 sj |
||
|
||
BS: Those Problematic Passwords
|
|
|
Subject: BS: Those Problematic Passwords From: CupOfTea Date: 15 Apr 16 - 12:00 PM I just spent the last hour trying to establish, or possibly re-establish, membership on another forum and encountered roadblocks with retrieving a forgotten password for a name I'm not sure I was using. With each forum, bank account, credit card, utility payment, tax account, webpages, emails, wifi, etc,etc, and on and on, you may have a different name and password. One work account expects me to change a complex one about every 3 weeks! How on earth do folks keep track of all of these? I'm starting to have them listed as I create them now, but where to keep it safe, yet easily accessible? Do you have a system to organize and record them? Have name and passwords in different places? I would dearly know how folks manage it without going bonkers. I also realize that since anonymous posts are no longer possible in the BS section, people might not want to get REAL specific in their replies, but I don't think I can be the only one wrassling with password frustration. Joanne in Cleveland (whose Mudcat password is the one leftover from the days before you had to change it all the time) |
|
Subject: RE: BS: Those Problematic Passwords From: Nick Date: 15 Apr 16 - 12:32 PM We use this at work KeePass You need to be comfortable that it is safe for you. It works well though and I have had no problems or concerns |
|
Subject: RE: BS: Those Problematic Passwords From: Steve Shaw Date: 15 Apr 16 - 01:12 PM I have an app on my iPhone/iPad called OneSafe into which you can put all your passwords and which you access by means of just one strong password of your choosing. I haven't got round to putting in my passwords yet, as I can't remember a lot of 'em.... |
|
Subject: RE: BS: Those Problematic Passwords From: Ebbie Date: 15 Apr 16 - 01:14 PM I don't like writing by hand so my method is to type the site and its password in a list on the computer, print it off, and then close it without saving it. I make changes by hand on the existing list by date until it gets unwieldy whereupon I repeat the process. The list is kept in my desk drawer where I can refer to it as needed. This seems to me to be about the best method. All of this is at home, not at the office. |
|
Subject: RE: BS: Those Problematic Passwords From: Will Fly Date: 15 Apr 16 - 01:28 PM You could try this: Create a simple text file of all your passwords and the files or folders or things they open. Download this software: Meo Encrypt the password file with Meo - using just one password to encrypt and decrypt the passsword file. Destroy the text file. When you need a password, decrypt the meo file, use the relevant password, and then destroy the decrypted text file again. I've just tested it - it works. |
|
Subject: RE: BS: Those Problematic Passwords From: Bainbo Date: 15 Apr 16 - 04:09 PM I choose phrases based on "text speak" and initials of songs or phrases that I can remember, using upper case, lower case, and numerals. For instance, if I was a Johnny Cash fan, I might use the opening line of San Quentin, San Quentin I hate every inch of you, and render it as "SQi8eiou", producing a seemingly random stream of characters as my password. On my list of passwords, I could then write it as Mudcat – Cash to remind me what I'd used for this site, without writing the actual password. |
|
Subject: RE: BS: Those Problematic Passwords From: Rapparee Date: 15 Apr 16 - 09:19 PM Good job, Bainbo! As a former system administrator I applaud you! The only change you might make is using a "special character" (if the site accepts them, and most do) or using "LEET" character transforms. Your password "SQi8eiou" could become "5Q!8e1Ou" (that a capital "O", not a zero. Just be sure to be consistent in your usage. LEET (from Elite): 4 or @=A, 8 or 6=B, 3=E, 5 or $=S, 7=T, 1 or !=I, 9-G, \/=V, |<=K, and you can think of others. Of course, the numbers also stand for lower case and some, like 6=B, are based on a fanciful resemblance of the lower case letter to the number (b=6). I know some folks who put their password in Roman numerals: 1776 becomes MDCCLXXVI, in upper or lower case or both. Just be consistent. This way you CAN reuse passwords for different sites and still remember them AND they will be reasonably secure. |
|
