Flying J / Good Sams Fuel Card Security
My concern is online account security. In attempting to change my passwords I was alarmed to find that I could only use 6 characters, which seemed rather unsecure. I spoke with a Flying J representati...
Forum Discussion
Recent advances in password security have changed a lot of previous held assumptions. A few things to consider about passwords
1) any website that can tell you what your password is if you forgot it (instead of prompting you to reset it is using either a) no encryption b) reversible encryption, either way that means your data is stored using an insecure easily hackable method. The site should NEVER be able to tell you what your password is, this is an indication that they know your password.
2) a website forcing you to use a short password ie max 6 characters, or no special characters may be relying on old technology which may no longer be secure
3)password cracking tools are much more intelligent and most use a combination of 3 methods to crack a password a) dictionary attack which is checking known common passwords ie 12345 or password b) hybrid attack checks a dictionary than tries common number/letter substitution ie password1 or switching i for 1 o for 0 3 for e etc c) brute force attack, basically trying every possible combination. The first 2 methods take very little time to hack a password ie hours to days.
As the previous poster mentioned, complexity by using special characters, numbers and capital letters is important as long as it is not obvious complexity ie "pa33w0rd" is not significantly more secure than "password" using modern tools. Entrophy is key to a good password, do not think password, think passphrase ie MyBlueD0gHas3Tails is extremely secure. This comic makes the point:
http://xkcd.com/936/
Any site that forces you to use a short password should be assumed to be insecure, and I would contact customer service and complain... the squeaky wheel gets the oil (even in IT). Complex helps but bigger is better.
1) any website that can tell you what your password is if you forgot it (instead of prompting you to reset it is using either a) no encryption b) reversible encryption, either way that means your data is stored using an insecure easily hackable method. The site should NEVER be able to tell you what your password is, this is an indication that they know your password.
2) a website forcing you to use a short password ie max 6 characters, or no special characters may be relying on old technology which may no longer be secure
3)password cracking tools are much more intelligent and most use a combination of 3 methods to crack a password a) dictionary attack which is checking known common passwords ie 12345 or password b) hybrid attack checks a dictionary than tries common number/letter substitution ie password1 or switching i for 1 o for 0 3 for e etc c) brute force attack, basically trying every possible combination. The first 2 methods take very little time to hack a password ie hours to days.
As the previous poster mentioned, complexity by using special characters, numbers and capital letters is important as long as it is not obvious complexity ie "pa33w0rd" is not significantly more secure than "password" using modern tools. Entrophy is key to a good password, do not think password, think passphrase ie MyBlueD0gHas3Tails is extremely secure. This comic makes the point:
http://xkcd.com/936/
Any site that forces you to use a short password should be assumed to be insecure, and I would contact customer service and complain... the squeaky wheel gets the oil (even in IT). Complex helps but bigger is better.
