Password security
 

As a follow on to the recent banking security thread there was a rather interesting article in the guardian on password security.

There was a recommendation to use one of those password managers even though the article included the reference to the one recommended as having been compromised.:blink:

It seems there's nothing safe. :ohmy:

There were a few interesting ideas though. The first line of a song, maybe. Or an expression.

Such as I log on to British Expats daily at 9
Which would become IlotBEd@9
You need a way of recalling where the caps are but this example is easy.

Then you could take the first two and last two letters of the website you're logging onto. So sign on to Amazon and you have AMIlotBEd@9ON. Or Barclays becomes BAIlotBEd@9YS.

The theory is that passwords are all unique to whichever ever sites you sign on to, with no issue about forgetting them.

But if you get hacked, is it possible that a repeated website input - the IlotBEd@9 - gets picked up?

What about copying and pasting passwords that you have somewhere on your computer - disguised, of course.

Let's say you have a document of some "poems": The Amazon Jungle. The Barking Dog. Ode to a Twit. (see the clues in the title for Amazon, Barclays and Twitter? :lol:)

The third line in the second verse (or whatever) could be the password and you just copy and paste into the password box.
Perhaps this has the advantage of no keystrokes to pick up?

It could be anything, not just poems. Football results from a tournament, perhaps. A list of favourite movies in different categories. The third or fourth movie in each category is a password to copy/paste.

Anyone have any thoughts, warnings or tips?

Re: Password security
 

Bristol @ post #1

I didn't understand any of that

On passwords, why not just have zero similarity for any passwords used anywhere, from & to, including .... on line Banking or accounts with anyone, utility websites, social media accounts, Yahoo, Amazon, Best Buy, paypal, DHGate etc etc

Re: Password security
 

What's your method for A) remembering them and 2) which sites they belong to?

Re: Password security
 

My "secret question" for some banking thing or other is "knee pads, an airline bag and?"

Re: Password security
 

what i dont get is that you are not allowed to choose your own passwords..how many times is your password rejected because it doesn't have a capital letter a number and some other ! or ? in it... surely it is up to me what form my password takes regardless of how secure it is or not :sneaky:

Re: Password security
 

call me simple

In my case, my only on line passwords are for my email account + BE, both are totally different.

Should I remove myself from BE, it would be the email account log in only & I'm considering dropping the email account

No on-line banking, I do not purchase on-line, so that I do not have a registered account with say Amazon/Best Buy/Airline/Aeroplan etc. No social media or facebook, no frequent/loyalty program accounts

I do not have a paypal account, nor a utility company account

Although I have a credit card for emergency backup that I rarely if ever used, even that is not tied to an on-line account

I am one of a few that is not tied to on-line anything

Maybe others on BE are the same?


.

Re: Password security
 

your weight, colour of your eyes, when you first had sex, where & who with :rofl:

Re: Password security
 

I really suspect that, in these days, you are an exception rather then a common fact.

Re: Password security
 

If you use a password manager, back up your passwords through an alternate method too, because if you lose the master password, then your whole life (that is password-related) is wiped out. Ditto if the database file gets corrupted.

For the master password, print a list of things that each result in one or two characters of the password that only you can know the answer to. Example, the number of the house you grew up in; the first two letters of the first place you worked; etc. Make it varied so nobody could ever get them all however well they know you.

Re: Password security
 

Even though I'm a retired Engineer that worked in a Telecommunications, Broadcasting & (IP) Intellectual property industry, I'm a real idiot when it comes to stuff like this (from my years of protecting what I know from others), especially when I don't do all of the on-line things that most folks do that require them to have multiple (do I remember to forget the) passwords

So, my take on all this complicated user names & passwords - might that be like putting all your passwords on a word document then saving them to a USB stick, that you carry on a string around your neck?

Or maybe tattoo that 'master password' on your foot or another place on your body so that single 'master' password would then open to all the other passwords?



.

Re: Password security
 

What happens when you want to change your password, as it's suggested we do periodically ?

Re: Password security
 

in the real world one master password embedded on your body somewhere to the one single entry linked to all the others that you can change

OK, so suggesting changing a password frequently (those that have so many) results in the same 'where is it, do I remember it, can I remember my 'secret hint' - a trauma to a knock on the head - a person can forget everything

Way way over the top for such a simple exercise

Back before IT, or anything requiring passwords - how did folks manage to exist?

Big brother is watching & we are all so trusting, just like the folks that applied for jobs at McD's whose personal information was compromised, or the recent other events Cdn Tire, Shoppers.....

Want to add, that when I was working my office supplied computer did not have a password on it - because I had nothing to hide that was personal, nor did I do anything on that computer that was personal, nor was there a lock on my office door, desk or filing cabinet

I do not have a cell phone/smart phone either - wife has a calling only cell phone with no camera or texting/data capability

I'm a dinosaur

.

Re: Password security
 

I needed a PID (personal identity device - credit card style thing with magnetic strip) and a password to access DSS/DWP computer long before I ever went on line and I was accountable (not unreasonably) given the information I was accessing and processing. :nod:

I never knew such a thing existed. :lol:

Re: Password security
 

in all of that - as I posted previously....I'm a dinosaur & have managed to outwit the technology that I do not believe is necessary to the extent to be part of my/our lives, work or play.

