Here's Why Your Password is Hackable - Comments Page 1

Category: Security



All Comments on: "Here's Why Your Password is Hackable"

Comment Page: 1 |  2  |  3 

Posted by:

Len B
12 Sep 2017

The guy who made us all write complicated passwords says they're u$e1ess now - See: http://www.sciencealert.com/the-guy-who-wrote-the-book-on-passwords-now-wants-to-chuck-it-out

Also: http://crambler.com/password-security-why-secure-passwords-need-length-over-complexity/

Posted by:

Joseph
12 Sep 2017

For those of us old enough to remember telephone numbers starting with a name, like CLover 8-2000 and abbreviated CL8-2000, add to this an abbreviation of the site, so CL8-2000boa for Bank of America...this includes upper case, lower case, symbols (-) and numbers..... if you remember your childhood phone number, this make a strong and valid password and easy to remember.

Posted by:

Bob K
12 Sep 2017

My preference is to use a mix of upper and lower case letters, numerals, and special characters in a system that I have can give me many combinations that would be hard to guess, and certainly not in any dictionary. Then, along comes (or all places) a bank that will not accept special characters!

While it won't protect against some site that gets hacked and the hashcode store for passwords get accessed, it would seem a good defense is to have a site give you only maybe 3 chances to guess a password, then lock that account out for some period of time -- maybe 15 minutes.

Posted by:

Steven Bulger
12 Sep 2017

I use the paid version of Roboform as I have too many passwords to remember as so many websites require a login. I use their Everywhere version with a master password to open access to my passwords. Been using Roboform since it came on the market. No worry of a hacker copying your keystrokes when entering your password as the program enters your saved password.

Posted by:

Jorge
12 Sep 2017

I have used RoboForm for many years and have had no issues on passwords. Every account has a different password AND I change my bank account passwords very often- 2-3 times a year.
My Master password for Roboform is a sentence which I use and changed a few characters which are easy to remember for me.

Posted by:

NB
12 Sep 2017

Why does any site allow a user to try "billions of possible passwords per hour" on the same username? If they gave you 5 tries then made you wait 5 minutes to try again, that would allow only 60 tries an hour. That way, random guessing a password would take 2,000,000,000/ 60 = 33 million hours!

Posted by:

Nina Eriksson
12 Sep 2017

I have used LassPass since you suggested it many moons ago. Have been very happy with it. I also block spams and never open a link in an email, regardless of sender, unless it's your email.

Posted by:

Bill K
12 Sep 2017

Most of us know words in foreign languages or last names of relatives or inlaws. In a pinch you could reverse a phrase.
K lliB

Posted by:

Ed B.
12 Sep 2017

I often use my old-fashioned paper phone book to write down passwords. Such as to my auto insurance company, for example. Or medical doctor websites that I do not visit very often.

Posted by:

bb
12 Sep 2017

As the sysadmin of a small computer lab in a Senior Center, I'm often asked to help our patrons reset their passwords. My advice is simple - write your passwords down somewhere and save the paper securely. A 'Postit' note is *fine*, as long as that note is at home or a wallet where no one else but you can see it.

As for myself, a simple *encrypted* file on a flash drive satisfies my needs. With 120+ services and some services with multiple accounts, it's impossible to remember them all. (Hint: don't name the file 'passwords' )

Second, not all sites need a high-security password. My bank and Amazon (because they holds keys to finacial accounts) require high-security; CNet, for example, requires an account to make a comment to an article, a simple password (though never common to any other site) suffices for them.

Posted by:

John Anderson
12 Sep 2017

Again I raise the issue—Commercial companies have finite life. If I use password-generating software, how can I recover when that company goes out of business? If they sell their product to a new business, how can I be sure their ethics are as good as the original? I've got my own pretty good system of generating passwords and I am loath to go to the generator. Any comments on this would be appreciated! THANKS!

Posted by:

ardj
12 Sep 2017

what bb said - he's absolutely right

Posted by:

Nightwish_Fan
12 Sep 2017

Been using LastPass for years. One only has to remember ONE Master password. The software does the rest; creating the most convoluted, complex 8-16 character passwords you don't have to remember.
I get it to generate a new password for my bank about 3 times a year. I have no idea what my bank password is. I don't need to know (but I could find it if I needed to, which I never have).
So every once in a while, I change the Master password itself.
And I have it set to a (built-in) Timer; if my computer or browser is idle for 1 minute, the app shuts down and logs itself out.
I think LastPass is the bees-knees.

Posted by:

Joel Bown
12 Sep 2017

If Sysadmins would simply lock an account for five minutes or so after several password fails, the bad guys would die of old age before their software could guess almost any password.

Posted by:

Ken Heikkila
12 Sep 2017

All the password software seem to have some problem or other. I have tried Roboform, but I found Dashlane to be easier to use and more reliable. I still occasionally find it doesn't autofill, but I am thinking that may at least sometimes be more due to my lousy ISP rather than a flaw in the software. I have noticed on one particular site (happening to be my main bank) that it would never log in for me (I had to cut and paste, not a huge problem) it has recently become able to do so, so they do work on these things.

Posted by:

Henry Stevens
12 Sep 2017

It's so much easier to just use Dashlane. It works across different devices and synchronizes itself. Of course I'm just waiting for when some one breaks into their database!

Posted by:

Dave H.
12 Sep 2017

I've always questioned the value of the oft-recommended practice of changing your PW. If you've got a strong PW that the bad guys have not guessed, what's the value of changing it? They're as likely to guess the new one as the old one.

Posted by:

Ken Heikkila
12 Sep 2017

Len B, I'm wondering if you read the article. None of the advice Bob gives contradicts those "new" findings that mostly clarify what needs to be done to make a strong password and says people taking shortcuts is the main problem, not the system itself.

Posted by:

BobD
12 Sep 2017

When I switched to Firefox 64-bit, LastPass started failing with an XML error. I'm trying KeePass, but I gather it doesn't automatically load login fields.

Posted by:

FussyOldMan
12 Sep 2017

Does anyone have an opinion about Apple'S Safari Keychain? It generates very random characters. But how predictable are they since the dashes are alwats in the same positions? Also how hackable is it?

Comment Page: 1 |  2  |  3 

Read the article that everyone's commenting on.

To post a comment on "Here's Why Your Password is Hackable"
please return to that article.

Send this article to a friend. Jump to the Comments section. Buy Bob a Snickers. Or check out other articles in this category:





Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!

Prev Article:
Equifax Takes The Data Breach Cake
Send this article to a friend
The Top Twenty
Next Article:
Geekly Update - 13 Sep 2017

Link to this article from your site or blog. Just copy and paste from this box:


Free Tech Support -- Ask Bob Rankin
RSS    
Subscribe to AskBobRankin Updates: Free Newsletter

Privacy Policy