A random thought in a random sort of randomly way that is more random than a computer’s random number generator.

There is a lot of fuss about the heartbleed exploit that has, for the past two years made it possible for anyone who knew about it, to read any secure communications sent over otherwise thought to be secure websites.

heartbleedThat’s if anyone used it, and then only if they were able to somehow extract any useful information from the exploit.

However, whenever a hack of passwords or whatevers takes place we are exhorted to change our passwords. Today, the porn to food photos service Tumbler suggested people take the day off work and change ALL their passwords, everywhere.

The thing is, just how easy is that to do?

Despite a general reluctance to leave digital droppings without cleaning them up afterwards, I have usernames and passwords all over the place.

When Adobe was hacked recently, I received an email from them, even though I have no recollection of ever opening an account. So how would I have known to change that password when I don’t even know I have an account there?

Likewise, I am job hunting at the moment, and it is baffling, and deeply frustrating at how many companies require me to create a user account, just to be able to send them a copy of my CV. I am opening dozens of accounts all over the place that I will never use again.

Ugh!

So, here is the random suggestion.

Right now, for me to reset my password on, for example, 100 websites does indeed mean taking a day off work, trawling through years of emails to see where I have accounts, and manually resetting all those website details.

What if there were an industry standard for website password change services to accept a remotely triggered request from an authorised service?

So I go to a “give me all my accounts” webservice, and it pings my email address to every single website that supports that facility, and into my email box arrives an email with a long list of websites that replied with “yes, this email address has an account with us”.

Or something similar.

It doesn’t change the passwords, it just gives me a list of services where I have a password.

Not foolproof, and yes, miscreants will find ways to abuse it, as they do with everything eventually.

But it would make it a lot easier to ensure that I do indeed change all my passwords, or more likely look at the list and tell half of them to remove my details as I never use their service. And that is a good thing in itself.

I run a few websites, and regularly delete dead account data. If, or more likely, when, my websites are hacked, I don’t want to be contacting people who last logged in 5 years ago to tell them I lost their passwords. It’s embarrassing enough with the active customer base, let alone dealing with long since former customers who probably forgot I even exist..

So, there you are — a random thought that a) companies should delete dead account data, and b) wouldn’t some universal reset all my passwords ping service be a damn useful thing?

Incidentally, I use LastPass to store passwords in my computer, and every account I open now uses a random password that I don’t bother remembering any more. In fact, I have no idea what the password is for the vast majority of websites I have used/reset in the past 6 months.

Of course, that is then a single point of failure, which I really don’t like, and if it goes down I need to reset all my passwords.

So, that password reset ping service would come in really handy on that day!

NEWSLETTER

Be the first to know what's on in London, and the latest news published on ianVisits.

You can unsubscribe at any time from my weekly emails.

SUPPORT THIS WEBSITE

This website has been running now for just over a decade, and while advertising revenue contributes to funding the website, but doesn't cover the costs. That is why I have set up a facility with DonorBox where you can contribute to the costs of the website and time invested in writing and research for the news articles.

It's very similar to the way The Guardian and many smaller websites are now seeking to generate an income in the face of rising costs and declining advertising.

Whether its a one-off donation or a regular giver, every additional support goes a long way to covering the running costs of this website, and keeping you regularly topped up doses of Londony news and facts.

If you like what your read on here, then please support the website here.

Thank you

4 comments
  1. Annabel says:

    Is LastPass portable? I have been thinking of starting to use it, but I often log in on a tablet or even on my phone, and certainly don’t want to be remembering random passwords – it’s hard enough remembering which password I used for which site as it is!

    • IanVisits says:

      Best to check with their website. I know there are mobile apps, but not something I have worried about looking into myself.

  2. Terence Eden says:

    LastPass (which does work on mobile) now includes Heartbleed checking.
    http://blog.lastpass.com/2014/04/lastpass-now-checks-if-your-sites-are.html

  3. Ed says:

    with regards the job-hunting …just give me a application form and be done with it already!

Home >> News >> Miscellaneous