Not that I know any of the details of what's happened, but resetting all passwords is not the same as stealing all passwords. The latter involves gaining access to information, the former is just wiping and replacing it, which does not require any sight of what was wiped. In the circumstances, the most a hacker would be able to do with this is make some posts under someone else's name by logging in with the new password. If there even is a hacker and it's not just a server glitch.
Usual practice is that all passwords are stored in the same place - a file or a database table (which is probably a single file). Storing them in different places wouldn't be any more secure, because there has to be a deterministic way to find the passwords (because the login process has to be able to read the passwords to check that the password you login with is correct).
On the upside, good practice is that passwords aren't stored in their original form, but are sort of encrypted in a way, so that it's very difficult to determine the original password from what's stored in the file/database.
Very difficult, but not impossible. This is probably why the board maintainers have asked people to change their passwords - just as a precaution.
This is one reason why security experts recommend that you do not use the same password for every login. If one of them is compromised, the attacker will have your password for everything you use it for.
So, encryption is not a guarantee of safety? You can create a program that might make a lucky guess of the keycode and decrypt the information over time?
All of this is the technicalities of security, but what you should bear in mind in all of this is what I said earlier about your control - as a user - over a service's security processes. You don't really have any
( ... )
Comments 7
Reply
On the upside, good practice is that passwords aren't stored in their original form, but are sort of encrypted in a way, so that it's very difficult to determine the original password from what's stored in the file/database.
Very difficult, but not impossible. This is probably why the board maintainers have asked people to change their passwords - just as a precaution.
This is one reason why security experts recommend that you do not use the same password for every login. If one of them is compromised, the attacker will have your password for everything you use it for.
Reply
Reply
Reply
Reply
Leave a comment