Password security
#1
Password security
As a follow on to the recent banking security thread there was a rather interesting article in the guardian on password security.
There was a recommendation to use one of those password managers even though the article included the reference to the one recommended as having been compromised.
It seems there's nothing safe.
There were a few interesting ideas though. The first line of a song, maybe. Or an expression.
Such as I log on to British Expats daily at 9
Which would become IlotBEd@9
You need a way of recalling where the caps are but this example is easy.
Then you could take the first two and last two letters of the website you're logging onto. So sign on to Amazon and you have AMIlotBEd@9ON. Or Barclays becomes BAIlotBEd@9YS.
The theory is that passwords are all unique to whichever ever sites you sign on to, with no issue about forgetting them.
But if you get hacked, is it possible that a repeated website input - the IlotBEd@9 - gets picked up?
What about copying and pasting passwords that you have somewhere on your computer - disguised, of course.
Let's say you have a document of some "poems": The Amazon Jungle. The Barking Dog. Ode to a Twit. (see the clues in the title for Amazon, Barclays and Twitter? )
The third line in the second verse (or whatever) could be the password and you just copy and paste into the password box.
Perhaps this has the advantage of no keystrokes to pick up?
It could be anything, not just poems. Football results from a tournament, perhaps. A list of favourite movies in different categories. The third or fourth movie in each category is a password to copy/paste.
Anyone have any thoughts, warnings or tips?
There was a recommendation to use one of those password managers even though the article included the reference to the one recommended as having been compromised.
It seems there's nothing safe.
There were a few interesting ideas though. The first line of a song, maybe. Or an expression.
Such as I log on to British Expats daily at 9
Which would become IlotBEd@9
You need a way of recalling where the caps are but this example is easy.
Then you could take the first two and last two letters of the website you're logging onto. So sign on to Amazon and you have AMIlotBEd@9ON. Or Barclays becomes BAIlotBEd@9YS.
The theory is that passwords are all unique to whichever ever sites you sign on to, with no issue about forgetting them.
But if you get hacked, is it possible that a repeated website input - the IlotBEd@9 - gets picked up?
What about copying and pasting passwords that you have somewhere on your computer - disguised, of course.
Let's say you have a document of some "poems": The Amazon Jungle. The Barking Dog. Ode to a Twit. (see the clues in the title for Amazon, Barclays and Twitter? )
The third line in the second verse (or whatever) could be the password and you just copy and paste into the password box.
Perhaps this has the advantage of no keystrokes to pick up?
It could be anything, not just poems. Football results from a tournament, perhaps. A list of favourite movies in different categories. The third or fourth movie in each category is a password to copy/paste.
Anyone have any thoughts, warnings or tips?
#2
Re: Password security
Bristol @ post #1
I didn't understand any of that
On passwords, why not just have zero similarity for any passwords used anywhere, from & to, including .... on line Banking or accounts with anyone, utility websites, social media accounts, Yahoo, Amazon, Best Buy, paypal, DHGate etc etc
I didn't understand any of that
On passwords, why not just have zero similarity for any passwords used anywhere, from & to, including .... on line Banking or accounts with anyone, utility websites, social media accounts, Yahoo, Amazon, Best Buy, paypal, DHGate etc etc
#3
Re: Password security
What's your method for A) remembering them and 2) which sites they belong to?
#5
Every day's a school day
Joined: Jan 2005
Location: Was Calgary back in Edmonton again !!
Posts: 2,667
Re: Password security
what i dont get is that you are not allowed to choose your own passwords..how many times is your password rejected because it doesn't have a capital letter a number and some other ! or ? in it... surely it is up to me what form my password takes regardless of how secure it is or not
#6
Re: Password security
call me simple
In my case, my only on line passwords are for my email account + BE, both are totally different.
Should I remove myself from BE, it would be the email account log in only & I'm considering dropping the email account
No on-line banking, I do not purchase on-line, so that I do not have a registered account with say Amazon/Best Buy/Airline/Aeroplan etc. No social media or facebook, no frequent/loyalty program accounts
I do not have a paypal account, nor a utility company account
Although I have a credit card for emergency backup that I rarely if ever used, even that is not tied to an on-line account
I am one of a few that is not tied to on-line anything
Maybe others on BE are the same?
.
In my case, my only on line passwords are for my email account + BE, both are totally different.
Should I remove myself from BE, it would be the email account log in only & I'm considering dropping the email account
No on-line banking, I do not purchase on-line, so that I do not have a registered account with say Amazon/Best Buy/Airline/Aeroplan etc. No social media or facebook, no frequent/loyalty program accounts
I do not have a paypal account, nor a utility company account
Although I have a credit card for emergency backup that I rarely if ever used, even that is not tied to an on-line account
I am one of a few that is not tied to on-line anything
Maybe others on BE are the same?
.
Last edited by not2old; Mar 31st 2017 at 8:21 pm.
#8
Re: Password security
call me simple
In my case, my only on line passwords are for my email account + BE, both are totally different.
