

Time to reset some passwords - nathanh
http://blog.nahurst.com/time-to-reset-some-passwords

======
jmillikin
Is it common practice to log POST parameters? I've never seen such behavior
outside of development environments, but that might be because I've never run
a very large web application.

    
    
      an unscrupulous systems administrator [...] could determine that my password is Th1s1sMyP@ssword just by looking at the logs.
    

Couldn't the systems administrator simply change the log code to not filter
passwords, or to email the password on each successful login attempt? That
seems more reliable and productive than waiting for a user to click the wrong
input box.

~~~
bricestacey
This is probably a good reason for client-side, 1-way, password encryption.
Even if the password is protected with SSL, encrypted passwords would make it
even more difficult for unscrupulous system administrators to crack passwords
on a large scale.

~~~
bugs
If so, how do you prevent them from using the encrypted password in the same
way?

~~~
psadauskas
A system similar to digest auth, involving a handshake.

------
simonw
By this logic ("an unscrupulous sysadmin could pull my password out of the
logs"), surely the author should be changing all of their passwords after
every attempt they make to log in to anything using the password field? I
don't get it.

~~~
wgj
He's assuming passwords are purged from logs, which from what I've seen,
usually isn't true. (Although they should be.)

------
shrughes
This is why I prefix my password with several z's. It makes typing the
password feel different than typing the username, and since this change, I've
always managed to catch myself quickly enough.

------
synnik
If the sysadmin is truly unscrupulous, they might be flat out writing all
successful passwords to a database.

Never lose sight of the fact that anything you send online can be stored by
the site owner. Make your own judgments on how you react to that, but never
forget.

------
krobertson
That could all be mute if the service doesn't even encrypt passwords, doesn't
use one way hashing/encryption, but still assumes the servers are insecure.

~~~
jacobbijani
moot _

------
zefhous
Sounds like the problem is more that the same password is used in multiple
places. If you use the same password on a bunch of websites you can be almost
certain that it could be easily compromised somewhere along the line.

If you don't use a password manager, it is extremely difficult to not reuse
passwords and it's just not going to happen for the lay person. Here's the
advice that I give to friends:

1\. At the very least, you should have a secure password for only very
reputable websites that control valuable information.

2\. Use a unique password on your email account.

3\. Use another password to sites where security isn't that important.

------
javan
Time to start using 1Password!

~~~
edd
If only there was a nice way for it to follow you on to a non-OSX machine. By
that the solutions which give you read only access aren't good enough.

~~~
psadauskas
Keepass (and KeepassX). Windows, OSX, Linux, iPhone. Use Dropbox to keep the
password databases all in sync.

------
cmelbye
If the attacker has obtained access to the server, he can simply modify the
code to not filter passwords from the log file anymore. I don't see how this
is a surprising problem.

------
ErrantX
It's a reasonable point.

Though in a way it does sound like a solution looking for a problem.

~~~
romland
Don't reuse your passwords. You've heard it repeated over and over again. I do
believe that is the solution.

Now, of course, I do reuse. But other than the above I just don't see a
solution to this particular problem. Filtering both the username and password
in the logs? It wouldn't make -me- feel any safer when I log onto that Xbox
hacker forum. I worry about the administrator of the site having access to my
passwords. Not any possible hackers that might wander by.

PS. There are tools out there that will fill in username and password
depending on URL. Of course, that gives another attack vector...

~~~
ErrantX
It's just people I guess.

The thing is that working as a hacker (white hat) has made me actually less
worried about my bad security habits.

It's like real life. If your sane in your habits and stay alert not much is
likely to happen.

It's like insurance. You only insure as much as you feel is at potential risk;
once the cost of insurance outweighs the risk you (should) stop paying.

Same with your passwords; the risk of losing them is fairly minimal. If
someone wants to get them really bad they will do, not a lot you can
ultimately do to stop them. Reasonable vigilance should be enough to keep you
secure.

(and by that I mean having enough sense that when XYZ site's password database
is compromised you change things etc.)

~~~
romland
Agreed. As far as I know my password has been "stolen" once in my life -- and
that was due to a compromised shell at my ISP. And that's the kicker: _as far
as I know_. All the other times (should there be any) I just wouldn't know
because I didn't care.

And now that I read back my comment, it kind of looks as if I was just trying
to take a cheap stab at your comment. It wasn't the case. I genuinely spent a
moment to think about whether there would be a viable solution to the problem
at this level. :) Now, getting rid of passwords altogether...

(I dislike people who say you can't solve this -- and here I go doing it
myself!)

