Digital Spy

Search Digital Spy
 

DS Forums

 
 
 

Passwords


Reply
Thread Tools Search this Thread
Old 10-07-2013, 10:36
DeelyBopper
Forum Member
 
Join Date: Feb 2009
Posts: 2,280

They say not to use the same password for multiple sites and to use strong ones to include symbols and numbers.

I have so many passwords to various sites that I quite often forget what the password is when I need it. Particularly on sites that save my login for a while or sites I don't frequent that regularly.

For example I have a ton of online accounts for various retailers but I might only buy something from them once a year in some cases.

I have resorted to writing them down but that defeats the object.

What are others doing about this?

How many of you use the same code on different sites?

How many of you commit them all to memory?

Should I be storing them in the Cloud?

Make a digital file and encrypt it?

I'm not paranoid but I would like to know some good common sense approaches.
DeelyBopper is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 10-07-2013, 10:40
chenks
Forum Member
 
Join Date: Jul 2002
Location: North Ayrshire
Posts: 10,308
I have resorted to writing them down but that defeats the object..
actually it doesn't, as the person most likely to be trying to gain access to your online accounts isn't going to be sitting in front of your computer to see the piece of paper.

someone breaking into your house is not likely to be looking to steal a password, but the TV etc that is in your house.
chenks is online now Follow this poster on Twitter   Reply With Quote
Old 10-07-2013, 10:47
jsmith99
Forum Member
 
Join Date: Apr 2005
Posts: 13,477
I've a file of websites, usernames and passwords. I installed Open Office purely because of its facilty to password protect a file, and gave it a strong, but easily memorable for me, password. Ok, it's two places where I've lived.

I've also given my email addresses strong passwords : ok, I have to keep looking them up if I want to use webmail, but that's pretty rare.

I was reading a review last week of KeePass - that looks pretty good software. You can click on a password or "username{TAB}password" and paste it into a logon form.
jsmith99 is offline   Reply With Quote
Old 10-07-2013, 10:48
paulj48
Forum Member
 
Join Date: Jul 2007
Posts: 984
I use the password manager 1password it is'nt free but it works pretty well with and synced with my PC at work, my Macbook at home and my Iphone. It's not perfect and there are variuos free solutions but it works for me.

You have to remeber 1 very strong password and all the rest are on the program. For somebody to 'hack' you they would have to know you're master password and have physical access to your PC,Mac, phone etc.
paulj48 is offline   Reply With Quote
Old 10-07-2013, 10:51
albertd
Forum Member
 
Join Date: Apr 2005
Location: Crawley, W. Sussex
Posts: 7,243
Some browsers (maybe all, I don't know) store some passwords and can, if you ask it, display them for you if you want.

Firefox is an example. "Tools, Options, Security, Saved Passwords" is the route to it. You then have to select "Show Passwords".
albertd is offline   Reply With Quote
Old 10-07-2013, 10:53
jsmith99
Forum Member
 
Join Date: Apr 2005
Posts: 13,477
actually it doesn't, as the person most likely to be trying to gain access to your online accounts isn't going to be sitting in front of your computer to see the piece of paper.

someone breaking into your house is not likely to be looking to steal a password, but the TV etc that is in your house.
I agree : nor is it going to be someone sitting at a keyboard trying various passwords by hand. It's more likely to be a piece of code trying a dictionary, plus variants, 10,000 times a second.

So a paper list near your PC is as good as any technical solution. Especially if you have some common element (e.g. a 4-digit number at the end of every password) which you represent by an asterisk.
jsmith99 is offline   Reply With Quote
Old 10-07-2013, 11:14
Zenith
Forum Member
 
Join Date: Dec 2002
Location: East London
Posts: 2,820
...I have resorted to writing them down but that defeats the object...

...I'm not paranoid but I would like to know some good common sense approaches.
As mentioned above, good, old fashioned pen & paper is not as unsecure as it sounds.

I keep all my passwords in an A7 sized "little black book" which I keep next to my pc.

For an added level of security, you could always hide it when you go out.
Zenith is offline   Reply With Quote
Old 10-07-2013, 11:49
emptybox
Forum Member
 
Join Date: Mar 2006
Location: Scottish Borders
Posts: 10,813
I don't think a 'strong' password is as important as having a different password for each important site.

Most responsible sites will lock the user out for a period, if they enter a wrong password more than one or two times, and that should completely defeat the automatic software.

