|
Must Discuss the Kitties' Welfair
On Jun 19, 12:55*pm, "CatNipped" wrote:
I hate, hate HATE those companies that not only require a certain number of characters, but refuse passwords that are recent repeats of past passwords (like 20 passwords back, or won't allow consesequitive letters, or common words, or anything at ALL easily memorable - no wonder I can't ever get into the same place twice. *What the heck do they care if I get "hacked", that's *NY* problem, and besides, the passwords I use and remember couldn't possibly be figured out by anyone but me and *maybe* Ben. *Who the hell are they to tell me what's a proper password for me??!! /password rant I come up with passwords that mean something to me, but are not normal names by themselves. And then I send myself an email with my username and password hint. The hint makes perfect sense to me, so I don't have to include the actual password. It could be a letter and the # sign, and I know what name and number that is. It could be old goal or new goal, and I know what that means. At work, I keep it very simple as 3 of use the same account, and I really doubt somebody wants to hack into the deli department account. So I have an easy word, punctuation, and a number, and the number goes up by a specific number every time it requires a password change. That way, the other clerks can easily guess the new password if they find it has changed. I also like to answer security questions wrong, so that I know the correct answer, but it isn't easily obvious. For example, I don't use my sister's middle name for that question. I use somebody else;s middle name. I don't use my first pet, etc. |
Must Discuss the Kitties' Welfair
|
Must Discuss the Kitties' Welfair
On Jun 24, 6:39*pm, "Bill Graham" wrote:
wrote: On Jun 19, 12:55 pm, "CatNipped" wrote: I hate, hate HATE those companies that not only require a certain number of characters, but refuse passwords that are recent repeats of past passwords (like 20 passwords back, or won't allow consesequitive letters, or common words, or anything at ALL easily memorable - no wonder I can't ever get into the same place twice. What the heck do they care if I get "hacked", that's *NY* problem, and besides, the passwords I use and remember couldn't possibly be figured out by anyone but me and *maybe* Ben. Who the hell are they to tell me what's a proper password for me??!! /password rant I come up with passwords that mean something to me, but are not normal names by themselves. And then I send myself an email with my username and password hint. The hint makes perfect sense to me, so I don't have to include the actual password. It could be a letter and the # sign, and I know what name and number that is. It could be old goal or new goal, and I know what that means. At work, I keep it very simple as 3 of use the same account, and I really doubt somebody wants to hack into the deli department account. So I have an easy word, punctuation, * and a number, and the number goes up by a specific number every time it requires a password change. That way, the other clerks can easily guess the new password if they find it has changed. I also like to answer security questions wrong, so that I know the correct answer, but it isn't easily obvious. For example, I don't use my sister's middle name for that question. I use somebody else;s middle name. I don't use my first pet, etc. Yes. Well, passwords vary in their importance. You can use simple ones for unimportant things, but for the important stuff, it's good to have a password that's difficult to figure out. and, it these important ones that I would like to encode so that I can figure them out on the spot based on the information I have rather than sheer memory, but nobody else could. - It would be completely raqndom to anyone who doesn't know my "system", and that way, I wouldn't have to write anything down. My problem with writing stuff down is twqfold, I would misplace the book and not be able to enter my own accounts, and/or someone else would break into my house when I am gone asnd get all my passwords out of the book. In either case, I don't like the idea of writing therm down in a book. This is why I send myself an email and save it in a special location. And the email contains the username and a hint. No actual password. And I know what the hint means. I have made up numbers that go with certain things, so I know what the combination is, how many digits as they vary, and what order and what punctuation. I never write down my passwords, but I do know where to find my hints as I have various passwords at a ton of websites. I would never be able to remember which password goes with which website without my set of hints. I can't even remember my usernames sometimes, and I only use a few of those. I was just at my employer's website to review a paycheck stub. It took me 15 minutes to remember that my username for that account is my checker number, not a word. |
Must Discuss the Kitties' Welfair
