PDA

View Full Version : Passwords!



Archer0915
08-30-2017, 07:34 AM
Hey... password issues! Look if someone is after you and they are good... They will get you. No need to have some password generated that you may forget or that you must put on paper. If you are a target you will be hacked. Now I am not saying simple passwords but I am saying that a password can cause big issues.

Simply put, if you are not a direct target (or indirect) you are risking headaches. KISS but not simple for others. Meaningful dates that others know about should be avoided and I find that older obsolete things (like my brain) are easiest to remember tied with a significant event or date that only matters to me and is unknown to anyone else...

Just do not make passwords so complicated that you need to write them down or use a password manager.

And also remember no matter how good you password is, those you deal with get hacked all the time, from government to financial institutions to ISPs. And whatever you do, do not hack back as an FBI liaison warned me as he said he was "going to forget we had a conversation" as he hung up laughing...

DGUtley
08-30-2017, 07:39 AM
Mere passwords? We've moved beyond that. It's now two-step authentication plus a password.

Archer0915
08-30-2017, 07:41 AM
Mere passwords? We've moved beyond that. It's now two-step authentication plus a password.
Perhaps with some things but most banks... User name and password, email user name and password, so much is user name and password.

Chris
08-30-2017, 07:50 AM
Yes, a lot of two-step authentication, but it should be two-factor. Difference: Inputting username then inputting password is two step but not a step up. Inputting credentials on one device and then being challenged on another device, that's two-factor, and a step up.


You can create quite complex, hard to crack passwords with mnemonics. Here's how: Take the first letters of the words in a poem, song, book, some favorite line easy to remember. The longer the better, at least over 8 characters. Then push those letters together and substirute in numbers and special characters. Change s to $, i to 1, capitalize, etc.

"Four score and seven years ago our forefathers brought forth"
fsasyaofbf
f$aSy@0fBf

Something like that. Too many f's though.

Archer0915
08-30-2017, 07:56 AM
Yes, a lot of two-step authentication, but it should be two-factor. Difference: Inputting username then inputting password is two step but not a step up. Inputting credentials on one device and then being challenged on another device, that's two-factor, and a step up.


You can create quite complex, hard to crack passwords with mnemonics. Here's how: Take the first letters of the words in a poem, song, book, some favorite line easy to remember. The longer the better, at least over 8 characters. Then push those letters together and substirute in numbers and special characters. Change s to $, i to 1, capitalize, etc.

"Four score and seven years ago our forefathers brought forth"
fsasyaofbf
f$aSy@0fBf

Something like that. Too many f's though.

I prefer ASCII extended but few places allow you to use it. To the º that I can, I try to use a special Char or two but it is something that is not acceptable in most circumstances. ╟╗■±

DGUtley
08-30-2017, 07:58 AM
I'm sorry, I meant two-factor. I log on, put password in and then have to go to my phone to get another code. This is for email and for our legal management program. It's all new to us b/c of ABA guidelines that have recently come down. Larger insurers mandate we follow ABA guidelines, which eventually become mandatory statewide anyways.

Crepitus
08-30-2017, 08:01 AM
To correspond with some old friends still in my previous business we use a secure email service. user name, pass-phrase (not word), challenge-response, and separate authentication on another device. They can do biometrics as well if you want to pay the extra fee, and the emails are encrypted.

Archer0915
08-30-2017, 08:02 AM
I'm sorry, I meant two-factor. I log on, put password in and then have to go to my phone to get another code. This is for email and for our legal management program. It's all new to us b/c of ABA guidelines that have recently come down. Larger insurers mandate we follow ABA guidelines, which eventually become mandatory statewide anyways.
That is great! Two factor is better than a screwey password that is forgotten to time and can be cracked by a random generator.

Archer0915
08-30-2017, 08:04 AM
To correspond with some old friends still in my previous business we use a secure email service. user name, pass-phrase (not word), challenge-response, and separate authentication on another device. They can do biometrics as well if you want to pay the extra fee, and the emails are encrypted.

For my forum I used verification on every login to prevent bots and I have seen many sites with challenge questions but the fact is... People are lazy and many of them do not even want show ID at the bank.

Crepitus
08-30-2017, 08:07 AM
However, I gotta confess that for my stuff that I ain't really worried about, no money or secrets involved, my passwords are super simple. For instance anyone who knew me personally and put a little effort into it would be able to figure out my password here.

Common
08-30-2017, 08:13 AM
Nothing is safe on the internet, not your password, your name, your address, if you think you are totally protected you are living an illusion.

You can protect against most but whats left is always the thread. I have levels of safety nets, including a VPN and Lifelock, bitdefender, malware bytes, hitman pro, super antispyware pro and still I am not safe.

Archer0915
08-30-2017, 08:14 AM
however, i gotta confess that for my stuff that i ain't really worried about, no money or secrets involved, my passwords are super simple. For instance anyone who knew me personally and put a little effort into it would be able to figure out my password here.
cypm

Chris
08-30-2017, 08:23 AM
I'm sorry, I meant two-factor. I log on, put password in and then have to go to my phone to get another code. This is for email and for our legal management program. It's all new to us b/c of ABA guidelines that have recently come down. Larger insurers mandate we follow ABA guidelines, which eventually become mandatory statewide anyways.

Exactly.

NapRover
08-30-2017, 10:31 AM
Quite a few of my friends get their Facebook accounts "hacked". This has happened to me twice: a duplicate account somehow gets set up and my friends get second friend requests. Everyone resets their passwords and it seems to go away.
The thing is, my passwords are similar to the above examples, impossible to guess. I'm sure no one has guessed my password, so how to they start up duplicate accounts?
I did get pm's from impostors, I caught on right away when they told me how much money they just won and wanted to show me how they did it. Not sure where it would have lead to if I'd taken the bait.

So how do they set up duplicate accounts that mirror mine, except for the number of friends (usually the duplicate will show only the friends who have accepted the phony friend requests)?

resister
08-30-2017, 12:02 PM
I get my passwords from the NSA:tongue:

Chris
08-30-2017, 02:02 PM
I get my passwords from the NSA:tongue:

They don't need passwords. Or warrants.