Subject: RE: BS: Those Problematic Passwords From: Sandra in Sydney Date: 15 Apr 16 - 10:22 PM Like BinboI have a written list with cryptic notes trouble is, one was so cryptic I wasn't sure what it referred to, but after a fair bit of head-scratching my guess was right when I entered it! sandra (breathing again) |
|
Subject: RE: BS: Those Problematic Passwords From: Sandra in Sydney Date: 15 Apr 16 - 10:23 PM oops, I didn't preview Like Bainbo I have a written list with cryptic notes sandra (with apologies to Bainbo) |
|
Subject: RE: BS: Those Problematic Passwords From: DaveRo Date: 16 Apr 16 - 03:18 AM Will Fly wrote: Create a simple text file of all your passwords and the files or folders or things ...I do something similar - put I use pgp-based programs rather that Meo. I would be wary of using a proprietary program like Meo. Before selecting that I would want to be sure that I could recover my file if my computer blew up and that company had disappeared. For example I might keep a copy of the Meo installer on CD and periodically test whether I could install Meo and decrypt the backup on a friend's machine. |
|
Subject: RE: BS: Those Problematic Passwords From: BobL Date: 16 Apr 16 - 03:42 AM My technique at work, where we had to change passwords every couple of months, was to keep the same keyboard fingering patterns - one each for RH and LH - and just change the starting points which got written in my logbook. For example QP = qwepoi, ZL = zxclkj, A0 = asd098. |
|
Subject: RE: BS: Those Problematic Passwords From: Stilly River Sage Date: 16 Apr 16 - 09:39 AM Pass phrases are considered a good option now, whether or not they are distilled down into the compact form Rap mentioned. With special characters like he describes. |
|
Subject: RE: BS: Those Problematic Passwords From: Sandra in Sydney Date: 16 Apr 16 - 10:33 AM some systems demand non-letters, so substituting 1 for i or 5 for s works sandra |
|
Subject: RE: BS: Those Problematic Passwords From: DMcG Date: 16 Apr 16 - 10:39 AM I've used acronyms from songs about.ovwr the years and have found them very reliable Unlike some of "password reminder" questions. Recently my wife was asked a question where she had supplied thw answer about four years ago: where was the first place you flew to? Sort of easy enough.but was it Washington or Washington DC or Washington, DC? Or even America? |
|
Subject: RE: BS: Those Problematic Passwords From: Black belt caterpillar wrestler Date: 16 Apr 16 - 11:48 AM I knew someone who used two words from a poem concatenated together. All he had to do was note down a word count number for how far through the poem he had got when changing to a new password. He did not tell anyone which poem he had in mind. |
|
Subject: RE: BS: Those Problematic Passwords From: Kampervan Date: 16 Apr 16 - 12:16 PM I'm not telling you what I do, because I want to keep it secret. |
|
Subject: RE: BS: Those Problematic Passwords From: MGM·Lion Date: 16 Apr 16 - 02:59 PM I'll gladly tell you what I use. It's my old army number from National Service in the 1950s. So now you know that, hack in to your ❤s' content... ≈M≈ |
|
Subject: RE: BS: Those Problematic Passwords From: leeneia Date: 16 Apr 16 - 04:01 PM I use a phrase I will remember, but add a special character, a capital letter in an odd place, or numbers that I will also remember suggestions: names of plays or books you like old addresses of you or family names of fictional characters names of towns names of grade school teachers Then make a document which provides hints only you will understand. Yes, the experts say a good password is something like "8r0@m*(5MVE!" , but the trouble with that is that you have to write it down, and then an enemy might find it. |
|
Subject: RE: BS: Those Problematic Passwords From: mg Date: 16 Apr 16 - 05:20 PM I got so sick of it at work that I took a fat magic marker and wrote down the passwords on my desk....some of the more sensitive ones are in code that a thief would not ever figure out with spaces missing etc...it sort of works but I can't find anything that removes all the magic marker... |
|