I think most hacking occurs when they find your password through other means. Either because the site has stored it insecurely, or you've used the same password for everything.
emptybox is offline   Reply With Quote
Old 10-07-2013, 12:06
daveycrocket222
Forum Member
 
Join Date: Oct 2012
Posts: 3,979
actually it doesn't, as the person most likely to be trying to gain access to your online accounts isn't going to be sitting in front of your computer to see the piece of paper.

someone breaking into your house is not likely to be looking to steal a password, but the TV etc that is in your house.
Id like to see them try stealing my TV as it would take 6 people to lift it!
daveycrocket222 is offline   Reply With Quote
Old 10-07-2013, 12:16
chenks
Forum Member
 
Join Date: Jul 2002
Location: North Ayrshire
Posts: 10,308
Id like to see them try stealing my TV as it would take 6 people to lift it!
i suspect you are over exaggerating for comic effect.
chenks is online now Follow this poster on Twitter   Reply With Quote
Old 10-07-2013, 12:23
cnbcwatcher
Forum Member
 
Join Date: Sep 2008
Location: Avoiding Labour Law lecturers
Posts: 49,714
actually it doesn't, as the person most likely to be trying to gain access to your online accounts isn't going to be sitting in front of your computer to see the piece of paper.

someone breaking into your house is not likely to be looking to steal a password, but the TV etc that is in your house.
I'd like to see someone try to run off with my 37" flatscreen TV! They'd probably take the satellite dish/receiver or cable box as well Now I have a sudden image of a burglar stealing (or attempting to steal) my TV or satellite dish and me running after them with a hockey stick or inflatable hammer or something
cnbcwatcher is offline   Reply With Quote
Old 10-07-2013, 12:49
call100
Forum Member
 
Join Date: Mar 2005
Posts: 5,383
LastPass works for me flawlessly.....saves having to remember them all when at the office or out and about....I also have them all written in a book.............Just in case!!!
call100 is offline   Reply With Quote
Old 10-07-2013, 13:04
TheBigM
Forum Member
 
Join Date: Aug 2004
Location: moon
Posts: 12,661
I use lastpass, works great and it's free.
TheBigM is offline   Reply With Quote
Old 10-07-2013, 14:14
Smiley433
Forum Member
 
Join Date: Apr 2006
Location: Location: Location
Posts: 3,553
I've nearly 100 logins for various sites gathered over the years. Some, as you say, are only used once and unlikely to be used again as it's for an online shop for a one-off purchase.

My passwords probably could be much more secure as I tend to use a similar one for most sites. Ones where I've stored payment details on a site have a different password, however.

I use the Firefox built-in password manager to log in to sites but it is told to never remember the password or ID for my online banking - for those I have to remember my ID and password.

Details are stored in an Excel spreadsheet so I can do a manual lookup in the event I've forgotton my login or password for a site. Now, if only I could remember my password for the spreadsheet...
Smiley433 is offline   Reply With Quote
Old 10-07-2013, 14:34
Mr Dos
Forum Member
 
Join Date: Nov 2012
Posts: 362
It's more likely to be a piece of code trying a dictionary, plus variants, 10,000 times a second.
Spot on. Although alphanumeric + upper/lower case are best, they are hard to remember and easy to mistype. I repair computers and its not uncommon for a customer to have passworded their computer with just upper + lower case, then promptly forgotten it.

A good method for a non dictionary password is to use the 1st letters of an easily remembered (relevant) phrase.
Mr Dos is offline   Reply With Quote
Old 10-07-2013, 14:36
chenks
Forum Member
 
Join Date: Jul 2002
Location: North Ayrshire
Posts: 10,308
mine is just 8 random lower and upper case characters (not a word or even close to being one).
chenks is online now Follow this poster on Twitter   Reply With Quote
Old 10-07-2013, 15:24
!!11oneone
Forum Member
 
Join Date: Sep 2005
Posts: 3,741
Use a system. For example the initial letters of the first line from your favourite song, year of birth, then letters derived from the site.

Using Twinkle Twinkle Little Star, your password for Digital Spy could be ttlshiwwya77disp - impossible for anyone else to guess, nonsensical so people looking over your shoulder can't read it, long enough that automatic crackers would struggle (these actually don't really work any more), contains no dictionary words, and impossible for you to forget.

