Sorted. Ta.

In order to change my password I have to know what it is in the first place and I haven't a clue. Is there a way to reset it without knowing what it is now?

Sorted. Ta.

In order to change my password I have to know what it is in the first place and I haven't a clue. Is there a way to reset it without knowing what it is now?

Sorted. Ta.

Colonel Panic wrote:Jodi S. wrote:I have a question about passwords in general.If you use elements of, say, your Electrical PW in another PW (but not the exact PW) are those at risk also? This might just be the incident that has me kill off my old email address for good.It's unlikely, but theoretically, yes. It depends largely on how much similarity exists between your other password and your EA Forums one. The more similarity exists, the more the uniqueness and integrity of your password is compromised. That's why they say you should never use the same word in passwords for multiple sites in recognizable patterns such as "googleswordfish," "yahooswordfish" and "electricalswordfish." There are password cracking algorithms that use "dictionary attacks" coupled together with the "rainbow tables" technique mentioned by BlahBlah above that do actually automate the process of brute-forcing passwords. Add to that the fact that (as BlahBlah also mentioned) PHPBB doesn't salt hashed passwords by default, plus the distinct possibility of the attacker sharing our forum's ~/etc/password list file for all his friends to have a crack at. If I were you, I'd play it safe and change any passwords for other sites that share similar words or long character sequences with your EA password.I will use this opportunity to put in a plug for my favorite password manager: Keepass.Has clients for Windows, Apple, Linux, Android, iOS. It + Dropbox or equivalent cloud storage = access to unique strong passwords for every site and software package that needs them from any device you may use to access them. So great.

Colonel Panic wrote:Yeah Keepass rules hard. You remember one password (your Keepass key) and Keepass stores and remembers all the others. For Linux, use KeepassX.You can also secure your Keepass password database with a key file in addition to the master password. That way, even if someone gets your Keepass database, if they don't have your master password and your key file they're out of luck.

Colonel Panic wrote:Jodi S. wrote:I have a question about passwords in general.If you use elements of, say, your Electrical PW in another PW (but not the exact PW) are those at risk also? This might just be the incident that has me kill off my old email address for good.It's unlikely, but theoretically, yes. It depends largely on how much similarity exists between your other password and your EA Forums one. The more similarity exists, the more the uniqueness and integrity of your password is compromised. That's why they say you should never use the same word in passwords for multiple sites in recognizable patterns such as "googleswordfish," "yahooswordfish" and "electricalswordfish." There are password cracking algorithms that use "dictionary attacks" coupled together with the "rainbow tables" technique mentioned by BlahBlah above that do actually automate the process of brute-forcing passwords. Add to that the fact that (as BlahBlah also mentioned) PHPBB doesn't salt hashed passwords by default, plus the distinct possibility of the attacker sharing our forum's ~/etc/password list file for all his friends to have a crack at. If I were you, I'd play it safe and change any passwords for other sites that share similar words or long character sequences with your EA password.I will use this opportunity to put in a plug for my favorite password manager: Keepass.Has clients for Windows, Apple, Linux, Android, iOS. It + Dropbox or equivalent cloud storage = access to unique strong passwords for every site and software package that needs them from any device you may use to access them. So great.

Colonel Panic wrote:Yeah Keepass rules hard. You remember one password (your Keepass key) and Keepass stores and remembers all the others. For Linux, use KeepassX.You can also secure your Keepass password database with a key file in addition to the master password. That way, even if someone gets your Keepass database, if they don't have your master password and your key file they're out of luck.

Colonel Panic wrote:Jodi S. wrote:I have a question about passwords in general.If you use elements of, say, your Electrical PW in another PW (but not the exact PW) are those at risk also? This might just be the incident that has me kill off my old email address for good.It's unlikely, but theoretically, yes. It depends largely on how much similarity exists between your other password and your EA Forums one. The more similarity exists, the more the uniqueness and integrity of your password is compromised. That's why they say you should never use the same word in passwords for multiple sites in recognizable patterns such as "googleswordfish," "yahooswordfish" and "electricalswordfish." There are password cracking algorithms that use "dictionary attacks" coupled together with the "rainbow tables" technique mentioned by BlahBlah above that do actually automate the process of brute-forcing passwords. Add to that the fact that (as BlahBlah also mentioned) PHPBB doesn't salt hashed passwords by default, plus the distinct possibility of the attacker sharing our forum's ~/etc/password list file for all his friends to have a crack at. If I were you, I'd play it safe and change any passwords for other sites that share similar words or long character sequences with your EA password.I will use this opportunity to put in a plug for my favorite password manager: Keepass.Has clients for Windows, Apple, Linux, Android, iOS. It + Dropbox or equivalent cloud storage = access to unique strong passwords for every site and software package that needs them from any device you may use to access them. So great.