Subject: RE: BS: Those Problematic Passwords From: Gurney Date: 16 Apr 16 - 07:25 PM Like MGM-Lion, I use numbers from my army number, which you quote often enough when young so that it is embedded forever. So far. I also remember two of my Dad's motorbike registration/licence numbers from 70 years ago and my Mum's and Gran's Co-Op numbers (Poms will know) but I can't remember any numbers specifically mine. My bank suggests your Mum's maiden name. One advantage is that, so far, I can leave notices to myself such as 'Ebay = Mum's Co-Op' that are reasonably impenetrable. |
|
Subject: RE: BS: Those Problematic Passwords From: Bill D Date: 16 Apr 16 - 10:11 PM Look at this.... which most sites would consider a faitly good password....3edcvbgt54rf Now, trace it out on your keyboard (no, that's not mine) There are many, many patterns like this, easy to remember, but starting in different places and using more or fewer characters. Then, if that's not secure enough for you, you can use this (in Windows-I have no idea if it can be done on a MAC) Rototexter and do a 2 step confusilation doing first an ROT-13, then a ROT-47 on your already strange combination. Or, *shrug*...just ROT-47 some word or phrase...qF8D3F??J62ED42CC@ED... when UN-Rot-47 is bugsbunnyeatscarrots. The idea is to use a combination of characters that is easy for YOU to unscramble, but which makes no sense to anyone else, using some easy to apply pattern. Being a woodworker, I have for 15 years used a very odd combination of botanical terms, mixed with a couple of relevant (to me) numbers. Get creative! and... I have NO idea how these tricks work for anyone who has to enter passwords on a smart phone! |
|
Subject: RE: BS: Those Problematic Passwords From: CupOfTea Date: 16 Apr 16 - 10:42 PM This is a much more interesting subject than I'd anticipated, with plenty of practical solutions, for which I am thankful, very. Now I must confess that my solution to the problem that sparked the flame of long frustration was in my spam box. Three times. So now I have both that password problem resolved with a side order of humble pie, and a head start at developing my own system for generating passwords. Many thanks to all of you who think in an orderly way about obscuritianism. Joanne in Cleveland who has 16 or so passwords to get organized |
|
Subject: RE: BS: Those Problematic Passwords From: Mr Red Date: 17 Apr 16 - 02:43 AM I use FireFox Portable and have, as my homepage, an HTML page on the same memory stick. The page has all the data I need with passwords suitably disguised. And more importantly hyperlinks to the correct page to log in. but I do edit in HTML & with Dreamweaver as soon as I use a new password. |
|
Subject: RE: BS: Those Problematic Passwords From: DMcG Date: 17 Apr 16 - 05:33 AM I should say that when I use an acronym from a song, I usually pick a song relevant to the site where possible. So, for example, for Apple it might be an apple tree wassail (it isn't), for Netflix a fishing song, and so forth. I find that the best way of avoiding having the same password for everything. I do also use various special character tricks of the kind mentioned above. Some years back I mentioned a password I had about forty years ago : hzhzzzhzhzhzna. Even knowing it is a song acronym it might take a few moments to work out. |
|
Subject: RE: BS: Those Problematic Passwords From: Mark Clark Date: 17 Apr 16 - 01:41 PM I use (and recommend) a software product called mSecure which is available For Apple (iOS & OS X), Windows, and Android devices. It will generate very secure passwords for you and keep them very safely encrypted. mSecure also includes its own secure browser so you can just click on a stored account and be logged in. Of course you can click to copy your password and paste it into any other app as well. mSecure offers syncing across devices using Dropbox so your passwords are always available to you and the encryption used to store your passwords is very, very secure. Sure, it's an extra step, but you have total security without the need to remember complex passwords. Of course you should never, ever write them down. - Mark |
|
