Passwords

[Deleted User][Deleted User] Posts: 2,583
Forum Member
✭✭✭
They say not to use the same password for multiple sites and to use strong ones to include symbols and numbers.

I have so many passwords to various sites that I quite often forget what the password is when I need it. Particularly on sites that save my login for a while or sites I don't frequent that regularly.

For example I have a ton of online accounts for various retailers but I might only buy something from them once a year in some cases.

I have resorted to writing them down but that defeats the object.

What are others doing about this?

How many of you use the same code on different sites?

How many of you commit them all to memory?

Should I be storing them in the Cloud?

Make a digital file and encrypt it?

I'm not paranoid but I would like to know some good common sense approaches.
«13

Comments

  • chenkschenks Posts: 13,231
    Forum Member
    ✭✭
    I have resorted to writing them down but that defeats the object..

    actually it doesn't, as the person most likely to be trying to gain access to your online accounts isn't going to be sitting in front of your computer to see the piece of paper.

    someone breaking into your house is not likely to be looking to steal a password, but the TV etc that is in your house.
  • jsmith99jsmith99 Posts: 20,382
    Forum Member
    ✭✭✭
    I've a file of websites, usernames and passwords. I installed Open Office purely because of its facilty to password protect a file, and gave it a strong, but easily memorable for me, password. Ok, it's two places where I've lived.

    I've also given my email addresses strong passwords : ok, I have to keep looking them up if I want to use webmail, but that's pretty rare.

    I was reading a review last week of KeePass - that looks pretty good software. You can click on a password or "username{TAB}password" and paste it into a logon form.
  • paulj48paulj48 Posts: 1,122
    Forum Member
    ✭✭✭
    I use the password manager 1password it is'nt free but it works pretty well with and synced with my PC at work, my Macbook at home and my Iphone. It's not perfect and there are variuos free solutions but it works for me.

    You have to remeber 1 very strong password and all the rest are on the program. For somebody to 'hack' you they would have to know you're master password and have physical access to your PC,Mac, phone etc.
  • albertdalbertd Posts: 14,341
    Forum Member
    ✭✭
    Some browsers (maybe all, I don't know) store some passwords and can, if you ask it, display them for you if you want.

    Firefox is an example. "Tools, Options, Security, Saved Passwords" is the route to it. You then have to select "Show Passwords".
  • jsmith99jsmith99 Posts: 20,382
    Forum Member
    ✭✭✭
    chenks wrote: »
    actually it doesn't, as the person most likely to be trying to gain access to your online accounts isn't going to be sitting in front of your computer to see the piece of paper.

    someone breaking into your house is not likely to be looking to steal a password, but the TV etc that is in your house.

    I agree : nor is it going to be someone sitting at a keyboard trying various passwords by hand. It's more likely to be a piece of code trying a dictionary, plus variants, 10,000 times a second.

    So a paper list near your PC is as good as any technical solution. Especially if you have some common element (e.g. a 4-digit number at the end of every password) which you represent by an asterisk.
  • ZenithZenith Posts: 3,868
    Forum Member
    ✭✭✭
    ...I have resorted to writing them down but that defeats the object...

    ...I'm not paranoid but I would like to know some good common sense approaches.
    As mentioned above, good, old fashioned pen & paper is not as unsecure as it sounds.

    I keep all my passwords in an A7 sized "little black book" which I keep next to my pc.

    For an added level of security, you could always hide it when you go out. :D
  • emptyboxemptybox Posts: 13,917
    Forum Member
    ✭✭
    I don't think a 'strong' password is as important as having a different password for each important site.

    Most responsible sites will lock the user out for a period, if they enter a wrong password more than one or two times, and that should completely defeat the automatic software.

    I think most hacking occurs when they find your password through other means. Either because the site has stored it insecurely, or you've used the same password for everything.
  • [Deleted User][Deleted User] Posts: 4,043
    Forum Member
    ✭✭✭
    chenks wrote: »
    actually it doesn't, as the person most likely to be trying to gain access to your online accounts isn't going to be sitting in front of your computer to see the piece of paper.

    someone breaking into your house is not likely to be looking to steal a password, but the TV etc that is in your house.

    Id like to see them try stealing my TV as it would take 6 people to lift it!
  • chenkschenks Posts: 13,231
    Forum Member
    ✭✭
    Id like to see them try stealing my TV as it would take 6 people to lift it!

    i suspect you are over exaggerating for comic effect.
  • cnbcwatchercnbcwatcher Posts: 56,681
    Forum Member
    chenks wrote: »
    actually it doesn't, as the person most likely to be trying to gain access to your online accounts isn't going to be sitting in front of your computer to see the piece of paper.

    someone breaking into your house is not likely to be looking to steal a password, but the TV etc that is in your house.

    I'd like to see someone try to run off with my 37" flatscreen TV! They'd probably take the satellite dish/receiver or cable box as well :eek: Now I have a sudden image of a burglar stealing (or attempting to steal) my TV or satellite dish and me running after them with a hockey stick or inflatable hammer or something :D
  • call100call100 Posts: 7,264
    Forum Member
    LastPass works for me flawlessly.....saves having to remember them all when at the office or out and about....I also have them all written in a book.............Just in case!!!;)
  • TheBigMTheBigM Posts: 13,125
    Forum Member
    ✭✭
    I use lastpass, works great and it's free.
  • Smiley433Smiley433 Posts: 7,854
    Forum Member
    I've nearly 100 logins for various sites gathered over the years. Some, as you say, are only used once and unlikely to be used again as it's for an online shop for a one-off purchase.

