Overclock.net › Forums › Industry News › Technology and Science News › [Neowin] Amazon password flaw
New Posts  All Forums:Forum Nav:

[Neowin] Amazon password flaw - Page 4

post #31 of 42
I somehow have two amazon accounts right now both with the same email but two different passwords. So I have a backup.
Sandy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k Asrock P67 Extreme4 Gen3 Sapphire 6950 2gb 8gb (2x4gb) G.Skill Ripjaw 1600mhz 
Hard DriveOptical DriveOSMonitor
1tb Samsung F3 Asus Windows 7 Pro 64bit Hannspree 28" + HP 24" 
KeyboardPowerCaseMouse
Razer Tarantula Seasonic X750 Haf 912 Razer Deathadder 
Mouse Pad
sUrface 1030 
  hide details  
Reply
Sandy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k Asrock P67 Extreme4 Gen3 Sapphire 6950 2gb 8gb (2x4gb) G.Skill Ripjaw 1600mhz 
Hard DriveOptical DriveOSMonitor
1tb Samsung F3 Asus Windows 7 Pro 64bit Hannspree 28" + HP 24" 
KeyboardPowerCaseMouse
Razer Tarantula Seasonic X750 Haf 912 Razer Deathadder 
Mouse Pad
sUrface 1030 
  hide details  
Reply
post #32 of 42
Quote:
Originally Posted by [Adz] View Post
Source

Time to change your password.
What would changing your password do to help a flawed system? The system dilutes a complex password to 8 lowercase alpha-numerics. If I change my password by adding 5 characters to it, the password will still be the same in Amazon's system.

There is no point in changing your password unless you think someone may already have it. Also Amazon is such a big company, they are petrified of a lawsuit stemming from a security flaw on their end so you would have a lot of recourse if something were to happen.
Edited by Ktulu - 1/31/11 at 2:02am
Avenger
(13 items)
 
  
CPUMotherboardGraphicsRAM
Unlocked Phenom II X4 ASUS M4A79T Deluxe EVGA GTX 580 A-DATA AX3U1600 
Hard DriveOptical DriveOSMonitor
Samsung F3 RAID5 + SSD Asus DRW-24B1ST Windows 7 Ultimate x64 Syncmaster XL2370 
KeyboardPowerCaseMouse
Dell AT101W Corsair CMPSU-650TX Antec 300 Logitech G500 
Mouse Pad
Ratzpad 
  hide details  
Reply
Avenger
(13 items)
 
  
CPUMotherboardGraphicsRAM
Unlocked Phenom II X4 ASUS M4A79T Deluxe EVGA GTX 580 A-DATA AX3U1600 
Hard DriveOptical DriveOSMonitor
Samsung F3 RAID5 + SSD Asus DRW-24B1ST Windows 7 Ultimate x64 Syncmaster XL2370 
KeyboardPowerCaseMouse
Dell AT101W Corsair CMPSU-650TX Antec 300 Logitech G500 
Mouse Pad
Ratzpad 
  hide details  
Reply
post #33 of 42
I think I've just understood the issue... it's if your password is 8 chars or less that it's an issue, because the whole thing is unencrypted. If it's more, then whomever manages to get the info doesn't get all of it.
post #34 of 42
Quote:
Originally Posted by Ktulu View Post
What would changing your password do to help a flawed system? The system dilutes a complex password to 8 lowercase alpha-numerics. If I change my password by adding 5 characters to it, the password will still be the same in Amazon's system.

