Ask MetaFilter posts tagged with password

My MacBook takes revenge on me for spilling bacon, beer and chocolate on it.

TomSophieIvy — Sun, 28 Sep 2008 18:26:03 -0800

My MacBook (2 years old) logs me out as soon as I log in. Exasperated details inside . . . Running OS X 10.4.11. Three logins - the other two are not affected. I've changed the password. I've googled and checked mac boards...
OK, my login is accepted - but then the login screen reappears after about 3 seconds. I try again, and again, and then the Three Stooges theme song cues in my head. The only thing that is different - the last thing I did was some kind of auto-update (no, I don't remember the program) and I don't recall if I signed in after that. (Yes, I am aware of how much that helps.)
Bonus points if the solution does not involve tracking down any of the original discs. Thank you!

How does my online banking fob work?

subpixel — Wed, 24 Sep 2008 16:48:50 -0800

How does my online banking fob work? Does it get numbers over-the-air or does it generate the according to some math I don't understand? Background: to access my bank account on the web, I need to use the little electronic fob CitiBank sent me when I registered for online banking. The device generates a six-digit number every minute or so. But where does that number come from? Is the fob generating or receiving it?

Anyone know of a small device with an LCD for securely storing passwords?

paulyballs — Fri, 29 Aug 2008 06:14:49 -0800

Anyone know of a small device with an LCD for securely storing passwords? An executive at my company is looking for a standalone device (not Blackberry password keeper) that he can carry around that will securely store all his passwords. He is looking for a portable password “keeper” with LCD. He is looking to store all his personal passwords, pin #’s, cc info and so on and to be able to view them without a computer present, hence the LCD requirement. Also it needs to be encrypted so if he loses it, no one can access the data. I haven't been able to find anything. Anyone ever heard of such a thing?

How do I enable simple file sharing on Server 2008 and stop my network from crashing?

Magnakai — Sat, 09 Aug 2008 09:15:12 -0800

How do I transparently share files from a Windows Server 2008 box to several XP computers? I want it to stop asking for a username and password when people try to access files. Also, can anyone point me in the right direction to solving this weird network issue I've been having? I've been assigned to run the IT stuff for the small business that I part-time for. They have four machines running Windows XP. One of them used to host all the office documents in a shared folder, enabling it to be accessed from across the network. They're connected via brand-new Cat 6 cables going into a wireless router, which is connected via another brand-new cable to a rather ancient 4-port ADSL modem.

They now have need of a dedicated server, and because of some incoming (in the next year) custom written software, it needs to be Windows Server 2008. I built them a low-cost machine with stable components and it seems to run fine.

I hooked it up to the network, connected to current share and transferred all the office files over. I then shared that directory. I created accounts that have the same username and passwords as the default accounts on the XP machines. I gave access to the office file directory to Everyone. At the top of that screen, it specified that if you selected Everyone, it wouldn't ask for a username or password. But it does!

When they were shared from the previous workstation, you could happily access them without entering a password. Is there any way to revert to this level of behaviour?

My second question follows from this - I tried accessing the folder from one of the comptuers on the workgroup, and I then entered Administrator and the password for the server into the request box that popped up. It connects absolutely fine. But once it's connected, at regular but random intervals, it seems to hang the workstation for a period of time and kill the network connection for the server. Other computers were able to access the network and connect to the internet fine. I can reproduce this problem Can anyone give me pointers to trying to diagnose this error, as obviously it makes the whole endeavour rather useless!

Any advice would be greatly appreciated, and thank you for reading this long question.

why am i so forgettable?

msconduct — Sat, 09 Aug 2008 07:55:15 -0800

how do i get firefox to ask me *again* to remember my password? sometimes when i'm unsure of a password, i tell the firefox prompt 'not right now' when it asks me if i want it to remember my password. problem is, after i figure out the %@^* password, it never asks me again. i currently keep my passwords in a text file so i can log in to different sites, but i'd much rather have it stored in the browser. thanks in advance for any help.