    My passwords probably could be much more secure as I tend to use a similar one for most sites. Ones where I've stored payment details on a site have a different password, however.

    I use the Firefox built-in password manager to log in to sites but it is told to never remember the password or ID for my online banking - for those I have to remember my ID and password.

    Details are stored in an Excel spreadsheet so I can do a manual lookup in the event I've forgotton my login or password for a site. Now, if only I could remember my password for the spreadsheet...
  • Mr DosMr Dos Posts: 3,637
    Forum Member
    ✭✭✭
    jsmith99 wrote: »
    It's more likely to be a piece of code trying a dictionary, plus variants, 10,000 times a second.

    Spot on. Although alphanumeric + upper/lower case are best, they are hard to remember and easy to mistype. I repair computers and its not uncommon for a customer to have passworded their computer with just upper + lower case, then promptly forgotten it.

    A good method for a non dictionary password is to use the 1st letters of an easily remembered (relevant) phrase.
  • chenkschenks Posts: 13,231
    Forum Member
    ✭✭
    mine is just 8 random lower and upper case characters (not a word or even close to being one).
  • !!11oneone!!11oneone Posts: 4,098
    Forum Member
    ✭✭✭
    Use a system. For example the initial letters of the first line from your favourite song, year of birth, then letters derived from the site.

    Using Twinkle Twinkle Little Star, your password for Digital Spy could be ttlshiwwya77disp - impossible for anyone else to guess, nonsensical so people looking over your shoulder can't read it, long enough that automatic crackers would struggle (these actually don't really work any more), contains no dictionary words, and impossible for you to forget.

    Also, turn on 2-factor authentication on any sites that use it.
  • TheBigMTheBigM Posts: 13,125
    Forum Member
    ✭✭
    !!11oneone wrote: »
    Use a system. For example the initial letters of the first line from your favourite song, year of birth, then letters derived from the site.

    Using Twinkle Twinkle Little Star, your password for Digital Spy could be ttlshiwwya77disp - impossible for anyone else to guess, nonsensical so people looking over your shoulder can't read it, long enough that automatic crackers would struggle (these actually don't really work any more), contains no dictionary words, and impossible for you to forget.

    Also, turn on 2-factor authentication on any sites that use it.

    Actually, with the advent of GPGPU, OpenCL etc, using the power of massively parallel graphics cards has made brute-forcing quite practical again.
  • PrimalIcePrimalIce Posts: 2,897
    Forum Member
    ✭✭✭
    What are others doing about this?

    I'm not paranoid but I would like to know some good common sense approaches.

    I wrote a program that takes a base password, a site name and produces a password based on that. I just click on the site from the list, input my base password and it then copies the generated password to the clipboard allowing it to be pasted into the login field. Although that last bit is a security issue I consider it an acceptable level of risk for the convenience.

    So I have a different password for every site.
  • MigsterMigster Posts: 4,204
    Forum Member
    ✭✭✭
    It's a little nerdy, but there's an interesting/scarey article here on cracking hashed passwords. http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
  • thenetworkbabethenetworkbabe Posts: 45,554
    Forum Member
    They say not to use the same password for multiple sites and to use strong ones to include symbols and numbers.

    I have so many passwords to various sites that I quite often forget what the password is when I need it. Particularly on sites that save my login for a while or sites I don't frequent that regularly.

    For example I have a ton of online accounts for various retailers but I might only buy something from them once a year in some cases.

    I have resorted to writing them down but that defeats the object.

    What are others doing about this?

    How many of you use the same code on different sites?

    How many of you commit them all to memory?

    Should I be storing them in the Cloud?

    Make a digital file and encrypt it?

    I'm not paranoid but I would like to know some good common sense approaches.

    Depends if you have lived or worked at many places and remember phone numbers, extension numbers, office numbers, staff numbers, and addresses or postcodes .If you have, and no one else knows them who could possibly hack you,you may have some very memorable passwords with numbers, letters, non dictionary words and capitals and you can mix up how you cut up and order them? If you live somewhere celtic, or somewhere else with hideous spellings, so much the better??
  • christwochristwo Posts: 534
    Forum Member
    ✭✭
    Has to be Last Pass, could not work without it
  • call100call100 Posts: 7,264
    Forum Member
    Are you hackable in your lifetime...Try your passwords here...How big is your Haystack?

    I'll be long gone before they get mine.....:);)
  • emptyboxemptybox Posts: 13,917
    Forum Member
    ✭✭
    TheBigM wrote: »
    Actually, with the advent of GPGPU, OpenCL etc, using the power of massively parallel graphics cards has made brute-forcing quite practical again.

    But as I pointed out before, the simple step of locking the user out for 30 minutes after a third wrong attempt, will hold any automatic system up for months or years, even if your password is a simple word.

    The only way round that would be to have thousands of computers working on the same password simultaneously.
    (or is that what you mean by "massively parallel"?)
  • eugenespeedeugenespeed Posts: 66,695
    Forum Member
    ✭✭
    call100 wrote: »
    Are you hackable in your lifetime...Try your passwords here...How big is your Haystack?

    I'll be long gone before they get mine.....:);)

    Over 43 Centuries.

    I'm a bit worried that someone in the year 47,073 will find out I ordered a DVD last week. :D
  • skillerskiller Posts: 963
    Forum Member
    ✭✭
    Over 43 Centuries.

    I'm a bit worried that someone in the year 47,073 will find out I ordered a DVD last week. :D
    That's over 45 millennia away, never mind 43 centuries! :p
Sign In or Register to comment.