There is no point in changing your password unless you think someone may already have it. Also Amazon is such a big company, they are petrified of a lawsuit stemming from a security flaw on their end so you would have a lot of recourse if something were to happen.
Amazon changed their encryption. That is why you want to change your password. You will change from the older, less secure encryption to the newer, more secure encryption.
post #35 of 42
Quote:
Originally Posted by Cykososhull View Post
People are so ignorant when it comes to passwords. My buddy works in an office environment for IT support and the like and says he is just amazed on how many idiots put their passwords sticky noted to their desktop or under their keyboard as if it's "safe" Epic Failures
Most people don't have those passwords in their office to protect their computers from coworkers but outside intrusions
Shadow
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7920 DO 4.0/1.26V (191x21) Asus P6T MSI Twin Frozr III GTX570 Corsair 6GB DDR3/1600 Mhz 
Hard DriveOSMonitorKeyboard
128GB Falcon SSD / 1TB HDD Win 7 Pro Acer 22" Wide Razor Lycosa 
PowerCaseMouse
Corsair 750w HAF 932 Wolfking Trooper Laser 2400DPI 
  hide details  
Reply
Shadow
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7920 DO 4.0/1.26V (191x21) Asus P6T MSI Twin Frozr III GTX570 Corsair 6GB DDR3/1600 Mhz 
Hard DriveOSMonitorKeyboard
128GB Falcon SSD / 1TB HDD Win 7 Pro Acer 22" Wide Razor Lycosa 
PowerCaseMouse
Corsair 750w HAF 932 Wolfking Trooper Laser 2400DPI 
  hide details  
Reply
post #36 of 42
A perk of being a gamer is that I have unlimited passwords for my pc at work since we have to change it so often. I just use a few numbers followed by the name of the main game I'm playing at the time, followed by another few numbers.
Ivy Gamer
(13 items)
 
Pics
(1 photos)
HexAMD
(15 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K ASRock Z77 Extreme4 MSI GTX 980 TI Gaming 6G  SAMSUNG 8GB (2 x 4GB) 
Hard DriveHard DriveHard DriveOptical Drive
Ccrucial M500 240GB SSD Crucial M4 128GB SSD SAMSUNG Spinpoint F3 1 TB ASUS 24X DVD Burner 
CoolingOSMonitorPower
Noctua NH-D14 Windows 7 Ultimate ASUS VH236H Black 23" Antec TruePower 750W 
Case
LIAN LI Lancool PC-K62  
CPUMotherboardGraphicsRAM
AMD Phenom II X6 1055T GA-890FXA-UD5 NVIDIA GeForce GTX 580 G.SKILL Ripjaws Series 4GB 1600 DDR3 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 128GB SSD (Boot drive) 2X SAMSUNG Spinpoint F3 1TB (Media, storage, ba... ASUS Black DRW-24B1ST/BLK/B/AS COOLER MASTER Hyper 212 Plus 
OSMonitorKeyboardPower
Windows 7 Ultimate 64 bit ASUS VH236H Black 23" + Samsung 40" I-ROCKS KR-6820E-BK Black Antec TruePower New TP-750 750W 
CaseMouseMouse Pad
LIAN LI Lancool PC-K62 Logitech MX 518 8 Buttons 1 x Wheel USB Wired Opti XTRAC PADS Ripper Optical Mouse pad 
  hide details  
Reply
Ivy Gamer
(13 items)
 
Pics
(1 photos)
HexAMD
(15 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K ASRock Z77 Extreme4 MSI GTX 980 TI Gaming 6G  SAMSUNG 8GB (2 x 4GB) 
Hard DriveHard DriveHard DriveOptical Drive
Ccrucial M500 240GB SSD Crucial M4 128GB SSD SAMSUNG Spinpoint F3 1 TB ASUS 24X DVD Burner 
CoolingOSMonitorPower
Noctua NH-D14 Windows 7 Ultimate ASUS VH236H Black 23" Antec TruePower 750W 
Case
LIAN LI Lancool PC-K62  
CPUMotherboardGraphicsRAM
AMD Phenom II X6 1055T GA-890FXA-UD5 NVIDIA GeForce GTX 580 G.SKILL Ripjaws Series 4GB 1600 DDR3 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 128GB SSD (Boot drive) 2X SAMSUNG Spinpoint F3 1TB (Media, storage, ba... ASUS Black DRW-24B1ST/BLK/B/AS COOLER MASTER Hyper 212 Plus 
OSMonitorKeyboardPower
Windows 7 Ultimate 64 bit ASUS VH236H Black 23" + Samsung 40" I-ROCKS KR-6820E-BK Black Antec TruePower New TP-750 750W 
CaseMouseMouse Pad
LIAN LI Lancool PC-K62 Logitech MX 518 8 Buttons 1 x Wheel USB Wired Opti XTRAC PADS Ripper Optical Mouse pad 
  hide details  
Reply
post #37 of 42
Really Amazon? Really?
post #38 of 42
Quote:
Originally Posted by proximo View Post
I work in an IT environment and it's amazing to me how willfully ignorant the policy makers can be. Different departments enforce different password change intervals and different rules for what constitutes a valid password (length, special characters, etc). Every few months you have to change at least one password and it's very difficult due to the varied rules to make all of them the same and easily remembered. It's no wonder people write their passwords down. It's impossible to remember them all otherwise.

