Go Back   English Forum Switzerland > Help & tips > TV/internet/telephone  
Reply
 
Thread Tools Display Modes
  #21  
Old 16.08.2011, 16:17
Deep Purple's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: England
Posts: 5,264
Groaned at 15 Times in 14 Posts
Thanked 5,273 Times in 2,563 Posts
Deep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
I use a little formula for each individual site. For example:

a series of letters from the site name, mixed case + a memorable number + a standard phrase turned into Alpha-Numerics
That seems a good idea. I guess its only limitation would be the password format of some sites.
Reply With Quote
  #22  
Old 16.08.2011, 16:22
Traubert's Avatar
Forum Veteran
 
Join Date: Nov 2008
Location: Zurich
Posts: 1,125
Groaned at 11 Times in 10 Posts
Thanked 2,249 Times in 794 Posts
Traubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
That seems a good idea. I guess its only limitation would be the password format of some sites.
I have run into this limitation and it always tends to be the punctuation '!' - in which case I know to change it to a 1 or L or l.

More and more sites are making all options available. I can remember when gmail never allowed punctuation

I just love that I never have to remember any passwords or write them down anywhere.
Reply With Quote
  #23  
Old 16.08.2011, 16:33
Newbie 1st class
 
Join Date: Aug 2011
Location: Fr
Posts: 17
Groaned at 0 Times in 0 Posts
Thanked 4 Times in 3 Posts
1ondon has slipped a little
Re: Internet Password Security

Quote:
View Post
I just love that I never have to remember any passwords or write them down anywhere.

....except when Paypal etc. force you to change to a "more secure" password!
Reply With Quote
  #24  
Old 16.08.2011, 17:00
Deep Purple's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: England
Posts: 5,264
Groaned at 15 Times in 14 Posts
Thanked 5,273 Times in 2,563 Posts
Deep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
....except when Paypal etc. force you to change to a "more secure" password!
This should be a very secure format.

Paypal, and most other sites, don't force you to use a more secure password, but recommend it for your own safety.
Reply With Quote
  #25  
Old 16.08.2011, 17:03
Upthehatters2008's Avatar
Forum Legend
 
Join Date: May 2010
Location: In the kitchen at parties.
Posts: 4,540
Groaned at 204 Times in 120 Posts
Thanked 6,078 Times in 2,378 Posts
Upthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond repute
Re: Internet Password Security

A single sign on openid is the way forward, but is slow taking off...

http://openid.net/
Reply With Quote
  #26  
Old 16.08.2011, 17:23
Newbie 1st class
 
Join Date: Aug 2011
Location: Fr
Posts: 17
Groaned at 0 Times in 0 Posts
Thanked 4 Times in 3 Posts
1ondon has slipped a little
Re: Internet Password Security

Quote:
View Post
A single sign on openid is the way forward, but is slow taking off...

http://openid.net/
Hmmm, how do you know you can trust it?

This scared me:
"Other than your provider, no website ever sees your password".


Who is your provider?

As far as I'm concerned, nobody should ever see your password. Even forums owners can't see passwords these days.
Reply With Quote
  #27  
Old 16.08.2011, 17:52
Upthehatters2008's Avatar
Forum Legend
 
Join Date: May 2010
Location: In the kitchen at parties.
Posts: 4,540
Groaned at 204 Times in 120 Posts
Thanked 6,078 Times in 2,378 Posts
Upthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
Hmmm, how do you know you can trust it?

This scared me:
"Other than your provider, no website ever sees your password".


Who is your provider?

As far as I'm concerned, nobody should ever see your password. Even forums owners can't see passwords these days.
The web site you log onto...Passwords are stored encrypted on most sites, nobody actually sees them.
Reply With Quote
  #28  
Old 16.08.2011, 19:45
AbFab's Avatar
Forum Legend
 
Join Date: Sep 2006
Location: Zürich
Posts: 8,529
Groaned at 365 Times in 252 Posts
Thanked 12,760 Times in 4,351 Posts
AbFab has a reputation beyond reputeAbFab has a reputation beyond reputeAbFab has a reputation beyond reputeAbFab has a reputation beyond reputeAbFab has a reputation beyond reputeAbFab has a reputation beyond repute
Re: Internet Password Security

http://www.techsupportalert.com/cont...-passwords.htm

And test your passwords here:

http://www.howsecureismypassword.net/
Reply With Quote
  #29  
Old 16.08.2011, 20:08
poptart's Avatar
Forum Veteran
 
Join Date: May 2011
Location: Boston
Posts: 1,785
Groaned at 33 Times in 28 Posts
Thanked 3,013 Times in 1,242 Posts
poptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
My advice ? A 10 digit password using mixed case , numbers and at least one special character. Change every 6 months. You're safe.
Realistically, that's a pipe dream for 99.9% of all users envisioned by types like me who watch news about sites like, say, Gawker getting the user data including passwords stolen, which are then used to go at hundreds of other sites knowing that the vast majority of users use the same username and password combination for nearly everything and rarely change them.