There's a dangerous assumption here, i.e. that choosing a relatively simple password that is highly personal to you, is safe because nobody would guess it unless they knew you and your personal information. Folks, that's not how hackers break passwords, they don't go your login and try to guess your password. They hack the website completely (a-la Sony) grab the master password file & username list, and feed that data to one or more computers to simply brute force decrypt the password file, they don't need to know anything about you at all. I've decided to use Lastpass and different long completely random passwords for each website that I couldn't begin to remember. The only password I have to remember is my Lastpass password, they handle the rest. Granted, this relies on two things: 1. Nobody can guess my Lastpass password 2. Lastpass's security and encryption is good enough to prevent the master password data falling into the wrong hands and being decrytped in a useful amount of time. So far it's working, but if you bank online or use credit cards online, the watchword is vigilance ;-) BTW, are you wondering if one of the recent hacks (Sony, Citicard, etc) has compromised your password or email address? If not, you probably should be, so check out this tool: https://shouldichangemypassword.com/ It's legit and simply searches the data that has been leaked from sites like Sony to see if your email address is in leaked data. -- Nik Simpson |
Must Discuss the Kitties' Welfair
nik Simpson wrote:
There's a dangerous assumption here, i.e. that choosing a relatively simple password that is highly personal to you, is safe because nobody would guess it unless they knew you and your personal information. Folks, that's not how hackers break passwords, they don't go your login and try to guess your password. They hack the website completely (a-la Sony) grab the master password file & username list, and feed that data to one or more computers to simply brute force decrypt the password file, they don't need to know anything about you at all. I've decided to use Lastpass and different long completely random passwords for each website that I couldn't begin to remember. The only password I have to remember is my Lastpass password, they handle the rest. Granted, this relies on two things: 1. Nobody can guess my Lastpass password 2. Lastpass's security and encryption is good enough to prevent the master password data falling into the wrong hands and being decrytped in a useful amount of time. So far it's working, but if you bank online or use credit cards online, the watchword is vigilance ;-) BTW, are you wondering if one of the recent hacks (Sony, Citicard, etc) has compromised your password or email address? If not, you probably should be, so check out this tool: https://shouldichangemypassword.com/ It's legit and simply searches the data that has been leaked from sites like Sony to see if your email address is in leaked data. But how can you be sure some Lastpass employee doesn't sell a bunch of passwords to someone else for progit? In the same way, I won't know if some crooked store employee or waiter doesn't swell my credit card information to someone else. In a word, its impossible to completely protect yourself from criminals. |
Must Discuss the Kitties' Welfair
|
Must Discuss the Kitties' Welfair
|
Must Discuss the Kitties' Welfair
On Jun 25, 11:45*pm, wrote:
wrote: * This is why I send myself an email and save it in a special location.. * And the email contains the username and a hint. No actual password. * And I know what the hint means. I have made up numbers that go with * certain things, so I know what the combination is, how many digits as * they vary, and what order and what punctuation. * I never write down my passwords, but I do know where to find my hints * as I have various passwords at a ton of websites. I would never be * able to remember which password goes with which website without my set * of hints. I can't even remember my usernames sometimes, and I only use * a few of those. I was just at my employer's website to review a * paycheck stub. It took me 15 minutes to remember that my username for * that account is my checker number, not a word. Do you keep all the hints + websites (or other places where you use passwords) in one file? And then if you have to log on to a site, you look in that file to see the hint for that site? It sounds like a good idea. Yes, I send myself an email for each hint, so I can go back and look for the email for amazon.com or my isp provider, etc. Then open it and see my username and hint. I have a separate folder for these emails, so I know where they all are. And if somebody found it, they would have my usernames, but they wouldn't know what the hints mean. How would they know what "old goal" means? Not even my family has a clue what my goal was or what number I associate with it. I also have a new goal hint, and a variety of others. |
Must Discuss the Kitties' Welfair
|
All times are GMT +1. The time now is 03:39 AM. |
|
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
CatBanter.com