Hey, Is This Your Password? - Comments Page 1

Category: Security




(Read the article: Hey, Is This Your Password?)

All Comments on: "Hey, Is This Your Password?"

Comment Page: 1 |  2 

Posted by:

Becky
13 Jun 2012

I traveled a lot as a child. I recall numerous old addresses from places where I lived. I use these old addresses as passwords.

Posted by:

connie tyler
13 Jun 2012

Instead of using a password, I use a sentence that I can remember and I also use roboform to store it. For instance, I may use a sentence like this one. Ilm4CsvMatnaT-B-L,aB.

EDITOR'S NOTE: I didn't know you had four... I love mine, too. :-)

Posted by:

Richard
13 Jun 2012

I have a nice easy password for sites that I don't really care about but require a login. It's not one of the 25 but it wouldn't take a cracking programme long to get it from a hash.

Then I have a more secure password for sites I need to get to and need to remember.

Then I have a secure passphrase to a password store for most of the other passwords. This password store generates passwords for sites that I don't know and would never remember. It fills them in for me and I can get to the "vault" if I need to cut/paste.

Finally banking and similar have other access means kept completely separate. Banking site also has a 2 factor scheme to make payments/changes and the like using smart card reader.

Posted by:

Dee
13 Jun 2012

I can't give you a hint on how I create my passwords, that would go against the point of the atricle!

Posted by:

Matt
13 Jun 2012

I will admit I use the same set of 4 or 5 passwords for multiple sites, and I do feel my passwords are pretty strong and hacker proof, but I also think banks and other websites are getting smarter about logging into their website even with the correct password. For example my bank will require security question answer if the login is from an IP I havent used before. I also have 2-step verification set up with all of my GMail accounts, PayPal account, and Facebook account. I believe Google's approach to the 2-step verification is the best by working in conjunction with an Android app that generates a unique 6 digit code that changes every 15 seconds.

Posted by:

Paul
13 Jun 2012

I use Roboform to randomly create and save my passwords and change them from time to time. So far so good.

Posted by:

Jay
13 Jun 2012

I use KeyPass to create and store passwords for sites that need Jay-only access -- banking sites mostly. For those sites where "cracking" my password wouldn't create a problem for anyone -- the Merriam-Webster dictionary site, for example, I use a handful of six- to eight-letter passwords.

Posted by:

sirpaul2
13 Jun 2012

It really doesn't matter how long and strong your passwords are unless you're only worried about 'brute strength' attacks.
You also must take precautions 'how' you enter your passwords due to the following:
1) Keystroke loggers (captures standard keyboard entries)
2) Clipboard loggers (captures standard 'Drag & Drop' methods)
3) Screen loggers (captures mouse movements on most standard virtual keyboards)
4) Password field loggers (plenty of programs can 'look' under the 'asterisks')

It pretty much boils down to "If you build a bigger wall, they will build a bigger ladder" (and bigger walls usually means there's a bigger treasure).

I'm not saying password strength is unimportant, but also make sure you don't 'give' your password away.

Posted by:

JOHN
13 Jun 2012

i HAVE A FRIEND WHO USES [OR DID TILL I PUT HER WISE] HER POST [ZIP CODE]CODE AND AM SURE SHE WAS NOT ALONE

Posted by:

Ed
13 Jun 2012

The best way to develop a great password is found at https://www.grc.com/haystack.htm. Steve Gibson of Gibson Research has received much recognition in the world of online security. His "Needle in a Haystack" method is secure and easy. Go to his site and read (or listen) about it...you'll be amazed.

Posted by:

Lee McIntyre
13 Jun 2012

I use a simple system to create a different password for every site. I can use the system to recall passwords even when I'm at computers I don't own - without having to reference an online resource or carry around a thumb drive.

1. The first portion of my password doesn't change from site to site. It's a 8-character combination of letters and numbers, with random letters capitalized: ECaMo2HP. It's based on the phrase, "Extra Catchup and Mustard on 2 Hamburgers, Please." Create something that's easy for you to remember.
2. The second portion of the password is different for each site. It is based on the PROMPT in the password sign-in window. Example: The Gmail prompt is: "Sign in Google." The prompt for my bank is: "Enter your online ID." I take the first six characters of this prompt and this becomes the second portion of the password, except that I enter all the characters in lower case, except that I always capitalize the third and sixth characters. Finally, I always enter a 5 after the fourth character.

The result is a strong password I can reconstruct simply by looking at the prompt in a site's sign-in window.

