Go Back   English Forum Switzerland > Help & tips > TV/internet/telephone  
Reply
 
Thread Tools Display Modes
  #1  
Old 14.08.2011, 14:16
Deep Purple's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: England
Posts: 5,273
Groaned at 15 Times in 14 Posts
Thanked 5,284 Times in 2,568 Posts
Deep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond repute
Internet Password Security

Like many people, I use the internet for a range of things from banking to Facebook & EF. At the last count I use around 70 sites that require password access. Many of them would not be of much interest to anyone to hack into e.g. travel sites. I wonder why some of these have protected access. The various financial sites suck as banks, eBay and PayPal are more important to protect from hacking into.

What is the best way to remember all of the passwords? Use a common password for as many as possible; use easily memorable words; write them all down; password reminder software etc.

I saw an interesting article that suggests that the usual 'strong' passwords comprising letters, numbers and symbols can be more easily hacked than some more easily memorable combinations.

The Usability of Passwords

It makes interesting reading. I will be changing some of my passwords.
__________________
"I'll say I can't tell you when, But if my spirit is strong, I know it can't be long, No questions I'm not alone, Somehow I'll find my way home" Rod
Reply With Quote
This user would like to thank Deep Purple for this useful post:
  #2  
Old 14.08.2011, 15:09
vwild1
 
Posts: n/a
Re: Internet Password Security

Quote:
View Post
What is the best way to remember all of the passwords? Use a common password for as many as possible
Which is fine until the company you work for now thinks you need to change the password every 6 months to boost security..!!

I've got about a half dozen passwords that I regularly work with but now at work we're forced (at log in) to create a new password every 6 months. Thought I'd outsmart the login and go back to my original password, it was rejected..! How is someone suppose to remember the new password after the old one has been burned into your memory for the last 6 months!?

I find this the stupidest attempt at bolstering security on our network because now everyone is writing down their latest password and taping it to the underside of their keyboards in case they forget the new one. 3 false attempts at log in and you're locked out of your workstation requiring an embarrassing call to the IT department to unlock it..! To make things a tad easier to remember I've come up with the idea to continue to use our original passwords now except we just added a 01 to it. 6 months later, 02, then 03.. etc. etc. etc. At least now when I sit down in front of my workstation with a blank stare I can at least ask a co-worker nearby which series of password we are now on (01, 02, 03..).
Reply With Quote
  #3  
Old 14.08.2011, 15:14
Upthehatters2008's Avatar
Forum Legend
 
Join Date: May 2010
Location: In the kitchen at parties.
Posts: 4,540
Groaned at 204 Times in 120 Posts
Thanked 6,078 Times in 2,378 Posts
Upthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond reputeUpthehatters2008 has a reputation beyond repute
Re: Internet Password Security

It's a lame article.

It does not factor in account lockout or alarm triggering when a wrong password is entered say 10 times. Most middle tier web apps will block the I.P. after say 10 or more attempts, and a firewall will block the port if a brute force flood is detected.

Also, he quotes

"Note: "sun" has 17,576 possible character combinations. 3 letters using the lowercase alphabet = 263"

"sun" does not have that many combinations.

SUN
SUn
sUN
sUn
SuN
Sun
suN
sun

What he should have said is a 3 letter password has 26^3 (-1) combinations.
If you include uppercase and lowercase , plus numbers and then special characaters such as "_" or "@" etc , then this number becomes much much greater - around 89^3, depending on your character set / keyboard settings.

It is far easier to obtain passwords using sniffers , keyloggers and other trojans. Brute force just isn't used on the web any more. It triggers too many alarms at the hardware and software level.

With the Oracle database (10G and below), I wrote a program to create a dictionary of every possible password and it's hashed value. This means that users who can see the system password table and get the hashed value can reverse lookup the hash value to obtain the real password. I could generate 40K hash values per second, it would take years to run even on a SMP box, but storing them , for passwords less than 10 characters would take up billions of terrabtyes...

My advice ? A 10 digit password using mixed case , numbers and at least one special character. Change every 6 months. You're safe.





http://keepass.info/ has a great utility, you can store long passwords with mixed case, numbers and special characters. Passwords longer than 8 characters will take a longtime to crack unless supercomputing is used. passwords with a length greater than 16 using mixed characters and changed reguarly will never realistically be cracked.

Last edited by Upthehatters2008; 14.08.2011 at 15:25.
Reply With Quote
The following 4 users would like to thank Upthehatters2008 for this useful post:
  #4  
Old 14.08.2011, 15:17
Deep Purple's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: England
Posts: 5,273
Groaned at 15 Times in 14 Posts
Thanked 5,284 Times in 2,568 Posts
Deep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
Which is fine until the company you work for now thinks you need to change the password every 6 months to boost security..!!

