No, those sites have nothing to do with this, only Mojang/Minecraft.
You're completely wrong, many sites have vulnerabilities from this exploit and is recommended to change your password for most sites you use. I do not have a complete list of all sites affected, but it is recommended.
I'm not gonna change my password because I have 1 password shared across all of my devices and due to my bad memory it takes a long time to burn a password into my memory. Besides, the exploit is already fixed so why should a change it.
I'm not gonna change my password because I have 1 password shared across all of my devices and due to my bad memory it takes a long time to burn a password into my memory. Besides, the exploit is already fixed so why should a change it.
Because your password may have been seen before the exploit was fixed. In any case, having 1 password for everything is dangerous. All it takes is for somebody to guess that 1 password and then they have everything from game logins to credit card and bank info. If you have trouble remembering passwords there are tools that can help with that, LastPass for example.
Oh my god! Unbelievable! Thanks for the post I changed mine
same here
and btw triangle, check out my latest creation post
Rollback Post to RevisionRollBack
"Hello, this is Cayde-6 of the Vanguard. I realize that this is an abuse of the Tower PA, but whoever took my Sparrow, I will find you. And you'll wear a sign that says you stole... nevermin, nevermind. It's right here, sorry"
In going to change my password, I've found another flaw in your security. Specifically, this, "Not strong enough! Must be at least 6 characters. Mix numbers, letters and symbols."
Why is this a security flaw? It's a set of rules. A program designed to "brute force" a password (and technically more sophisticated ones as well) can be coded to follow those rules. That means that it has just drastically reduced the number of possible "passwords" that it has to attempt in order to find the real one, because each combination of characters that is not "at least 6 characters. Mix numbers, letters and symbols." is automatically not a password, and thus not attempted. However, it's actually even worse than that. Anyone with a passing knowledge of psychology can take things one step further with their cracking software. By limiting the attempted passwords to things that follow certain common patterns, like "leet speak" or tacking a number onto the beginning/end of a password (typically either a single digit, a birthdate, the last part of a social security number, or the end of a phone number), it is possible to eliminate a large volume of valid but unlikely passwords. While this may sometimes result in missed matches, it will more often than not speed up accessing an account...and you can't simply make a rule against it, because 1) a hard rule would just be one more thing that a hacker could code for, and 2) it is easier to code these behaviours for a cracker than for the password system, because one does not have to concern itself with the inconvenience of "false positives".
So, in short, strict rules on password composition may be great for keeping out characters from the 90's movie "Hackers", but they're actually pretty counter-productive when it comes to methods of automated intrusion.
People are over-hyping this a little too much. It isn't some magic userlist grabber, honestly you can't get much if anything out of it. No need for a post like this.
Whoa. That is not good.
Changed my password!
You're completely wrong, many sites have vulnerabilities from this exploit and is recommended to change your password for most sites you use. I do not have a complete list of all sites affected, but it is recommended.
RIP (23.3.13 - 22.7.13)
My fan fiction of the game: http://www.minecraftforum.net/topic/1957118-programmer-my-first-fan-fiction/#entry24096758
Because your password may have been seen before the exploit was fixed. In any case, having 1 password for everything is dangerous. All it takes is for somebody to guess that 1 password and then they have everything from game logins to credit card and bank info. If you have trouble remembering passwords there are tools that can help with that, LastPass for example.
It affects everyone
same here
and btw triangle, check out my latest creation post
"Hello, this is Cayde-6 of the Vanguard. I realize that this is an abuse of the Tower PA, but whoever took my Sparrow, I will find you. And you'll wear a sign that says you stole... nevermin, nevermind. It's right here, sorry"
~Cayde-6
Why is this a security flaw? It's a set of rules. A program designed to "brute force" a password (and technically more sophisticated ones as well) can be coded to follow those rules. That means that it has just drastically reduced the number of possible "passwords" that it has to attempt in order to find the real one, because each combination of characters that is not "at least 6 characters. Mix numbers, letters and symbols." is automatically not a password, and thus not attempted. However, it's actually even worse than that. Anyone with a passing knowledge of psychology can take things one step further with their cracking software. By limiting the attempted passwords to things that follow certain common patterns, like "leet speak" or tacking a number onto the beginning/end of a password (typically either a single digit, a birthdate, the last part of a social security number, or the end of a phone number), it is possible to eliminate a large volume of valid but unlikely passwords. While this may sometimes result in missed matches, it will more often than not speed up accessing an account...and you can't simply make a rule against it, because 1) a hard rule would just be one more thing that a hacker could code for, and 2) it is easier to code these behaviours for a cracker than for the password system, because one does not have to concern itself with the inconvenience of "false positives".
So, in short, strict rules on password composition may be great for keeping out characters from the 90's movie "Hackers", but they're actually pretty counter-productive when it comes to methods of automated intrusion.