish algorithm.

http://www.counterpane.com/passsafe.html

Evil Chris · 05-26-2003, 11:44 AM

Luke, I don't get it. I have never had to manually scrub shared or bootlegged passwords. We have a program that locks out access if the person tries to login more than a handful of times in a given period, or from different IP addresses.

05-28-2003, 10:37 AM

Pennwise does the same thing but if its posted on a pasword site, it'll work within 24 hours so I change the passwords and email the member of the change so that when it becomes active again, the one listed on the board will not work.