Forum menu
Keep them different
For important stuff. If you crack my STW password you could probably impersonate me on a handful of other forums, that's about it.
Latin names
its easier to allocate something memorable to an organisation or group of organisations
Usefully, latin names start with a capital letter too
you can then throw in an order (like 01,02,03) or year at the end for when you forget and need to renew, or you can turn a symbol in the word to a number
So, for example Singletrackworld password gets remembered as 'dog' and typed in as
Canisfamiliaris13 or
Canisfamiliar1s
But its nice and easy to remember "dog"
set up 2 factor authentication on anything [b]that offers it[/b]
Tend to use it on everything that happens to offer it, almost silly not to.
This sums it up nicely, imo:
Don't get hung up on the password thing. The biggest threats are either outside your control (cf Adobe etc) or addressable by other means (so malware protection etc). For genuinely important stuff, multi-factor is the way to go (hence banks go this route now).
One of my pet hates is the current culture which suggests passwords make things safer. At work I need a variety of codes for doors and passwords to use various programmes...
Front door code
Changing room door code
Air tube system door code
Office code
Boss's office door code
Drug room code
IV store code
Computer password
My email password
Electronic prescribing password
Patient management password
Blood test label password
Blood results password
Regional bed status password
Blood glucose machine password
X-ray viewer password
Some of them last for a year, some last for a month, none of the passwords can be re-used.
Every new system that we use involves some kind of password, and everyone involved in training us thinks password security is great...
We just write them all down.
That's the beauty of NHS IT. One previous trust I worked for demanded a password change every three months - so everyone's password was "spring14" (or the next relevant season)...
Just write them down. Password security is more about password hacking and cyber threats, than someone coming in James bond style and stealing a scrap of paper hidden in some random drawer or place in your house.
One basic core password for everything with a unique symbol and jan14 feb14 mar14 as the months go by. All you have to do is remember the symbol for each account.
I keep myself logged in to as much as I can, and when that fails click where it says 'Forgot password'
[i]"Your password will expire in 3 days. Do you want to change it now?" [/i]
bring me solutions, not problems.
Not sure why I'd need a protected database on my password protected phone.
The database is likely to be encrypted, whereas the phone is not. I suspect that it's relatively easy to get data off a password-protected phone.
I started using 1Password, in conjunction with iCloud Keychain on the phone, seems a decent compromise. This means I just have to remember one 'strong' password, which I have written down, split into 2, in case I forget it.
Probably would not have bothered, if I hadn't got 1Password for £12 in the sale.
Bear in mind that "words" are vulnerable due to dictionary attacks, but whilst individual words are in a dictionary strings of words are not. When cracking passwords, you cannot crack the first word and then go "great, we've got one!" and crack the second word outside of Hollywood(*).A password attempt either matches or it doesn't, the scenario where the heroes are running around a huge display going "he's got another one, only six characters to go!" is pure science fiction. If it did work like that, you could crack a password the length of a novel in less than the time it took me to write this sentence.
(* - and NTLM)
think you are confusing NTLM and LM there
One basic core password for everything with a unique symbol and jan14 feb14 mar14 as the months go by. All you have to do is remember the symbol for each account.
loved that approach when i was in school, managed to get a password hash from an admin and then had their password policy until we left.
+1 for keepass, with the DB on dropbox, google drive or whatever
There is an android & possibly an iphone app, so your passwords are available all the time via whatever device.
think you are confusing NTLM and LM there
Well spotted, yes. Been a while.
Thanks to Apple I've changed my password to something stupidly complicated that automatically securely shares across my Apple devices.
keepass
But what about the social stigma of a program on your phone, PC etc called KeepAss??
Quick password question, and i remember seeing this thread a few weeks ago, so thought i would keep things tidy and recycle/reuse.
Just bought a NAS cloud drive thing for the house, and i think today is as good a day as any to change the password i use for everything, which i was issued with in year 7 at school. (age 10... ish)
Question is, what are my limits for these passwords?
Minimum 8 letters
often must contain numbers so they might as well all contain numbers.
Is there a standard maximum letter limit?
+1 Keepass with encrypted database on Dropbox but then for added security you can setup Keepass so that as well as the main password it needs a keyfile to decrypt the DB. I manually add the keyfile to the devices/PC's I use Keepass on.
Keepass can then be setup to use on each individual login whatever password rules are in place for that particular site/system, length of password, characters used and so on and then generate a random password.
Pictures work better than numbers. For instance if you have a number sequence - 5837 you make the numbers pictures in your head like instead of five you think of a "bee hive" instead of eight you think of a "gate" instead of three you think of a "tree" and seven would be "heaven".
o your number is beehive, gate, tree, heaven. You have to picture it and it become easy to remember 🙂
I use a famous rapper's real name, capitals in the right place. I use it for most things. Never had a problem until I had to explain to my girlfriend what it was!
I use the same, alphanum salt for all passwords followed by the site (fulllength or acronym). I got fed up of forgetting passwords, master passwords and losing notes.
i.e.
z123aBc0stw
z123aBc0google
However, as soon as one is compromised it won't take a rocket scientist to work out the others. Oh well.
Just use a phrase with the correct use of an apostrophe in it - that rules out most people getting it.
Use the same phrase for all sites with extra pre/suffix taken from each site to personalise in the event of an attack.
A bit like PIN numbers: Cards 1...n, and choose a 3 digit PIN, say 123, so full PINs would be 1123, 2123, 3123... Just remember the order of your cards. Simples.