I've got about a half dozen passwords that I regularly work with but now at work we're forced (at log in) to create a new password every 6 months. Thought I'd outsmart the login and go back to my original password, it was rejected..! How is someone suppose to remember the new password after the old one has been burned into your memory for the last 6 months!?

I find this the stupidest attempt at bolstering security on our network because now everyone is writing down their latest password and taping it to the underside of their keyboards in case they forget the new password. 3 false attempts at log in and you're locked out of your workstation requiring an embarrassing call to the IT department to unlock it..! To make things a tad easier to remember I've come up with the idea to continue to use our original passwords now except we just added a 01 to it. 6 months later, 02, then 03.. etc. etc. etc. At least now when I sit down in front of my workstation with a blank stare I can at least ask a co-worker nearby which series of password we are now on (01, 02, 03..).
I did a similar thing at work as our passwords were changed every three months. I realised that it would not accept any of the last six passwords so I had a list that I would work through and then repeat.
Reply With Quote
  #5  
Old 14.08.2011, 15:17
Blonaybear's Avatar
Forum Veteran
 
Join Date: May 2007
Location: Blonay
Posts: 1,593
Groaned at 4 Times in 4 Posts
Thanked 836 Times in 432 Posts
Blonaybear has a reputation beyond reputeBlonaybear has a reputation beyond reputeBlonaybear has a reputation beyond reputeBlonaybear has a reputation beyond repute
Re: Internet Password Security

I use the free version of this. You can just use the portable version on a memory stick and keep it away from your computer when not in use.
Reply With Quote
  #6  
Old 14.08.2011, 18:07
Pashosh's Avatar
Senior Member
 
Join Date: Jun 2006
Location: Baden
Posts: 449
Groaned at 222 Times in 158 Posts
Thanked 1,823 Times in 1,002 Posts
Pashosh is considered a nuisancePashosh is considered a nuisancePashosh is considered a nuisance
Re: Internet Password Security

Reply With Quote
The following 13 users would like to thank Pashosh for this useful post:
  #7  
Old 14.08.2011, 18:23
Guest
 
Posts: n/a
Re: Internet Password Security

If you want to get an idea of how long it would take to crack your password you can use GRC's Password Haystack

Note: It is usually a bad idea to type your password in any kind of checker as it could be used to capture it. This one performs its calculations in your browser and does not send anything back to GRC's servers, however it is best to use a *similar* password rather than your actual one
Reply With Quote
The following 3 users would like to thank for this useful post:
  #8  
Old 14.08.2011, 19:04
Verbier's Avatar
Forum Legend
 
Join Date: Jul 2008
Location: Lully VD
Posts: 4,402
Groaned at 17 Times in 17 Posts
Thanked 4,673 Times in 2,362 Posts
Verbier has a reputation beyond reputeVerbier has a reputation beyond reputeVerbier has a reputation beyond reputeVerbier has a reputation beyond reputeVerbier has a reputation beyond reputeVerbier has a reputation beyond repute
Re: Internet Password Security

Longest Password
During a recent password audit by Microsoft & Google,
it was found that
a blonde was using the following password:

"MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacrame nto"

When asked why she had such a long password,

she said she was told that it had to be at least 8 characters long
and include at least one capital.
Reply With Quote
The following 6 users would like to thank Verbier for this useful post:
  #9  
Old 14.08.2011, 19:09
Mud's Avatar
Mud Mud is offline
Forum Legend
 
Join Date: Jan 2009
Location: Romandie
Posts: 2,551
Groaned at 26 Times in 23 Posts
Thanked 5,004 Times in 1,827 Posts
Mud has a reputation beyond reputeMud has a reputation beyond reputeMud has a reputation beyond reputeMud has a reputation beyond reputeMud has a reputation beyond reputeMud has a reputation beyond repute
Re: Internet Password Security

I'll bet there are people with correcthorsebatterystaple as a password now .
Reply With Quote
The following 3 users would like to thank Mud for this useful post:
  #10  
Old 14.08.2011, 19:18
Assassin's Avatar
Forum Legend
 
Join Date: Mar 2010
Location: Chasing clouds
Posts: 4,023
Groaned at 180 Times in 123 Posts
Thanked 11,558 Times in 3,148 Posts
Assassin has a reputation beyond reputeAssassin has a reputation beyond reputeAssassin has a reputation beyond reputeAssassin has a reputation beyond reputeAssassin has a reputation beyond reputeAssassin has a reputation beyond repute
Re: Internet Password Security

