Well, trouble with secure passwords is they often don't have to be guessed, my email got hacked by people abusing the reset mechanisms.
Still the idea of seed plus site key is common but doesn't help a lot if they get your password them they'll see the seed.
These days long passwords written on a piece of paper works better
(\___/) (\___/) (\___/) (\___/) (\___/) (\___/) (\___/)
(='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=)
(")_(") (")_(") (")_(") (")_(") (")_(") (")_(") (")_(")
This is bunny and friends. He is fed up waiting for everyone to help him out, and decided to help himself instead!
Any programs or sites good for generating passwords? Or is that not the best thing to do...
Well most of the password vault systems do that, generating a random password and then saving it into its database... I'm not convinced by that though.
If you lose access to the password vault, then you're utterly stuffed. I reckon you're far better off coming up with your own that are fairly memorable, and also utilising a vault system if you wish to.
What annoys me most are websites that put limits on the password lengths. That xkcd comic is all well and good if it's unlimited.
One site I signed up at (which was capable of holding your currency, I should add) forced you to have an 8-character long password. Not 7, or 9, but 8. In one fell swoop they've phenomenally reduced the possible range of passwords, and then have the temerity to talk about security :/
Hmm I see, I will look in to it accordingly then. I'm in the process of tightening up all the pw's to all the usernames I've slowly been accumulating by spending more time browsing, and workign on the net.
Wanted to boot them all in to Keepass in the end, as often I'm forgetting things and having to request resets.
Originally Posted by roachcoach
This 'Keep ass' thing, do you have to be of a...ahem...certain persuasion to use it?
Speaking of lazy sites not hashing password properly etc. Why do no banks appear to get the basics of good password security.
They all seem to use some form of entering a partial password, which means it can't be stored as a hash. Co-Op use 2 digits from a 4 digit PIN plus one from about half a dozen random questions. They don't let you pick your own questions and if you answer them with genuine answers then they aren't going to be complex to guess / crack or get the answers via some form of social engineering. If you go with fake answers then you have to try and remember them all. They also get you to enter the PIN digits by choosing from combo boxes, so you can't hide what you are entering.
Nationwide give you a "customer number" as part of the "security". Don't they know that the username part of the username / password should not have to be secret?
Barclaycard make you use a number in your username! They also allow you to reset ALL the security information using only your card. So if someone gets my card, they can not only spend money from the creditcard but can pay my creditcard using MY current account.
Is it just me that thinks this is all a bit poor? Which? did a review of online banking security and praised both combobox entry and partial password entry. I did challenge them, they replied, I replied, they ignored me.
Oh, and the latest thing is Rapport. Which claims to do all sorts of clever things to prevent spyware from stealing my sign in details but isn't opensource and has no proof of how effective it is, not that I could find anyway. And of course, I don't believe I have any spyware.
Sorry, turned into a bit of a rant, but this is something that *REALLY* bugs me!
On the original subject, I have a few common passwords that I use for un-important stuff. E-mail is a decent password. Sites that I care about have a unique password generated from a seed password and something (not necessarily the name) to do with the site. I did start to use KeePass but I just found it a bit of a faff. I'd rather just type than have to go clicking around.
depends really, if it's your sorta thing.This 'Keep ass' thing, do you have to be of a...ahem...certain persuasion to use it?
Maybe on the weekends.
Yes...yes you do.This 'Keep ass' thing, do you have to be of a...ahem...certain persuasion to use it?
Okeydoke. Will use 'Preparation H' as my future assword.
Lastpass for home, keepass for work
This is one of my pet hates at the company i work for (big Defense contractor). We have 3 passwords and 2 login names to get onto our encrypted laptops. These passwords have to be reset/re created by the system every 30 days.
So what does 99% of the workforce do? We write it all down in the back/front of our log/work books which we take everywhere with said laptops for when we need to login!
How did they honestly expect it to work? Especially in an industry with an ageing workforce...
i do use password remembering features in firefox, but not for the important things - such as face book - i also use it for my forum passwords as i am a member of quite a few and even scan, ccl and ebuyer but i dont have any card details saved on there, things l;ike eaby , amazon and hotmail i dont have passwords saved - ebay and amazon ccos it has card deetails and hotmail as my friends used to get loads of spam from me which wasn't from me , even though i dont save it on hotmail it still gets hacked and spam still gets sent out
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