Trying Like Hell To Defeat The Purpose Of Encrypting Something In The First Place

ChasFile — Fri, 08 Aug 2008 18:04:28 -0800

How weak is it smart to allow my GPG key passphrase to get? When selecting a passphrase for my GPG key, is it important that it be maximally obfuscated (a random string of alphanumerics and special characters that is $MAX_STRING_LEN long)? Would it be acceptable to use a partially-obfuscated string that's at least memorizable? Would it be considered beyond the pale of idiocy to incorporate a word in the dictionary in the keyphrase?

Ideally, I'd like to be able to type the passphrase in from memory, and (for me) that is easiest done if – while incorporating special chars, numbers, and caps variations – is also at least based on an English word or phrase. Is that erect-a-monument-to-it stupid?

How to create a convenient and secure multi user set up in windows XP.

vegetableagony — Wed, 06 Aug 2008 14:02:08 -0800

What is the best way to set up multiple user accounts on my computer to: minimize security risk, allow me to keep some files/passwords private, but still let others use my computer for basic tasks? I like having all of my passwords saved, leaving all my websites logged in, and just generally needing to type passwords as little as possible. (currently I just use a master password in firefox)

But I also don't want anyone walking by my computer to be able to see my email and facebook (unpleasent experiences with modifications to my profile that took me a while to notice).

I also want to make sure that someone is able to use basic functions of my computer like web browsing and movie watching without needing a password.

Is there a better way of doing this than my current set up, which involvess one account with a password to login and a masterpassword in firefox, plus a guest acount?

On a mostly connected note, is there a reason for some web pages that I have a saved password/screen name they are pre entered and i only have to click login, but for others like gmail i have to type a couple of letters of my screen name before it offers the option of completing both the screen name and the password?

Whenever I require a password on my wireless network it slows to a crawl.

ssmith — Tue, 15 Jul 2008 22:14:16 -0800

Whenever I require a password on my wireless network it slows to a crawl. If i set a password my speed drops to half (or less), if I get rid of the password - leaving all the other settings the same - it pops back up to being fast and responsive. Is it normal that adding password security would slow things down *so* much?

I'm using Comcast cable as my provider. The cable modem is plugged into an AirPort Extreme 802.11g with fully updated firmware. I'm connecting an intel iMac and an old G4 titanium laptop. But I mostly notice the slowdown on the iMac.

Up to now wireless security hasn't really been that important, but I recently moved to an area where the houses are much closer together, and it's something that I finally want to address.

Network speed is something that's really important to me. I play a lot of online games where lag is a serious concern (DotA FTW) as well as stream video, XBox Live etc.

Is there going to be a "secret setting" where I can have the best of both? It seems like I've tried every variation and option without success.

Would I need an anti-keylogger for Vista?

gttommy — Sat, 05 Jul 2008 19:37:04 -0800

Would I need an anti-keylogger for Vista? I do online shopping/banking/etc and I'm wondering how dangerous it is without an anti-keylogger on a Vista platform. I've already paid for one on an XP machine, but the company doesn't have a version for Vista. Before I buy another for Vista I'd like to know what the mefites think about this.

Just like the neighbor's cat in your kids' sandbox...

bonobo — Sun, 22 Jun 2008 19:06:04 -0800

What am I doing to my links pointing to images in a private directory that prevents me from seeing the pics in Dreamweaver CS3 Design mode? Searching Adobe's Knowlegebase and Google yields a flood of others' issues with setting up passworded sites or Dreamweaver forgetting FTP login info and I can't narrow the results to the problem I'm having.

I just started building a web site and I'm rusty in HTML and am learning CSS. After I edit the code, I do like to check it out in Design view. Currently, I'm uploading things to a private directory (passworded .htaccess on a Zeus server not managed by me) so my business partner can see pages before the site goes "live." Viewing the site through a browser, one is prompted to enter the name and password to see this directory's content. No problems there. I have no troubles with file management in DW's FTP prog or in FileZilla, either.

Suppose the page I'm working on is located at http://www.[mydumbsite].com/public_html/sandbox/mydumbpage.htm . "Sandbox" is the passworded directory. My stylesheet for CSS is located in the same directory and the page refers directly to mydumbstylesheet.css . The pics reside below "sandbox" in folders "dumbimages" and "dumbimages/dumbthumbs." The stylesheet's effects on my .html pages show up in Design mode. The images do not. When it's all said and done, the images ARE there on the site and appear in the final product. I would just like to know what I'm doing or not doing that keeps me from being able to preview.