I think I've dated that blonde in Verbier's post. Trying to find the "Windows" button on a Mac keyboard was priceless.
Reply With Quote
The following 2 users would like to thank Assassin for this useful post:
  #11  
Old 16.08.2011, 13:24
Newbie 1st class
 
Join Date: Aug 2011
Location: Fr
Posts: 17
Groaned at 0 Times in 0 Posts
Thanked 4 Times in 3 Posts
1ondon has slipped a little
Re: Internet Password Security

Quote:
View Post
Which is fine until the company you work for now thinks you need to change the password every 6 months to boost security..!!

I've got about a half dozen passwords that I regularly work with but now at work we're forced (at log in) to create a new password every 6 months. Thought I'd outsmart the login and go back to my original password, it was rejected..! How is someone suppose to remember the new password after the old one has been burned into your memory for the last 6 months!?

I find this the stupidest attempt at bolstering security on our network because now everyone is writing down their latest password and taping it to the underside of their keyboards in case they forget the new one. 3 false attempts at log in and you're locked out of your workstation requiring an embarrassing call to the IT department to unlock it..! To make things a tad easier to remember I've come up with the idea to continue to use our original passwords now except we just added a 01 to it. 6 months later, 02, then 03.. etc. etc. etc. At least now when I sit down in front of my workstation with a blank stare I can at least ask a co-worker nearby which series of password we are now on (01, 02, 03..).
Can't agree more about the idiocy of being told to change your password every couple of months. I had a great password on Paypal, now I have a weaker one that I had to write down to remember!
Reply With Quote
  #12  
Old 16.08.2011, 13:37
marton's Avatar
Forum Legend
 
Join Date: May 2008
Location: Kt. Zürich
Posts: 11,810
Groaned at 611 Times in 517 Posts
Thanked 21,740 Times in 11,420 Posts
marton has a reputation beyond reputemarton has a reputation beyond reputemarton has a reputation beyond reputemarton has a reputation beyond reputemarton has a reputation beyond reputemarton has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
Can't agree more about the idiocy of being told to change your password every couple of months. I had a great password on Paypal, now I have a weaker one that I had to write down to remember!
You only have to change one character!
I have a number in each of my passwords & just update it by 1 when change time comes. Usually when I get to 9 & have to go back to 1 the systems accept it; I think they only keep a few old password versions to check the new one is really new?

I see somebody already posted this idea - Ahem - Back to my corner
Reply With Quote
  #13  
Old 16.08.2011, 13:54
Deep Purple's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: England
Posts: 5,273
Groaned at 15 Times in 14 Posts
Thanked 5,284 Times in 2,568 Posts
Deep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
Can't agree more about the idiocy of being told to change your password every couple of months. I had a great password on Paypal, now I have a weaker one that I had to write down to remember!
Paypal hasn't requested that I change my password at all. You can use any password that you want, as long as it has at least 8 characters and doesn't have spaces. It should be easy to come up with something memorable.
Reply With Quote
  #14  
Old 16.08.2011, 14:03
Ittigen
 
Posts: n/a
Re: Internet Password Security

I find it easiest to remember towns with postcodes or street addresses where I have lived, 1001Geneva or 4HighStreet and sometimes I use 4?HighStreet

I also did the +1 trick when I was working.

I suppose travel sites insist on usernames and passwords to keep out anonymous meddlers.
Reply With Quote
  #15  
Old 16.08.2011, 14:06
marton's Avatar
Forum Legend
 
Join Date: May 2008
Location: Kt. Zürich
Posts: 11,810
Groaned at 611 Times in 517 Posts
Thanked 21,740 Times in 11,420 Posts
marton has a reputation beyond reputemarton has a reputation beyond reputemarton has a reputation beyond reputemarton has a reputation beyond reputemarton has a reputation beyond reputemarton has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
Paypal hasn't requested that I change my password at all. You can use any password that you want, as long as it has at least 8 characters and doesn't have spaces. It should be easy to come up with something memorable.
Paypal has also not requested I change my password - have you (1ondon) been phished??
Reply With Quote
  #16  
Old 16.08.2011, 14:07
Newbie 1st class
 
Join Date: Aug 2011
Location: Fr
Posts: 17
Groaned at 0 Times in 0 Posts
Thanked 4 Times in 3 Posts
1ondon has slipped a little
Re: Internet Password Security

Quote:
View Post
Paypal hasn't requested that I change my password at all. You can use any password that you want, as long as it has at least 8 characters and doesn't have spaces. It should be easy to come up with something memorable.
Yes, it should be easy BUT when you have Ebay, banks, emails, forums..... the number of passwords soon add up.
I prefer a different password for every site, hence the problem.