KISS principle

I trust that all the folks with their tech devices, their passwords or access to whatever it is that controls their lives are able to sleep at night as well as to make sure that they never lose their connection to reality

Sleep well knowing you are secure, that all they systems around you never go down or that you have been compromised.

Re: Password security
 

I use this app on my phone to store all my passwords https://1password.com/features/

To open the vault I use the Apple fingerprint sensor thing, no long complicated password to get into it. Although it is written down somewhere just in case.

Re: Password security
 

I slept on this & have some further thoughts on the problem of security to frequently changing passwords

Since passwords can be hacked or compromised, even the biometric secured (eye & fingerprint readers) I was wondering if anyone has given the thought to changing passwords on a daily basis?

Wouldn't matter if you had one or 10 things that have or need passwords to - KISS principle of 'only one password' for each & everything that you do for that day, change again the next day & every day after that.

My example would be a 8 to 10 letter/word password, include if you want an 'underscore' _

So here is how I would do it

Over to Dollarama, from the toy section purchase a bag of childrens A-Z alphabet letters + a roll of that beige painters masking paper tape.

With all the letters in a bag, each morning at breakfast pick 8 to 10 random letters out of the bag. Line them up in a row, write them on a piece of the 'masking tape', that done, letters go back in the bag till the next day.

Place the tape strip with the letters on it to the waste band of your 'kecks' or on an undergarment. Remains with you for the day.

Change all passwords for all things that you need to do before leaving home.

Next morning repeat, just remember to keep the 'password of the day' strip from the previous day


.

Re: Password security
 

I barely have time to make a brew, brush teeth and pack a lunch never mind reset all my passwords

Re: Password security
 

Magnumpi, I reckon that you have all the time in the world to change your passwords on your 'smart phone' seeing that you spend most of your working day in your vehicle.

Keeping with the 'password of the day' [an easy one] which could be what you ate for dinner last night, repeating it daily.

sausage&mash

curriedchicken

or simply your favourite food

No worry about remember birth dates, number of the house that you lived at, your first employer.... all which are way too complicated

One password for everything, change it daily, just keep the password close to your body on a strip of tape or whatever

That would be my suggestion

easy right?

Re: Password security
 

40 passwords later and it's 4pm and I've missed all my appointments.

Re: Password security
 

:rofl:

Re: Password security
 

I have about 150 registrations on the web. There is definite overlap in my password choice, but probably around 50 unique passwords. They are on a spreadsheet which I update as required. However, lately Google seems to be memorising the user/password details accross all devices. No doubt as a good sheep, I switched this service on at some stage...although TBH it's very helpful.

Keep hearing tech predictions on a post-password paradigm, so hopefully that will be with us sooner rather than later. It does seem very old hat having to type in passwords to access accounts.

Re: Password security
 

How do you sleep at night?

Re: Password security
 

One of them is a site that plays white noise and things like waves washing over pebbles and it helps you to the land of nod. :lol:

Re: Password security
 

This may be a bit low-tech for some, but I read one security expert who recommended just writing down your passwords, as there is very little likelihood of crossover between cyber type criminals, and your average burglar.

Re: Password security
 

That depends on working in a fixed location. I need to access a range of systems from differing locations, sometimes I haven't used them for months. The owners of the systems are not amused if I can't remember my userid or password so I email them to my self, my inbox is full of emails titled the name of a computer, containing the credentials for that computer.
Life was easier when all the systems allowed my standard password but now the systems have slightly different requirements.

I was amused recently when, in the office, we were talking about the price of nearby houses and someone said she was a part time agent and could check them. She signed on to the professional mls using a token generator thing of a type that had been fashionable in the 1990s. I had a pocket full of them, all the same and so labeled with the name of the system to which they applied. Fortunately espionage hadn't been invented back then.

Re: Password security
 

if you were to write down a password, where would you store it?

Shard in a post up thread mentioned 150 on line registrations with 50 unique that is kept on a spreadsheet?

Where or how is the spreadsheet stored?

Re: Password security
 

Pleading the 5th on that. Let's just say the passwords themselves are only partially represented. Do I need a better system? Yes, absolutely.

Re: Password security
 

@ my post 26

Back in the mid 90's I was working with a crusty old IBM Engineer & we got talking about files, filing, security & lost information etc.

He smiled & said "I keep everything in my electronic note book" Of course the immediate image was a "laptop device" of some sort.

OK, I said, but I don't see it, where is it?

Out of his briefcase he pulled what looked like a book that turned out to be two 7" x 5" printed circuit boards (no components on them) with four 1.5" rings equally spaced along the 7" length to make it a ring binder that had front & back circuit boards. In between the circuit boards was 50 or so pages of white paper A-Z labelled.

He remarked "Electronic filing sucks", it can get corrupted, lost or compromised.

That was the 'IBM Engineer' safe filing system ... picture size perfect ;)