How do I refer to the image locations the short way (vs. "http://www.[mydumbsite].com/public_html/sandbox/images/dumbpic.jpg") so DW is not blocked access? Or Is there a way to tell DW to prompt me to get into pw'd dirs in preview mode?

Any other methods/advice (other than "OMG don't use THAT program, I write code with Sith blood on tree bark") are welcome.

Thanks!

Windows XP demands User Account password that doesn't exist.

Deflagro — Sun, 22 Jun 2008 14:00:00 -0800

My Windows XP randomly asks for a password for the User Accounts when there is no password, but will accept a blank password field. How do I fix this? This started about 6 months ago. It will do this for several weeks and then sometimes stop for a week or so. The only problem with this, if I try to Switch Users (not Log Off), it will demand a password and not accept that there is no password. I cannot log back on to the running account, nor to any other accounts, I just have to perform a hard-shutdown. Since this is a shared computer, (none of the accounts have passwords) one person can't leave a program running and let someone else switch users and is forced to either stop the program, or just use that person's Account.

All accounts are set to Administrator if that makes a difference. It has always been like that and we haven't had this problem before. Also when I open Manage User Accounts in the Control Panel it says that there is not any passwords for any accounts. Anyone else have this problem? How do I fix this?

Dell Inspiron 5100 BIOS password reset?

doomtop — Wed, 18 Jun 2008 10:04:46 -0800

Dell Inspiron 5100 BIOS password reset? Dell Inspiron 5100 has a BIOS password set. Won't boot the computer, won't allow access to the BIOS without entering password. Don't know password.

From what I've read you have to completely disassemble the laptop to disconnect something and then re-solder it afterwards in order to reset the password.

I've also read that Dell can generate a master password if you can prove ownership. I don't know who owned this thing originally though.

Any way to generate a master password without Dell's help??

I found a master password generator software, but doesn't work for my system number, which ends in A95B. I guess if I had an older model this would work. Is there a master password generator for these newer ones? I've looked and looked, but came up short.

I saw this previous question but the guy didn't get the answer I'm looking for. I'm hoping the newer master password generator may be more available nowadays...

Should I worry about my physically lost, encrypted passwords?

TooManyGadgets — Mon, 16 Jun 2008 03:16:06 -0800

So, I lost my USB stick. No big deal - except it has my password database on it. The password database is a KeePass variant, encrypted with a password that, while not weak, is only rated at 64-bits.

The USB drive also contains a copy of KeePass (but no other identifying information). It was a rather attractive model; I imagine that someone's picked it up and thought "ooo, shiny", and claimed it as their own.

Given that any Joe/Jane Dishonest could have picked it up, what are my chances of:

1) Having it picked up by someone who would actually try cracking it open (assuming they know how, or can be bothered), and

2) Them cracking open the database and causing me grief?

My question boils down to this: should I be worried enough to change passwords to key services, such as my e-mail?

I have a copy of the password database, so thankfully I still have access to everything I need to. (And my Internet Banking passwords aren't written down anywhere.)

Is more simple bank web security better?

rongorongo — Fri, 06 Jun 2008 06:22:15 -0800

I have noticed that there seems to be a split between some banks/financial institutions who maintain complex security around their on-line account access and others who seem to have actively migrated towards a much simpler approach. Is there any evidence that the "simple" approach is either more or less secure than the "complex" one? By "complex" I am talking about institutions that ask their users to memorise several passwords and then ask for one or two of these at random on login. There is also a likelihood that use might be tied to a particular PC with a physical token or a cookie. An additional one-time access code may be required. By "simple" I am talking about cases where users are asked something like "enter characters x, y and z from your password" - and perhaps for one other fixed detail. Users are also able to log in from pretty much any PC they choose.

My guess is that the latter group has lower support costs and less frustrated users. But are there real world difference in the security levels?

