Menu
My university requires you to change passwords regularly. If I try any variation on my current password I get the message:
The new password you have entered is not acceptable for the following reason: That password is too similar to the old one! Please try again please go back and try again.
Now I'm no cryptographer, but if they can compute a similarity measure between the new and old passwords, doesn't this mean that passwords are being stored insecurely, or even in plaintext?
EDIT: I may be being an idiot. They do require you to enter the current password as well.
558
The password entered by user is concatenated with a random generated salt as well as a static salt. The concatenated string is passed as the input of hashing function. The result obtained is stored in database. Dynamic salt is required to be stored in the database since it is different for different users.
Make your password long. 12-14 characters are recommended. Use a mix of characters like capitalization, symbols and numbers. Use a different password for every account.
Password managers are the best bet for protecting passwords, according to Hive, which also found that a 12-character password created by a password manager could take some 3,000 years to brute-force crack.
Try using a desktop application like KeePassXC. It stores encrypted versions of all your passwords into an encrypted digital vault that keeps you secure with a master password, a key file, or both.
Do you have to enter your current password when changing passwords? Perhaps they're verifying that the current password hashes to the right value, and the comparing the plaintext to the new password.
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
