Amazon Flaw Lets Password Variants Through 159
Wired reports that it has confirmed a password flaw affecting some Amazon accounts. If your password hasn't been changed in a while ("the past several years"), it may be less secure than you'd like. As Wired explains, for these older accounts, "[...] if your password is “Password,” Amazon.com will also let you log in with 'PASSWORD,' 'password,' 'passwordpassword,' and 'password1234.'" The article suggests that Amazon's use of the Unix crypt() tool may be at fault. (Hat tip to E. Maureen Foley for pointing this out.)
Uhm... (Score:5, Funny)
Is it supposed to show all of my passwords in the article? Or do you just see stars?
Thankfully... (Score:5, Funny)
My password of hunter2 was not compromised.
5f4dcc3b5aa765d61d8327deb882cf99 (Score:4, Funny)
Re:Uhm... (Score:4, Funny)
I see Hunter2
Re:Why exactly is this a problem? (Score:5, Funny)
Just this morning my wife said she had gone to the bank to open an account for our son and they told her this bank has accounts for five people with the same name. We thought his name was less common than that. I asked her why she thought that was a big deal and she said "you know, when you use your name as your password" and I said what?.
passwordpassword (Score:4, Funny)
I hear the site also accepts minor misspellings, anagrams, close synonyms and Cockney rhyming slang.
Re:Thankfully... (Score:4, Funny)
What?