Subject: RE: BS: Those Problematic Passwords From: DMcG Date: 17 Apr 16 - 03:42 PM of course you should never, even write [passwords] down While I don't, and some passwords, such as for your banking, certainly not, but as a general rule I am not really so convinced. Last year I was broken into and several thousand pounds worth of camera equipment was stolen. It was insured, so it was a significant inconvenience, but no more. Now, if there had been a sheet of paper next to the computer would they have stolen it? Probably not: there were other papers and they were left. If they had, just how much of a problem would if be if they accessed my Netflix, or Amazon, or Apple, accounts? Not much, I should think. If they impersonated me on mudcat or Facebook, again a pain, but fairly easy to address. So I think there are three levels: bank accounts etc, certainly worry about. Sites that hold credit card details rather less: you can stop the cards easily. Most other accounts, do you really care that much? Especially if your list of passwords doesn't say what they are each for. |
|
Subject: RE: BS: Those Problematic Passwords From: Rapparee Date: 18 Apr 16 - 07:44 AM However, a "brute force" password cracking program can force any of these passwords. It just takes time for it to run through all of the possible combinations. And time is the cracker's enemy. mg, a product called "Goof Off" will almost certainly wipe out those marker marks. |
|
Subject: RE: BS: Those Problematic Passwords From: Vashta Nerada Date: 18 Apr 16 - 08:49 AM Written down, but not kept near the computer. And jumbles of letters and symbols that make sense to me. |
|
Subject: RE: BS: Those Problematic Passwords From: Senoufou Date: 18 Apr 16 - 12:08 PM DMcG, I think your song acronym may be from Jesus Christ Superstar. I'm afraid I write all my passwords down in a little book. There's no way on this earth I'd be able to remember them, my head is like a sieve. If what my old neighbour used to call a 'burgular' broke in and nicked it, I realise I'd be right in the soup. At least they're all different. I was daft enough when I first started out online to have the same rather nice little short password for everything, until a friend told me I was a prat! |
|
Subject: RE: BS: Those Problematic Passwords From: DMcG Date: 18 Apr 16 - 12:55 PM Yes,indeed it is from Superstar. I didn't really set it as a challenge; more to illustrate that even with quite a lot of information and a very well known song it can still be quite difficult to spot. As we all know from those quizzes that used to go round of the form "88 K on a GP". And if you use the third line of the sixth verse of a specific version of some ballad... |
|
Subject: RE: BS: Those Problematic Passwords From: DMcG Date: 18 Apr 16 - 01:10 PM I should have added that the other passwords you you never ever right down are those you use for password recovery, because potentially they could be used to get many of your financially sensitive passwords. |
|
Subject: RE: BS: Those Problematic Passwords From: DMcG Date: 18 Apr 16 - 01:25 PM Brute force password attacks can still be a problem, but very rarely these days because most systems lock the account either permanently or for a period. Apple, for example, locks the account for 8 hours after about four incorrect attempts. Applied properly, that makes brute force attacks require many years to work through the combinations if the password is more than a few letters long. Of course,if the account doesn't lock out that is another matter. |
|
Subject: RE: BS: Those Problematic Passwords From: DaveRo Date: 18 Apr 16 - 01:55 PM Brute force attacks are often used against stolen (hashed) passwords rather than against online sites. So make them long and complex, and above all don't use the same password forseveral accounts. Bruce Schneier writes on these matters: Choosing_a_Secure_Password Better a strong password written down than a weak one remembered IMO - at least for important sites. |
|
Subject: RE: BS: Those Problematic Passwords From: Penny S. Date: 18 Apr 16 - 05:02 PM I had a very nasty experience with a non-written down password which I forgot while on holiday. In theory, it should have been recoverable. Two words, which I remembered, on the memory palace principle, but separated by a number, generated from two other numbers, picked from a set of a few easily memorable numbers which I could remember. What I could not remember was exactly which two, and what mathematical process I had applied to them. I spent the evening with a calculator trying to get into my computer and failing again and again. So I took it to the local computer shop who did work for us at school back in the day. He has a number of programs which he has used to get into people's computers. I told him the words and the numbers, and a week later he had totally failed to get in. Fortunately, before going away, I had copied all the files off the thing so it was empty of data, so completely restoring it to factory setting and rebuilding all the software wasn't too much of a problem. I was quite pleased at having an unbreakable password. When he and I had done this, guess what? The number presented itself to my mind. I had always felt it wasn't the best number because the maths had produced a number in which two digit patterns were repeated to make the four. I now have a little list. |