I used a different number on Paypal (ie. password1) but even using this method I couldn't remember which number I was on (as being forced to change other passwords elsewhere meant I had different numbers on different sites!).
I think Paypal have finally reaslised the stupidity of forced password change, as I haven't had to change mine for a year or so now.
Reply With Quote
  #17  
Old 16.08.2011, 14:41
Deep Purple's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: England
Posts: 5,273
Groaned at 15 Times in 14 Posts
Thanked 5,284 Times in 2,568 Posts
Deep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond reputeDeep Purple has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
Yes, it should be easy BUT when you have Ebay, banks, emails, forums..... the number of passwords soon add up.
I prefer a different password for every site, hence the problem.

I used a different number on Paypal (ie. password1) but even using this method I couldn't remember which number I was on (as being forced to change other passwords elsewhere meant I had different numbers on different sites!).
I think Paypal have finally reaslised the stupidity of forced password change, as I haven't had to change mine for a year or so now.
Certainly, separate passwords for key sites are important: Bank, Paypal, EBay etc.

For less important sites: social networking, photo sharing, general membership sites, a common password may be acceptable.

I am thinking about one of the password memory software options. I worry about the dangers of losing all passwords in one go with something like this.
Reply With Quote
  #18  
Old 16.08.2011, 14:55
Traubert's Avatar
Forum Veteran
 
Join Date: Nov 2008
Location: Zurich
Posts: 1,137
Groaned at 11 Times in 10 Posts
Thanked 2,272 Times in 802 Posts
Traubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond repute
Re: Internet Password Security

I use a little formula for each individual site. For example:

a series of letters from the site name, mixed case + a memorable number + a standard phrase turned into Alpha-Numerics

Example:

Englishforum, always use the first and last letters, 1st upper, last lower case: Em
+
The year they went to the moon: 1969
+
My name changed into letters and numbers with punctuation: j35u5chr!5t

final result: Em1969j35u5chr!5t

So it's an algorithm I never have to remember, I can work it out from the site name.
Reply With Quote
This user would like to thank Traubert for this useful post:
  #19  
Old 16.08.2011, 15:06
Newbie 1st class
 
Join Date: Aug 2011
Location: Fr
Posts: 17
Groaned at 0 Times in 0 Posts
Thanked 4 Times in 3 Posts
1ondon has slipped a little
Re: Internet Password Security

Quote:
View Post
I use a little formula for each individual site. For example:

a series of letters from the site name, mixed case + a memorable number + a standard phrase turned into Alpha-Numerics

Example:

Englishforum, always use the first and last letters, 1st upper, last lower case: Em
+
The year they went to the moon: 1969
+
My name changed into letters and numbers with punctuation: j35u5chr!5t

final result: Em1969j35u5chr!5t

So it's an algorithm I never have to remember, I can work it out from the site name.
Very good tips - I actually use a very similar system - but it still means you can forget which number you've added when forced to change a password!

PS. Is your name really Jesus Christ? Wasn't there a fella some years back with a similar name?
Reply With Quote
  #20  
Old 16.08.2011, 15:10
Traubert's Avatar
Forum Veteran
 
Join Date: Nov 2008
Location: Zurich
Posts: 1,137
Groaned at 11 Times in 10 Posts
Thanked 2,272 Times in 802 Posts
Traubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond reputeTraubert has a reputation beyond repute
Re: Internet Password Security

Quote:
View Post
Very good tips - I actually use a very similar system - but it still means you can forget which number you've added when forced to change a password!

PS. Is your name really Jesus Christ? Wasn't there a fella some years back with a similar name?
I don't have any online logins that require me to change passwords. Some sites don't accept punctuation, strangely enough, so I also have another version of my phrase or name in case.

There was a fella called Jesus, but he lives in California and likes to Bowl. Nobody f**ks with him.
Reply With Quote
Reply




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Privacy, Security on Internet MrVertigo International affairs/politics 21 22.06.2011 13:44
Kaspersky Internet Security 2011 blocks EF Upthehatters2008 Forum support 24 02.06.2011 23:16
UBS Internet Banking Calculator Password Thing Country_Mouse Finance/banking/taxation 5 05.11.2010 17:07
[Internet Security] Phishing test Lob General off-topic 17 27.07.2007 15:58


All times are GMT +2. The time now is 14:16.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0