Should I remove myself from BE, it would be the email account log in only & I'm considering dropping the email account
No on-line banking, I do not purchase on-line, so that I do not have a registered account with say Amazon/Best Buy/Airline/Aeroplan etc. No social media or facebook, no frequent/loyalty program accounts
I do not have a paypal account, nor a utility company account
Although I have a credit card for emergency backup that I rarely if ever used, even that is not tied to an on-line account
I am one of a few that is not tied to on-line anything
Maybe others on BE are the same?
.
In my case, my only on line passwords are for my email account + BE, both are totally different.
Should I remove myself from BE, it would be the email account log in only & I'm considering dropping the email account
No on-line banking, I do not purchase on-line, so that I do not have a registered account with say Amazon/Best Buy/Airline/Aeroplan etc. No social media or facebook, no frequent/loyalty program accounts
I do not have a paypal account, nor a utility company account
Although I have a credit card for emergency backup that I rarely if ever used, even that is not tied to an on-line account
I am one of a few that is not tied to on-line anything
Maybe others on BE are the same?
.
#9
Re: Password security
If you use a password manager, back up your passwords through an alternate method too, because if you lose the master password, then your whole life (that is password-related) is wiped out. Ditto if the database file gets corrupted.
For the master password, print a list of things that each result in one or two characters of the password that only you can know the answer to. Example, the number of the house you grew up in; the first two letters of the first place you worked; etc. Make it varied so nobody could ever get them all however well they know you.
Last edited by pdarwin; Mar 31st 2017 at 10:55 pm.
#10
Re: Password security
If you use a password manager, back up your passwords through an alternate method too, because if you lose the master password, then your whole life (that is password-related) is wiped out. Ditto if the database file gets corrupted.
For the master password, print a list of things that each result in one or two characters of the password that only you can know the answer to. Example, the number of the house you grew up in; the first two letters of the first place you worked; etc. Make it varied so nobody could ever get them all however well they know you.
For the master password, print a list of things that each result in one or two characters of the password that only you can know the answer to. Example, the number of the house you grew up in; the first two letters of the first place you worked; etc. Make it varied so nobody could ever get them all however well they know you.
So, my take on all this complicated user names & passwords - might that be like putting all your passwords on a word document then saving them to a USB stick, that you carry on a string around your neck?
Or maybe tattoo that 'master password' on your foot or another place on your body so that single 'master' password would then open to all the other passwords?
.
Last edited by not2old; Mar 31st 2017 at 11:25 pm. Reason: added to the post
#12
Re: Password security
in the real world one master password embedded on your body somewhere to the one single entry linked to all the others that you can change
OK, so suggesting changing a password frequently (those that have so many) results in the same 'where is it, do I remember it, can I remember my 'secret hint' - a trauma to a knock on the head - a person can forget everything
Way way over the top for such a simple exercise
Back before IT, or anything requiring passwords - how did folks manage to exist?
Big brother is watching & we are all so trusting, just like the folks that applied for jobs at McD's whose personal information was compromised, or the recent other events Cdn Tire, Shoppers.....
Want to add, that when I was working my office supplied computer did not have a password on it - because I had nothing to hide that was personal, nor did I do anything on that computer that was personal, nor was there a lock on my office door, desk or filing cabinet
I do not have a cell phone/smart phone either - wife has a calling only cell phone with no camera or texting/data capability
I'm a dinosaur
.
OK, so suggesting changing a password frequently (those that have so many) results in the same 'where is it, do I remember it, can I remember my 'secret hint' - a trauma to a knock on the head - a person can forget everything
Way way over the top for such a simple exercise
Back before IT, or anything requiring passwords - how did folks manage to exist?
Big brother is watching & we are all so trusting, just like the folks that applied for jobs at McD's whose personal information was compromised, or the recent other events Cdn Tire, Shoppers.....
Want to add, that when I was working my office supplied computer did not have a password on it - because I had nothing to hide that was personal, nor did I do anything on that computer that was personal, nor was there a lock on my office door, desk or filing cabinet
I do not have a cell phone/smart phone either - wife has a calling only cell phone with no camera or texting/data capability
I'm a dinosaur
.
Last edited by not2old; Mar 31st 2017 at 11:41 pm.
#13
Re: Password security
I do not have a cell phone/smart phone either - wife has a calling only cell phone with no camera or texting/data capability
#14
Re: Password security
I needed a PID (personal identity device - credit card style thing with magnetic strip) and a password to access DSS/DWP computer long before I ever went on line and I was accountable (not unreasonably) given the information I was accessing and processing.
I never knew such a thing existed.
I never knew such a thing existed.
KISS principle
I trust that all the folks with their tech devices, their passwords or access to whatever it is that controls their lives are able to sleep at night as well as to make sure that they never lose their connection to reality
Sleep well knowing you are secure, that all they systems around you never go down or that you have been compromised.
#15
Re: Password security
I use this app on my phone to store all my passwords https://1password.com/features/
To open the vault I use the Apple fingerprint sensor thing, no long complicated password to get into it. Although it is written down somewhere just in case.
To open the vault I use the Apple fingerprint sensor thing, no long complicated password to get into it. Although it is written down somewhere just in case.