Based on all this, the password for my Gmail site is:

ECaMo2HPsiGn5iN

My bank password is:

ECaMo2HPenTe5rY

All you need to remember is the first letter of each word of your root phrase, "Extra Catchup and Mustard on 2 Hamburgers, Please," with capitalization the way you were taught for "Book Titles" in grade school.

Then you need to remember your simple rules for making the password unique for each site: Number of characters to take from the sign-in prompt; which ones to capitalize, and what digit to insert, and where. That rule never changes, so after a few days, you've got it memorized.

But, to guard against forgetfulness caused by old age or something, I recommend writing down your algorithm as follows: Put the first half - the "root" rule - on a scrap of paper in one location in your home, with no indication of what it means. Put the "second" rule on a different scrap in a different location.

Okay, so did I REALLY give you my passwords? Of course not! I only gave you my system.

My "root" is different from the example I used. It's a different length, with a different phrase as its base.

I don't use the first six characters from each sign-in prompt. I use a different number of characters.

And I don't capitalize them exactly as I described.

Finally, I don't enter a five after the fourth character. I enter different numbers (more than one) in a different spot.

The point is, it's a system you can learn in a matter of days. It gives you a different password for (almost) every site, and you don't have to depend on a password repository.

PLUS, you can change your passwords rather easily, every 90 days or so. Just tweak one of the rules slightly, and you'll create a whole new set of passwords based on the new rule.

Posted by:

Chas
13 Jun 2012

I recently read where someone uses the serial number off a dollar bill -- unique, repeatable and easy to change.

Posted by:

Buffet
13 Jun 2012

Bob, where I live (not willing to divulge, so as not to offend anyone) most people seem to have a working vocabulary of little more than twenty-five words! That's actually embellishing very little. That said, I simply select obscure words I seldom hear, and I would NEVER use that online backup rubbish. I can't imagine why anyone would?

Posted by:

Joel Bown
13 Jun 2012

Hacking/guessing passwords could be all but eliminated if the security people would not allow unlimited attempts for logging on. A simple change would be to allow say three tries, then suspend the account for a couple of minutes, then allow three more tries. It would give the true owner time to remember or look up their password and would take hackers so long to try multiple guesses they would probably give up or move on.

Posted by:

drew
14 Jun 2012

I actually appreciate idiots who use "password" and the like in 2012 because they protect me. Hackers are like any other criminal. Always go for the easy targets. If they had to constantly crack 20 digit alphanumeric codes, there wouldn't be much hope for the rest of us.

Posted by:

Dan Morrow
14 Jun 2012

I have been testing new passwords on the w.passwordmeter.com site to see how effective they might be. Of course I want to be sure their formula is effective as a means to stifle hackers!

Posted by:

Garrett
14 Jun 2012

I use a couple of passwords that are from a language spoken by only a few hundred people in the world. Any password can be broken by a good hacker but mine will not make it easy for them. And I also have variations of each.

Posted by:

Dave H
14 Jun 2012

A good strategy, which an it tech suggested to me a few years ago, is too think of a favourite poem or song , e.g The Beatles- Hey Jude. You then use the 1st letter of each word, substitute some similar numbers for letters, and put in a few capitals for good measure, and bish bash bosh there you go. e.g the line 'hey jude dont make it bad take a sad song and make it better' could generate a password like hjdDm1bTA5sam18. As your using mnemonics the password is really easy to remember also. I have five or six of these on the go at the moment.

Posted by:

Rick
15 Jun 2012

I developed a code sequence of caps, letters, numbers and symbols to pw all my logins. I also keep an offline journal so I can look up any of those pws as well as CD Keys for varios apps, So far, I haven't been burnt but one never knows, so I change the passwords often, keeping within the code structure but never a similar pw. The journal keeps me from "getting lost".

Posted by:

Stauf
19 Jun 2012

Something to keep in mind when choosing a password is,
"avoid using a word that's associated with you in some way."

Remember way back when heir-head heiress, Paris Hilton had her cellphone hacked? That was due to her lapdog companion "Tinkerbell" that she spoke of constantly and took with her everywhere.

Someone guessed that she would use that as her password, and they were right.

After they got her info they posted it online and many of her celeb friends got calls and emails from total strangers.

Comment Page: 1 |  2 

Read the article that everyone's commenting on.

To post a comment on "Hey, Is This Your Password?"
please return to that article.

Send this article to a friend. Jump to the Comments section. Buy Bob a Snickers. Or check out other articles in this category:





Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!

Prev Article:
Revealed: Macbook Pro with Retina Display
Send this article to a friend
The Top Twenty
Next Article:
Warning: Skype Urgent Online Repair Scam

Link to this article from your site or blog. Just copy and paste from this box:



Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter


About Us     Privacy Policy     RSS/XML