I've worked for 5 companies in the last 10 years, all of them Fortune 1000. Only the most recent generally gets it right with a single userid/password working for most, but not all, internal sites.
A company I worked for that does fingerprint authentication makes the case that if your users are commonly forgetting and resetting their passwords, or fail to get work done because they had password issues, then these policies make a net loss; the massive resetting of passwords actually makes it EASIER for a hacker to get in once they can get in on that cycle. Plus, people frustrated of making new passwords all the time will eventually resort to something easy, like "password1".

One damn good password SHOULD last you over a year, if it's impossible to guess.
Calvin
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-4670 @3.40Ghz ASUS Z87-A eVGA GTX 670 8 GB 
Hard DriveOSMonitorKeyboard
SSD + 2TB internal Windows 8.1 Pro 64-bit Two of them! Logitech 
  hide details  
Reply
Calvin
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-4670 @3.40Ghz ASUS Z87-A eVGA GTX 670 8 GB 
Hard DriveOSMonitorKeyboard
SSD + 2TB internal Windows 8.1 Pro 64-bit Two of them! Logitech 
  hide details  
Reply
post #39 of 42
Quote:
Originally Posted by Blameless View Post
That on your luggage too?
haha SpaceBalls reference.
post #40 of 42
Quote:
Originally Posted by Cykososhull View Post
People are so ignorant when it comes to passwords. My buddy works in an office environment for IT support and the like and says he is just amazed on how many idiots put their passwords sticky noted to their desktop or under their keyboard as if it's "safe" Epic Failures
Question: Does his IT department force complex passwords? Because if they do, then it's highly likely that those same complex passwords are too complex for people to memorize, thus they stickynote it to their rig.
Boot to the Head!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 4200+ @ stock Epox 9NPA+SLI XFX 8800GS 384 4x1GB G.Skill DDR400 @ stock 
Hard DriveOptical DriveOSMonitor
120GB WD + 1TB WD GP + 320GB WD AAJS Mystery DVD-RW Vista Ultimate x64! ViewSonic P220F CRT + KDS 15" CRT 
KeyboardPowerCaseMouse
$3 Compaq keyboard with pretty aluminum finish ThermalTake PurePower 500W Rosewill R230-P-BK Wired Optical 
Mouse Pad
Table. Mouse pads are overrated 
  hide details  
Reply
Boot to the Head!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 4200+ @ stock Epox 9NPA+SLI XFX 8800GS 384 4x1GB G.Skill DDR400 @ stock 
Hard DriveOptical DriveOSMonitor
120GB WD + 1TB WD GP + 320GB WD AAJS Mystery DVD-RW Vista Ultimate x64! ViewSonic P220F CRT + KDS 15" CRT 
KeyboardPowerCaseMouse
$3 Compaq keyboard with pretty aluminum finish ThermalTake PurePower 500W Rosewill R230-P-BK Wired Optical 
Mouse Pad
Table. Mouse pads are overrated 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [Neowin] Amazon password flaw