Can I legally log into an employees webmail if they left their password on a company computer?

procrastination — Mon, 19 May 2008 07:17:24 -0800

Say I have an employee who was using a company computer. They departed under bad terms. I suspect that they took proprietary and valuable company documents with them when they left by sending them to themselves or someone else using a webmail service. If I can recover their webmail password from the company computer they were assigned, is it legal for me to log in and check to see if they did this? Why or why not? This is in the United States. My understanding is that employees have no expectation of privacy on company assigned computers. This is a semi-hypothetical question, since I am not about to do it, but I am working on a forensics case where the possibility might come up. I will definitely check with a lawyer, probably the one who hired me to do the investigation, and if it seems legal and they want it done, will ask for a letter of indemnity from them. I know you are not my lawyer and will not construe your answers as legal advice.

Less passwording in Vista!

YoungAmerican — Sat, 10 May 2008 09:17:02 -0800

In Vista, how do I turn off the user login/passwords every time the computer goes to screensaver? My fiancee's mother recently upgraded to Vista, and is totally happy with the computer, except that instead of having to log in to her user profile only when she starts up her computer, she now has to login every time she comes back from the screensaver. For the life of me, I can't figure out how to change it. She wants to keep the profile, and the login on startup, but not every time she leaves the computer for three minutes. Anybody?

What is a good multiuser password solution?

tracert — Thu, 08 May 2008 14:59:02 -0800

What is a good multiuser password database? At work we have a password problem. Tons of web site control panels, web based email accounts, and passwords for in house things, with tons of people wanting access. Currently, we sort of let each sub group in our organization take care of their own stuff, but things are getting out of hand.

Therefore, I want to put a multiuser password database into place so we can control who can see what, and who can enter new passwords. The ideal solution:

-Supports multiuser with permissions based access
-Integrates with active directory
-Has a web interface
-Has a highly encrypted database
-Logs all access for review
-Is delicious

It's okay if there isn't anything that can do all that, but true multiuser support is very high on my list of things I'm looking for. Can anyone point me in the right direction?

Do password protected blogs exist?

Planet F — Mon, 28 Apr 2008 19:41:04 -0800

I'm going to be doing some pretty extensive travelling next year, and I want to keep my family and friends up to date on my experiences. However, I want to do this in a way that doesn't inform general randoms about my movements... in other words, do password-protected blogs exist? If they do exist, could you recommend me one that would be simple to navigate for me (a very non-tech savy person who only found out what defragging was last year), and that would be easy to understand for my family, some of whom get confused with the latest-post-at-the-top format.

Any recommendation should include video and photo capabilities (another reason I don't really want it open to the public!!!!)

Can I make this secure?

Ignatius J. Reilly — Sun, 23 Mar 2008 19:54:06 -0800

Is there an easy way for a non we-savvy person to create a password-protected url on which to demo a website before taking it "live?" I have had an outside contractor develop a website for a client, and I want to be able to demo the site securely before taking it live. If I buy a domain and pay for hosting, is there an easy way that I make it require a password to view any web pages that are hosted there?

Is someone using my e-mail address or is it just a mistake?

nekton — Mon, 04 Feb 2008 10:01:42 -0800

I received a registration e-mail for online credit card services that I did not submit. The links in the e-mail are authentic (i.e. they are from the actual credit card company's domain and all the headers are authentic too), but when I called the company they said that my e-mail address wasn't in their files. The contents of the e-mail are essentially:

"We've started your online registration. Your user ID is your credit card number ending in #### and your temporary password is *****."

Iwould assume it was someone mistakenly entering my e-mail address while registering their card, except for the fact that the company doesn't have my e-mail address on file. I've already changed my password, in the event someone else is purposefully using my e-mail address.

What's going on? Is there anything I should do?

unlocking the magic box

kerning — Sat, 26 Jan 2008 21:21:42 -0800

my work threw out an old g4 imac (the dome with the flat-panel type) and i took it home (with their permission). unfortunately, when i boot it up, the only option it gives me is to sign in under the admin, and i don't know that password. our IT guy wasn't too much help. how can i reset this imac? the IT guy seems reluctant to give me the pw, which i can understand. he's also pretty busy, so i can't really bring it in and ask him to do anything to it. i mean, i got it for free. :)

i have an os X install disk from my old g3 ibook (it's just 10.1). i'm also using a windows keyboard with it. i don't want to spend a lot of money trying to get this to work -- we're only using it until april, when we get our tax returns back and we can go buy a new imac. i tried holding down the "c" key while restarting with the os X install disk in the drive, but it didn't boot from the install disk like it's supposed to. what other options do i have? i can't even get past the login screen!

