TID: FMail-lnx64 2.3.2.6-B20251227   
   RFC-X-No-Archive: Yes   
   TZUTC: 0100   
   CHRS: CP850 2   
   PID: GED+LNX 1.1.5-b20240604   
   MSGID: 2:280/464 698718f2   
   REPLY: 2:221/1.58@fidonet 292e4e6a   
   Hi August,   
      
   On 2026-02-06 20:13:00, you wrote to me:   
      
    AA> I don't know about you, but many of my site/system logins are NOT   
    AA> email addresses.   
      
   You often don't have choice...   
      
    WvV>> [...] But sometimes databases   
    WvV>> get stolen. Or hackers get direct access to the systems that store the   
    WvV>> (encoded) passwords.   
      
    AA> I think unencryted databases are the true target.   
      
   Those are the targets with high reward, but they shouldn't exist anymore. ;-)   
      
    AA> And length is not as critical as to avoid outright guessable.  I have   
    AA> a friend who simply uses her first name and 1234 for her hotmail   
    AA> account, and her name is in the email address itself!   
      
   Hmmm... I'm surprised that is still allowed by hotmail...   
      
    AA> Another fellow uses the layout of the keyboard to guide him to   
    AA> "remember" his passswords.  Eg. the leftmost keys on the kb =   
    AA> qweasdzxc, or qazwsxed, and then some numbers.  Personally, I would   
    AA> not use that scheme as the sole pw. Instead, maybe the qweasdzxc or   
    AA> qazwsxedc strings could be one of the parts in [A] [B] [C] as a   
    AA> minimum.   
      
   I don't use such easy scheme's, but i sometimes use easy to type passwords   
   (for me) when I can't use a password manager.   
      
    AA> I do admit, that some of my sites don't follow exactly the same scheme   
    AA> between them. I do something different for financial/banking accounts too.   
    AA> And a few older sites have pws before I came up with the formula method.   
      
   My financial accounts all use some kind of 2 factor authentication nowadays   
   anyway...   
      
    AA> For recovery, facebook can send a 6-digit code to an email address   
    AA> that I had associated with facebook.  That works.  But when I enter   
    AA> the 6-digits at the facebook prompt for those digits, it comes up with   
    AA> "you have to use another device that you used before".   That   
    AA> requirement is stupid!   
      
   Indeed. Devices come and go, they shouldn't use a scheme that depends on it.   
   It would cause a lot of trouble...   
      
    AA> I think this might be the perfect time to drop Facebook.   
      
   It's always a good time to drop Facebook! ;-)   
      
      
   Bye, Wilfred.   
      
   --- FMail-lnx64 2.3.2.6-B20251227   
    * Origin: FMail development HQ (2:280/464)   
   SEEN-BY: 50/22 103/705 105/81 106/201 124/5016 128/187 153/757 7715   
   SEEN-BY: 154/10 30 110 203/0 218/700 221/0 226/30 227/114 229/110   
   SEEN-BY: 229/112 134 206 317 400 426 428 470 664 700 705 240/1120   
   SEEN-BY: 240/5832 266/512 280/464 5003 5006 291/111 292/854 8125 301/1   
   SEEN-BY: 310/31 320/219 322/757 341/66 234 342/200 396/45 423/120   
   SEEN-BY: 460/58 256 1124 633/280 712/848 770/1 902/26 5020/400 8912   
   SEEN-BY: 5054/30 5075/35   
   PATH: 280/464 460/58 229/426