Here's Why Your Password is Hackable - Comments Page 1
Posted by:
|
The guy who made us all write complicated passwords says they're u$e1ess now - See: http://www.sciencealert.com/the-guy-who-wrote-the-book-on-passwords-now-wants-to-chuck-it-out Also: http://crambler.com/password-security-why-secure-passwords-need-length-over-complexity/ |
Posted by:
|
For those of us old enough to remember telephone numbers starting with a name, like CLover 8-2000 and abbreviated CL8-2000, add to this an abbreviation of the site, so CL8-2000boa for Bank of America...this includes upper case, lower case, symbols (-) and numbers..... if you remember your childhood phone number, this make a strong and valid password and easy to remember. |
Posted by:
|
My preference is to use a mix of upper and lower case letters, numerals, and special characters in a system that I have can give me many combinations that would be hard to guess, and certainly not in any dictionary. Then, along comes (or all places) a bank that will not accept special characters! While it won't protect against some site that gets hacked and the hashcode store for passwords get accessed, it would seem a good defense is to have a site give you only maybe 3 chances to guess a password, then lock that account out for some period of time -- maybe 15 minutes. |
Posted by:
|
I use the paid version of Roboform as I have too many passwords to remember as so many websites require a login. I use their Everywhere version with a master password to open access to my passwords. Been using Roboform since it came on the market. No worry of a hacker copying your keystrokes when entering your password as the program enters your saved password. |
Posted by:
|
I have used RoboForm for many years and have had no issues on passwords. Every account has a different password AND I change my bank account passwords very often- 2-3 times a year. |
Posted by:
|
Why does any site allow a user to try "billions of possible passwords per hour" on the same username? If they gave you 5 tries then made you wait 5 minutes to try again, that would allow only 60 tries an hour. That way, random guessing a password would take 2,000,000,000/ 60 = 33 million hours! |
Posted by:
|
I have used LassPass since you suggested it many moons ago. Have been very happy with it. I also block spams and never open a link in an email, regardless of sender, unless it's your email. |
Posted by:
|
Most of us know words in foreign languages or last names of relatives or inlaws. In a pinch you could reverse a phrase. |
Posted by:
|
I often use my old-fashioned paper phone book to write down passwords. Such as to my auto insurance company, for example. Or medical doctor websites that I do not visit very often. |
Posted by:
|
As the sysadmin of a small computer lab in a Senior Center, I'm often asked to help our patrons reset their passwords. My advice is simple - write your passwords down somewhere and save the paper securely. A 'Postit' note is *fine*, as long as that note is at home or a wallet where no one else but you can see it. As for myself, a simple *encrypted* file on a flash drive satisfies my needs. With 120+ services and some services with multiple accounts, it's impossible to remember them all. (Hint: don't name the file 'passwords' ) Second, not all sites need a high-security password. My bank and Amazon (because they holds keys to finacial accounts) require high-security; CNet, for example, requires an account to make a comment to an article, a simple password (though never common to any other site) suffices for them. |
Posted by:
|
Again I raise the issue—Commercial companies have finite life. If I use password-generating software, how can I recover when that company goes out of business? If they sell their product to a new business, how can I be sure their ethics are as good as the original? I've got my own pretty good system of generating passwords and I am loath to go to the generator. Any comments on this would be appreciated! THANKS! |
Posted by:
|
what bb said - he's absolutely right |
Posted by:
|
Been using LastPass for years. One only has to remember ONE Master password. The software does the rest; creating the most convoluted, complex 8-16 character passwords you don't have to remember. |
Posted by:
|
If Sysadmins would simply lock an account for five minutes or so after several password fails, the bad guys would die of old age before their software could guess almost any password. |
Posted by:
|
All the password software seem to have some problem or other. I have tried Roboform, but I found Dashlane to be easier to use and more reliable. I still occasionally find it doesn't autofill, but I am thinking that may at least sometimes be more due to my lousy ISP rather than a flaw in the software. I have noticed on one particular site (happening to be my main bank) that it would never log in for me (I had to cut and paste, not a huge problem) it has recently become able to do so, so they do work on these things. |
Posted by:
|
It's so much easier to just use Dashlane. It works across different devices and synchronizes itself. Of course I'm just waiting for when some one breaks into their database! |
Posted by:
|
I've always questioned the value of the oft-recommended practice of changing your PW. If you've got a strong PW that the bad guys have not guessed, what's the value of changing it? They're as likely to guess the new one as the old one. |
Posted by:
|
Len B, I'm wondering if you read the article. None of the advice Bob gives contradicts those "new" findings that mostly clarify what needs to be done to make a strong password and says people taking shortcuts is the main problem, not the system itself. |
Posted by:
|
When I switched to Firefox 64-bit, LastPass started failing with an XML error. I'm trying KeePass, but I gather it doesn't automatically load login fields. |
Posted by:
|
Does anyone have an opinion about Apple'S Safari Keychain? It generates very random characters. But how predictable are they since the dashes are alwats in the same positions? Also how hackable is it? |
Read the article that everyone's commenting on.
To post a comment on "Here's Why Your Password is Hackable"
please return to that article.
Need More Help? Try the AskBobRankin Updates Newsletter. It's Free! |
Prev Article: Equifax Takes The Data Breach Cake |
|
Next Article: Geekly Update - 13 Sep 2017 |
Link to this article from your site or blog. Just copy and paste from this box: |
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter About Us Privacy Policy RSS/XML |
(Read the article: Here's Why Your Password is Hackable)