Thread: EVERNOTE passwords were hacked
View Single Post
Old 03-11-2013, 12:18 PM   #30
sadievan
Wizard
sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.
 
sadievan's Avatar
 
Posts: 1,931
Karma: 5456284
Join Date: Nov 2010
Device: Kindle Paperwhite 2, iPhone, Kindle Fire HD 6
Quote:
Originally Posted by JoeD View Post
Regarding passwords stored electronically/written down or in your head. Well that's the real problem that password safes were created to try to solve.

In order for people to use strong passwords and a unique one for each site they use, there's no way to remember them all unless you only use a single bank and a handful of sites. Just an average internet user will end up with banks, forums, shopping sites, kindles, computers, email... iow tons of passwords to remember.

The options are, either hope you're going to remember them, write them down or use a password safe.

Jury may be out, but in some ways writing them down may be more secure than a password safe because the chances of your home been burgled may be less than the chance of you PC been hacked. Hacked PC + key logger that logs the master password and copies the DB gives access to every pass you have ever made.

However, if your password safe is on a offline device such as an old mobile phoneor pda or laptop (none of which you use online/on a network), then you get the security level of a password safe if you are burgled but also remove the risk of hacking getting your DB or master pass.

Remembering passwords is the most secure (but also problematic for large numbers of secure passwords). Writing it down vs Pass Safe really depends on the environment you use computers in and/or where your pass safe is stored.

Any of those three though are better than compromising the strength of passwords hoping to remember them all. Brute force login attempts are much more likely to occur than someone hacking your PC.

As it happens, if you use a set of sites/devices frequently enough you'll eventually remember even a random password. But the safe remains a memory failsafe
I have heard the method Freeshadow mentioned to be a good one before. It was also suggested along with the abbreviations to use the letter or name of the site. For example using Freeshadow's method for Mobieread you could do something like, 'mr_mmeR-tlts'

OT. Would be interested in your feedback in a thread I started regarding iCloud vs Google vs Outlook - Here

Carol
sadievan is offline   Reply With Quote