How to limit daughter's access to wireless internet

Turtles all the way down — Wed, 16 Jan 2008 15:13:53 -0800

Please help my friend limit his daughter's access to the internet at night. Here's the situation: my buddy trusts his fifteen-year-old daughter to access the internet unsupervised, but has of late found her on the net at two in the morning. She's accessing using her Mac via their Airport base station. Thus far he's logged her off every night at 9 p.m. and changed the password.

The problem is that she (says that she) from time to time needs access to the net to do homework. He goes downstairs and logs her on, but then her computer remembers the password and she's free to do whatever she wants unless he goes back and changes the password again. But meanwhile all the other computers on his home network can't be used until the newest password is entered.

Technical or social approaches to this problem are welcomed.

Help me snatch a hacker/spammer

snsranch — Mon, 31 Dec 2007 16:24:09 -0800

My hotmail acct has been hacked/cracked and is being used to spam people including a few MeFites. I'm pissed and concerned. Please hope me! I've changed my password to something I think is pretty uncrackable but it's still happening.

Ultimately, I know, I should just use a g-mail acct. But in the mean time, what can I do to investigate, complain and secure the info that exists there in my acct?

It's also odd that at least one Mefite has been spammed who I've never had contacted with hotmail. So I believe that this might be MeFi related too.

p.s. Should I post a PSA to MeTa to let folks know that I'm not spamming them?

Just when I get the password, I can't get to the site.

aclevername — Wed, 19 Dec 2007 22:46:31 -0800

I cannot connect to one specific website. It’s obviously an issue with something I did, but I have no idea how to fix it. This is rather embarrassing, as the site in question Kardasi.com hosts explicit fanfiction. It’s normally password protected. Here’s where it gets complicated.

The site hosts various explicit (PW protected) pages of Harry Potter fanfic. You get the password by joining a Yahoo Group. I could get to the main HP fic page before I acquired the password, but couldn’t access any of the (first wave, etc.) stories without the password. Once I joined the specified Yahoo group and got the PW, I couldn’t access the site.

I initially thought this was a coincidence. But I’ve been trying for 3 days and it always times out. I’ve tried on Firefox 2,0 and the latest SP2 IE tabbed browser (I can’t figure out where to find the version #) and neither work.

Tonight I checked the main page (kardasi) at a friend’s with Firefox (at least 2.0 if not earlier) and it worked fine at my friend’s place. Same ISP. So I tried system restore to Before The Password (when it worked) and nothing. I also uninstalled my virus software (AVG Free) because it was constantly calling for a reboot. That didn’t help either. I’m at a loss. This page works at my friend’s house. It worked before I joined the Yahoo group for it (a strange coincidence).

Sorry so long and repetitive, but I thought it would help to know what I’ve tried, etc. Reading Fanfic isn’t that important, but now it’s the principle of the thing.

Google Desktop Search wont let me log in to my gmail account.

Popcorn — Thu, 15 Nov 2007 19:04:42 -0800

Google Desktop Search won't Login to Gmail when I give it the correct account details. The same credentials work in Gmail and across the Google system, but not in GDS. What is going on? Every time I Click a page on the local GDS server, it tells me that there is a problem that GDS needs my help to fix. When I click the link it prompts me to give my credentials again.

I've tried to reinstall with a few different versions and all are showing the same problem.

I've also changed my password on the account and tried the new password, didn't work.

I've also tried a bunch of permutations of the login with capitalization and including "@gmail.com" after the username, to no avail.

I had this same problem the last time I installed GDS about 6 months ago, but I forget how I fixed it then. A few hours searching Google and groups has yielded nothing, so I'm thinking this is a problem that is a result of something stupid on my part.

OS: XP sp3
Comcast cable internet, no router
Norton internet security 2007 (I tried turning this off, but it didn't help)