For the average user, I think the article is quite usable to bring their limited knowledge about passwords into a better range.

The weakest link with passwords is the end user and will always be the end user as password maint, like encryption, takes work, vigilance and know-how to use and users, myself included, tend to be lazy even if well versed in the art of network security.

And OpenID isn't new....and it's a lot like IPv6; everyone knows about it, but nobody is really forcing the implementation and not really using it. I don't think it'll take hold. What might do the trick, though, has yet to be seen.
Reply With Quote
  #30  
Old 16.08.2011, 20:15
Upthehatters2008's Avatar
Forum Legend
 
Join Date: May 2010
Location: In the kitchen at parties.
Posts: 4,540
Groaned at 204 Times in 120 Posts
Thanked 6,078 Times in 2,378 Posts
Upthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
Realistically, that's a pipe dream for 99.9% of all users envisioned by types like me who watch news about sites like, say, Gawker getting the user data including passwords stolen, which are then used to go at hundreds of other sites knowing that the vast majority of users use the same username and password combination for nearly everything and rarely change them.

For the average user, I think the article is quite usable to bring their limited knowledge about passwords into a better range.

The weakest link with passwords is the end user and will always be the end user as password maint, like encryption, takes work, vigilance and know-how to use and users, myself included, tend to be lazy even if well versed in the art of network security.

And OpenID isn't new....and it's a lot like IPv6; everyone knows about it, but nobody is really forcing the implementation and not really using it. I don't think it'll take hold. What might do the trick, though, has yet to be seen.
The logic is sound, if you are one of those that cannot remember 10 letters or numbers then there are tools to help those users. Passwords need to be strong regardless of how literate or average the user is.

The weakest link, as proven so many times recently isn't the user, it's the big web sites that have beak security and store unencrypted passwords. No hackers go after users these days, they go after sites. As an analogy, Burglars do not steal keys, they break locks and use open windows.
Reply With Quote
  #31  
Old 16.08.2011, 20:27
Deep Purple's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: England
Posts: 5,264
Groaned at 15 Times in 14 Posts
Thanked 5,273 Times in 2,563 Posts
Deep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
Realistically, that's a pipe dream for 99.9% of all users envisioned by types like me who watch news about sites like, say, Gawker getting the user data including passwords stolen, which are then used to go at hundreds of other sites knowing that the vast majority of users use the same username and password combination for nearly everything and rarely change them.

For the average user, I think the article is quite usable to bring their limited knowledge about passwords into a better range.

The weakest link with passwords is the end user and will always be the end user as password maint, like encryption, takes work, vigilance and know-how to use and users, myself included, tend to be lazy even if well versed in the art of network security.

And OpenID isn't new....and it's a lot like IPv6; everyone knows about it, but nobody is really forcing the implementation and not really using it. I don't think it'll take hold. What might do the trick, though, has yet to be seen.
The article suggests that a password like Edina Monsoon is easily memorable and very difficult to hack whereas the usual 8 digit random numbers and letters could be quite easy
Reply With Quote
  #32  
Old 16.08.2011, 20:32
poptart's Avatar
Forum Veteran
 
Join Date: May 2011
Location: Boston
Posts: 1,785
Groaned at 33 Times in 28 Posts
Thanked 3,013 Times in 1,242 Posts
poptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
The logic is sound, if you are one of those that cannot remember 10 letters or numbers then there are tools to help those users. Passwords need to be strong regardless of how literate or average the user is.
Sure, but many of them complicate the process and are less likely to be used by the very people who should. This has always been an area begging for improvement, much like PGP which should have been adopted fully by now, but just hasn't due to it being too difficult for the end user and issues of trust. It took more than a decade for ssh to really overtake telnet and that was a no-brainer...save maybe for the corporate types who raked me over the coals for installing it on corp systems in '99 as it wasn't part of the IT 'standard' tools. These were the same guys who had a root password that was the name of the OS the systems were running.

Lofty goals. Grim reality.

Quote:
The weakest link, as proven so many times recently isn't the user, it's the big web sites that have beak security and store unencrypted passwords. No hackers go after users these days, they go after sites. As an analogy, Burglars do not steal keys, they break locks and use open windows.
Yes, but the information from those sites would be useless if users didn't use the same username and password for multiple sites...which is why it'a a valuable form of attack. I make no apologies for poorly run sites, but users bear most of the burden for not assuming that most sites have little security and that they need to do better on their end if they don't want their accounts being intruded upon. That being said, few are dedicated enough to have different passwords for every site they use.
Reply With Quote
  #33  
Old 16.08.2011, 20:42
poptart's Avatar
Forum Veteran
 
Join Date: May 2011
Location: Boston
Posts: 1,785
Groaned at 33 Times in 28 Posts
Thanked 3,013 Times in 1,242 Posts
poptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond reputepoptart has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
The article suggests that a password like Edina Monsoon is easily memorable and very difficult to hack whereas the usual 8 digit random numbers and letters could be quite easy
No, he doesn't say it would be quite easy (in fact it says the opposite), but from a realistic POV, a password that you can memorize is even more secure because you aren't writing it down ( I once sent email to a corp IT director from his own PC and internal email and encrypted it just to yank his chain because ALL of his passwords were written on a post-it attached to his monitor. It disappeared the next day...)

