Comments on: Now is a good time to re-set your Twitter password and disable Java in your browser

By: Kimmo

Kimmo — Sun, 03 Feb 2013 10:32:00 +0000

And that would be precisely what I seemed to recall.

<3 Randall Munroe.

By: Charlie B

Charlie B — Sun, 03 Feb 2013 04:00:00 +0000

Netscape’s strategy of renaming livecript “javascript” was fscking brilliant, eh? Several million bucks of advertising… paid for by Sun. Of course in the end Oracle and Microsoft ate them both.

By: Charlie B

Charlie B — Sun, 03 Feb 2013 03:56:00 +0000

NASA. I told them not to, but they got all pissed off.

I am totally not kidding.

By: Sign Ahead

Sign Ahead — Sat, 02 Feb 2013 22:00:00 +0000

That’s exactly what I was doing. Thank you, Aleknevicus!

By: Aleknevicus

Aleknevicus — Sat, 02 Feb 2013 21:16:00 +0000

Make sure you’re not mistaking Javascript for Java (they’re not the same). The former is very commonly used, the latter much less so. You’d have to have very out of the ordinary browsing habits if most of the websites you use require Java.

By: Rindan

Rindan — Sat, 02 Feb 2013 19:32:00 +0000

This is a valuable lesson in why you should use a password locker of some flavor. When one of these sites gets hacked, I just setup another random string for a password and call it a day. If all your passwords are different, you don’t need to trust anyone to secure your password. Toss on a layer of 2-step into your e-mail and baking stuff and you are golden. You are not impervious to an attack, but you are far harder than most people and probably only are vulnerable if someone is specifically out to get you personally.

By: Sign Ahead

Sign Ahead — Sat, 02 Feb 2013 17:51:00 +0000

My computer expertise is limited to some very specific applications. Outside of those, I’m only moderately competent, so I think I missed something important in this discussion.

Yesterday, I disabled Java (in Google Chrome) and tried navigating the web. Most of the sites I use regularly, for work and entertainment, stopped working. There were key functions I simply couldn’t use without Java enabled. Is there a workaround for this? Or is it simply a choice between usability and safety?

By: dragonfrog

dragonfrog — Sat, 02 Feb 2013 16:01:00 +0000

As ohbejoyful says – lots and lots of enterprise-y systems rely on Java on the desktop, to overcome the horribleness of IE 6, which the entire organization is stuck using because their online timesheet system isn’t supported on other browsers (it may work better on other browsers, but it isn’t supported).

By: Hugh Johnson

Hugh Johnson — Sat, 02 Feb 2013 15:18:00 +0000

Shocked kitty!

By: millie fink

millie fink — Sat, 02 Feb 2013 13:59:00 +0000

Can’t be good if it’s not weird.

By: MarcVader

MarcVader — Sat, 02 Feb 2013 12:20:00 +0000

Dammit! I’ll have to change all these passwords from “password” to “1234password” now!! FML

By: Aleknevicus

Aleknevicus — Sat, 02 Feb 2013 07:44:00 +0000

I think you’ve missed what Kimmo was suggesting/enquiring about: Rather that using 6 characters chosen from a set of 72, isn’t it better to choose more than 6 characters from a set of 26?

The answer is yes, so long as you choose 8 or more characters:

72^6 ~= 139 billion
26^8 ~= 208 billion

(And importantly, as per the XKCD reference, it can actually be *easier* for a human to remember a 20-character password made up from the lowercase alphabet, than it is to remember a 10-character password made up from a set of 72.)

By: Rezeya Montecore

Rezeya Montecore — Sat, 02 Feb 2013 05:31:00 +0000

And they forgot to tell us about their “1 weird clue.”

By: robuluz

robuluz — Sat, 02 Feb 2013 05:12:00 +0000

I kind of thought it would be someone like that.

By: ohbejoyful

ohbejoyful — Sat, 02 Feb 2013 05:01:00 +0000

The html interface to a lot of Oracle systems use java, which means lots of people in very large companies have to have it turned on, at least in one browser.

By: dragonfrog

dragonfrog — Sat, 02 Feb 2013 04:39:00 +0000

Only if you’re choosing fully at random among the character set for your password. Which you’re not.

By: compfeznetau

compfeznetau — Sat, 02 Feb 2013 03:36:00 +0000

Link is down?

By: David_Gervais

David_Gervais — Sat, 02 Feb 2013 03:22:00 +0000

It’s the other way round. If you have 6 characters, all lower case, you have 26^6 possible passwords, easily brute-force broken.
Use upper and lower case; 52^6;
add ten digits; 62^6;
add 10 other chars; 72^6; at present, almost unbreakable.
This works even better with 8 characters.

By: coop

coop — Sat, 02 Feb 2013 02:57:00 +0000

Obligatory XKCD reference: http://xkcd.com/936/

By: robuluz

robuluz — Sat, 02 Feb 2013 02:16:00 +0000

Who’s still running Java?

By: Kimmo

Kimmo — Sat, 02 Feb 2013 02:05:00 +0000

I seem to recall seeing something that said password length matters a lot more than special characters, so wouldn’t something like this be quite secure?

ohmydobbsicantbelievewhatapaininthearsethisis

By: Rick Adams

Rick Adams — Sat, 02 Feb 2013 01:57:00 +0000

How do you expect anyone to fall for this when you use appropriate grammar?

By: Jason

Jason — Sat, 02 Feb 2013 01:48:00 +0000

It’s OK. After the last twitter compromise, I used a random-password generator. My password for twitter is now

|uO(f}af94e^`GPwjjL5F7.sSRos]z~5r9Jb!MJH2A6;g7DRqk

if you can believe that. Takes me forever to type, but there’s no way it’s going to be cracked.

By: Guysmiley

Guysmiley — Sat, 02 Feb 2013 01:39:00 +0000

There are so many zero day Java exploits in the wild, unless you have a clear need to have it enabled in your browser (and no, Minecraft doesn’t count, download the standalone) you should have it OFF.

By: cameronhorsburgh

cameronhorsburgh — Sat, 02 Feb 2013 01:32:00 +0000

So 250,000 people are going to get an email claiming to be from Twitter saying their passwords have been compromised and they need to create new ones.

Somehow, just somehow, I think a few more than 250,000 people are going to get email claiming to be from Twitter saying their passwords have been compromised and they need to create new ones.

By: Anne Onimos

Anne Onimos — Sat, 02 Feb 2013 01:25:00 +0000

Seems like it’s probably an even better time to re-set your Facebook, iTunes, Google, YouTube, Pinterest, Tumblr, etc., etc. password.

By: Brainspore

Brainspore — Sat, 02 Feb 2013 01:18:00 +0000

I CAN’T BELIEVE MY MOTHER’S FRIEND MAKES $21,283 A DAY WATCHING CAT VIDEOS ONLINE. BEST QUALITY PHARMACEUTICALS http://www.totallylegitproducts.cn #notascam #bejing