|
Subject: RE: BS: Those Problematic Passwords From: leeneia Date: 18 Apr 16 - 07:42 PM Oh gosh, Penny. That sounds awful! I think it's only rational to write an important password down somewhere safe, perhaps on a paper in your safe-deposit box. Or use a code. For example, think of a word or phrase with ten letters (no repeats) and write down the letters that correspond to the numbers in your password. |
|
Subject: RE: BS: Those Problematic Passwords From: Mr Red Date: 19 Apr 16 - 03:24 AM in the days of PINs and wrist watches (or telephone books) I used the name McReady (as in ready cash) with what would look like a telephone number. I would be more concerned about contactless credit cards. |
|
Subject: RE: BS: Those Problematic Passwords From: Mr Red Date: 19 Apr 16 - 03:25 AM in the days of PINs and wrist watches (or telephone books) I used the name McReady (as in ready cash) with what would look like a telephone number. I would be more concerned about contactless credit cards. |
|
Subject: RE: BS: Those Problematic Passwords From: Rapparee Date: 19 Apr 16 - 08:40 AM "Hi, this is YourISP's tech services department. I'm Sheila. Your account has been hacked and we need to reset it, and for that we need your login and password." "What are you doing going through my trash?" The first is called "Social Engineering" and the other "Dumpster Diving." Both, all too often, still work. And both can take many forms. 1. Shred anything that might have your login and password on it. 2. Man or woman, ask them for a number on which to call them back. Then call your ISP and ask about the truth of the matter before returning the call. 3. If you get a call from "Windows" that you're computer is causing Internet problems, don't fall for it. Or tell them that you're running Linux or Apple OS or don't HAVE a computer (the last REALLY throws them!). 4. Your bank, the IRS, your ISP, the FBI, MI5, the Mossad, etc. aren't going to call you for your information. If they don't have it they can get it easily enough than tipping you off by a phone call. 5. If it sounds too good to be true it probably is. 6. When in doubt, don't. |
|
Subject: RE: BS: Those Problematic Passwords From: PHJim Date: 19 Apr 16 - 11:18 AM Creating A Password cabbage *Sorry, the password must be more than eight characters. boiled cabbage *Sorry, the password must contain one numerical number. 1 boiled cabbage *Sorry, the password cannot have any blank spaces. 50fuckingboiledcabbages *Sorry, The password must contain at least one upper case character. 50FUCKINGboiledcabbages *Sorry, the password cannot use more than one upper case character consecutively. 50FuckingBoiledCabbagesShovedUpYourArseIfYouDon'tGiveMeAccessImmediately *Sorry, the password cannot contain any punctuation. NowImGettingReallyPissedOff50FuckingBoiledCabbagesShovedUpYourArseIfYouDontGiveMeAccessImmediately *Sorry, that password is already in use. |
|
Subject: RE: BS: Those Problematic Passwords From: DMcG Date: 19 Apr 16 - 01:17 PM On dialling back: don't forget there is a scam base on the way a telephone line disconnects that means it is not sufficient for YOU to put the phone down if they rang you, THEY need to do so. So don't call back immediately. Instead call something or someone else first to make sure you are really disconnected from them. Secondly, don't call a number they give you - how do you that is genuine? If it is your isp for example, look up their number yourself. |
|
Subject: RE: BS: Those Problematic Passwords From: Rapparee Date: 19 Apr 16 - 06:29 PM That's why you call your ISP if there is ANY doubt in your mind. |
|
Subject: RE: BS: Those Problematic Passwords From: BobL Date: 20 Apr 16 - 03:36 AM Them: "Good morning, I'm calling about your computer" (or whatever). Me: "Good morning, you are speaking to a computer professional. Do you wish to continue?" Click. |
