Date: Wed, 16 May 2018 19:02:08 -0400 From: "Denny O'Breham" <obreham@...il.com> To: passwords@...ts.openwall.com Subject: Re: Keeping old passwords What I find funny is that while I was logging from unusual IPs and browsers, I was able to do whatever I wanted (log off & on again). It is only when I returned to my usual IP and browser that I got the 'You must change your password' message. I understand that if they asked on the unusual locations, they could have simply forced the 'hacker' to change my password. Then again, if I didn't log on for a week or a month, the hacker was free to do whatever he wanted with my account during that time. So what protection do I gain as a user? Once the 'hacker' is logged on, you're pretty much done, no? Just sending an email to the user's recovery email to inform the user of suspicious activities might be better. Although, some users have their recovery email forwarded to their gmail account ... so the hacker will have a field day with this, just like if there was nothing done at all.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