Now, I don't know just how he arrived at his statistics, but he's taking the usability approach, not the 'assume every hacker has the use of the NSA to brute-force your password' approach. Most sites aren't worth the random password at NSA-strength.

It's realistic. It encourages users to use something less obvious but not force them into the draconian 8-random-letter/number/symbol routine.
Reply With Quote
  #34  
Old 16.08.2011, 20:49
Guest
 
Posts: n/a
Re: Internet Password Security

I write passwords on post-it notes and have never had a problem yet.

The fact that I don't write them using the Roman alphabet might help, though...
Reply With Quote
  #35  
Old 16.08.2011, 20:57
Phil_MCR's Avatar
Forum Legend
 
Join Date: Oct 2009
Location: Basel
Posts: 14,774
Groaned at 284 Times in 189 Posts
Thanked 18,661 Times in 7,841 Posts
Phil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
I use a little formula for each individual site. For example:

a series of letters from the site name, mixed case + a memorable number + a standard phrase turned into Alpha-Numerics

Example:

Englishforum, always use the first and last letters, 1st upper, last lower case: Em
+
The year they went to the moon: 1969
+
My name changed into letters and numbers with punctuation: j35u5chr!5t

final result: Em1969j35u5chr!5t

So it's an algorithm I never have to remember, I can work it out from the site name.
i do something similar. my formula is:

first 10 characters of: md5sum(md5sum(sitename)+md5sum(password)+password increment number)

with a bit of practice you get quite good at doing MD5sums in your head.
Reply With Quote
  #36  
Old 16.08.2011, 21:01
Phil_MCR's Avatar
Forum Legend
 
Join Date: Oct 2009
Location: Basel
Posts: 14,774
Groaned at 284 Times in 189 Posts
Thanked 18,661 Times in 7,841 Posts
Phil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
The web site you log onto...Passwords are stored encrypted on most sites, nobody actually sees them.
except for anyone who has control of the website, or any one how has hacked it, or....
Reply With Quote
  #37  
Old 16.08.2011, 21:37
Upthehatters2008's Avatar
Forum Legend
 
Join Date: May 2010
Location: In the kitchen at parties.
Posts: 4,540
Groaned at 204 Times in 120 Posts
Thanked 6,078 Times in 2,378 Posts
Upthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
except for anyone who has control of the website, or any one how has hacked it, or....
They can see the encrypted/hash value, they can't see the password, unless they store plain text passwords. Hard to determine if a site is.
Reply With Quote
  #38  
Old 16.08.2011, 21:50
Phil_MCR's Avatar
Forum Legend
 
Join Date: Oct 2009
Location: Basel
Posts: 14,774
Groaned at 284 Times in 189 Posts
Thanked 18,661 Times in 7,841 Posts
Phil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
They can see the encrypted/hash value, they can't see the password, unless they store plain text passwords. Hard to determine if a site is.
you type your password in plain text into the website.
Reply With Quote
  #39  
Old 16.08.2011, 21:56
Upthehatters2008's Avatar
Forum Legend
 
Join Date: May 2010
Location: In the kitchen at parties.
Posts: 4,540
Groaned at 204 Times in 120 Posts
Thanked 6,078 Times in 2,378 Posts
Upthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
you type your password in plain text into the website.
No, you type in plain text into your browser, which should send over an encrypted link, or there is client side code that encrypts the password before transmission and the encrypted values are tested for a match by the site...
Reply With Quote
  #40  
Old 16.08.2011, 23:03
Phil_MCR's Avatar
Forum Legend
 
Join Date: Oct 2009
Location: Basel
Posts: 14,774
Groaned at 284 Times in 189 Posts
Thanked 18,661 Times in 7,841 Posts
Phil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond reputePhil_MCR has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
No, you type in plain text into your browser, which should send over an encrypted link, or there is client side code that encrypts the password before transmission and the encrypted values are tested for a match by the site...
spot the non-security guy

stuff sent through the encrypted link is still received by the website in unencrypted form.

client side code: a bit better, but guess where the client side code is sent from?
Reply With Quote
Reply




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Privacy, Security on Internet MrVertigo International affairs/politics 21 22.06.2011 14:44
Kaspersky Internet Security 2011 blocks EF Upthehatters2008 Forum support 24 03.06.2011 00:16
UBS Internet Banking Calculator Password Thing Country_Mouse Finance/banking/taxation 5 05.11.2010 18:07
[Internet Security] Phishing test Lob General off-topic 17 27.07.2007 16:58


All times are GMT +2. The time now is 16:06.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0