Also, turn on 2-factor authentication on any sites that use it.
!!11oneone is offline   Reply With Quote
Old 10-07-2013, 16:37
TheBigM
Forum Member
 
Join Date: Aug 2004
Location: moon
Posts: 12,661
Use a system. For example the initial letters of the first line from your favourite song, year of birth, then letters derived from the site.

Using Twinkle Twinkle Little Star, your password for Digital Spy could be ttlshiwwya77disp - impossible for anyone else to guess, nonsensical so people looking over your shoulder can't read it, long enough that automatic crackers would struggle (these actually don't really work any more), contains no dictionary words, and impossible for you to forget.

Also, turn on 2-factor authentication on any sites that use it.
Actually, with the advent of GPGPU, OpenCL etc, using the power of massively parallel graphics cards has made brute-forcing quite practical again.
TheBigM is offline   Reply With Quote
Old 10-07-2013, 17:44
PrimalIce
Inactive Member
 
Join Date: Feb 2013
Posts: 2,539
What are others doing about this?

I'm not paranoid but I would like to know some good common sense approaches.
I wrote a program that takes a base password, a site name and produces a password based on that. I just click on the site from the list, input my base password and it then copies the generated password to the clipboard allowing it to be pasted into the login field. Although that last bit is a security issue I consider it an acceptable level of risk for the convenience.

So I have a different password for every site.
PrimalIce is offline   Reply With Quote
Old 10-07-2013, 18:49
Migster
Forum Member
 
Join Date: May 2006
Location: London
Posts: 3,406
It's a little nerdy, but there's an interesting/scarey article here on cracking hashed passwords. http://arstechnica.com/security/2013...our-passwords/
Migster is offline   Reply With Quote
Old 10-07-2013, 19:46
thenetworkbabe
Forum Member
 
Join Date: Jul 2003
Posts: 25,836
They say not to use the same password for multiple sites and to use strong ones to include symbols and numbers.

I have so many passwords to various sites that I quite often forget what the password is when I need it. Particularly on sites that save my login for a while or sites I don't frequent that regularly.

For example I have a ton of online accounts for various retailers but I might only buy something from them once a year in some cases.

I have resorted to writing them down but that defeats the object.

What are others doing about this?

How many of you use the same code on different sites?

How many of you commit them all to memory?

Should I be storing them in the Cloud?

Make a digital file and encrypt it?

I'm not paranoid but I would like to know some good common sense approaches.
Depends if you have lived or worked at many places and remember phone numbers, extension numbers, office numbers, staff numbers, and addresses or postcodes .If you have, and no one else knows them who could possibly hack you,you may have some very memorable passwords with numbers, letters, non dictionary words and capitals and you can mix up how you cut up and order them? If you live somewhere celtic, or somewhere else with hideous spellings, so much the better??
thenetworkbabe is offline   Reply With Quote
Old 10-07-2013, 20:26
christwo
Forum Member
 
Join Date: Feb 2006
Location: Cheltenham
Posts: 494
Has to be Last Pass, could not work without it
christwo is offline   Reply With Quote
Old 10-07-2013, 22:47
call100
Forum Member
 
Join Date: Mar 2005
Posts: 5,383
Are you hackable in your lifetime...Try your passwords here...How big is your Haystack?

I'll be long gone before they get mine.....
call100 is offline   Reply With Quote
Old 11-07-2013, 00:40
emptybox
Forum Member
 
Join Date: Mar 2006
Location: Scottish Borders
Posts: 10,813
Actually, with the advent of GPGPU, OpenCL etc, using the power of massively parallel graphics cards has made brute-forcing quite practical again.
But as I pointed out before, the simple step of locking the user out for 30 minutes after a third wrong attempt, will hold any automatic system up for months or years, even if your password is a simple word.

The only way round that would be to have thousands of computers working on the same password simultaneously.
(or is that what you mean by "massively parallel"?)
emptybox is offline   Reply With Quote
Old 11-07-2013, 02:11
eugenespeed
Forum Member
 
Join Date: May 2004
Location: HEED ARMY!!!!!
Posts: 29,485
Are you hackable in your lifetime...Try your passwords here...How big is your Haystack?

I'll be long gone before they get mine.....
Over 43 Centuries.

I'm a bit worried that someone in the year 47,073 will find out I ordered a DVD last week.
eugenespeed is offline Follow this poster on Twitter   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT +1. The time now is 10:28.