Posted on 06/06/2013 12:51:37 PM PDT by nickcarraway
“If you want to avoid having your identity stolen, use long passwords that contain digits, punctuation and no recognizable words. Make up a different password for every Web site. And change all of your passwords every 30 days.”
Have these security pundits ever listened to themselves?
That advice is clearly unfollowable. I currently have account names and passwords for 87 Web sites (banks, airlines, blogs, shopping, e-mail, Facebook, Twitter). How is anyone — even a security professional — supposed to memorize 87 long, complex password strings, let alone remember which goes with which Web site?
So most people use the same password over and over again, and live with the guilt.
There are solutions. Most Mac and Windows Web browsers now offer to memorize passwords for you. But that feature doesn’t work on all Web sites, and is generally of little help when you pick up your phone or tablet. At that point, the only person you’ve locked out of all your online accounts is you.
The only decent solution is to install a dedicated password memorization program (like Roboform, KeyPass, LastPass, 1Password, and so on). Last week, one of the best was just improved: Dashlane, now at 2.0. It’s attractive, effective, loaded with timesaving features and available for Mac, Windows, iPhone and Android — and it’s free.
Installation is quick. Dashlane works in Safari, Chrome, Internet Explorer and Firefox. It can import existing password “vaults” from rival programs.
(Excerpt) Read more at nytimes.com ...
I just use XXX file. :-)
I have a bout 4 or 5 that I use at various sites.
Well, aren’t you going to post them, so we can determine if they are secure? ;)
that made me laugh out loud!
Of course there are no web developers who would be stupid enough to send passwords over clear text...
Password length adds much more entropy to a password than fancy characters, anyway. "PencilButterShingleHorse" is twice as strong as something like, "Tr@psh00ter87".
“Just rename the file something innocuous...like “maindb” and then stick a .dll extension on it. It will still open in Word as a doc file but is easily overlooked by anyone snooping.”
Yes, Word will still be able to read it, but if they double click the file, Word won’t open it, because the file type association for dll files is not MS Word. They’d have to manually open it through the file menu.
That's kind of the point. It adds a modicum of security. It won't open via double click for those who are snooping but it will open for the owner via right click >> open with...
And who would even be inclined to double click a .dll file?
I work in some on line financials that require me to reset my PW every 3 to 6 weeks. After a while it just gets impossible to remember what your current PW is.
Good point.
I keep all of my passwords in separate NoteTab text files, on an external 2Tb WD My Book back-up drive, in an unobtrusive folder. I’m just not a fan of password managers, or browsers filling-in forms; too much risk, IMO.
From the article, pg 2:
“They’re all stored on your own computer, encoded by the AES-256 encryption method, an open-source standard approved by the National Security Agency.”
That right there scares the crap out of me.
I forget passwords that I rarely use, but ironically, my email has been hacked twice and once I got a fake email from Amazon asking me to reaffirm my credit card (the day after I ordered something).
In other words, you can have the most complicated password in the world, but if they hack into the servers, they will get it.
“And who would even be inclined to double click a .dll file?”
Your average end user. You don’t know how many times I’ve told people “run the Setup file” and they say “it’s not doing anything”, only to find out they are clicking setup.dll instead of setup.exe. For most people, an application is still something they fill out when they want a job.
It's deceptively simple because if I ever forget it, all I have do is think about what they are looking for...password. That's it!
Lately they've been tripping me up on some websites by demanding that the password contain numbers and not just letters. But I outsmarted them because I simply put in "pa55word" for a password and it is once again easy to remember.
Now some may say that making my password "password" is stupid but think about it. Who would ever think to try "password" if they are trying to hack into an account?
Haha! Too true. I call them Lusers.
SamAdams76, I hope that was sarcasm.
Ever heard of a rainbow table?
Pretty much all variations on the word “password” are breakable...quickly!
And it would be even better to back date the file’s date / time stamps.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.