03-06-2013, 04:19 PM | #16 |
Wizard
Posts: 2,360
Karma: 9026681
Join Date: Jun 2011
Location: Colorado
Device: Kindle Paperwhite 2nd Gen
|
|
03-07-2013, 08:31 AM | #17 |
Wizard
Posts: 1,747
Karma: 3761220
Join Date: Mar 2011
Location: Pennsylvania
Device: T1 Red, Kindle Fire, Kindle PW, PW2, Nook HD+, Kobo Mini, Aura HD
|
I have had the same password at my banks for a long time and have not been asked to change any. Perhaps I should change it anyway to be on the safe side.
|
Advert | |
|
03-07-2013, 10:45 AM | #18 |
Guru
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
I'm not really sure changing passwords regularly leads to any better security. If you use a long enough and random enough password nobody is realistically going to brute force it, it's more likely the site/bank will throttle the connection attempts long before they've tested more than a few possibilities.
I bet most people who have to change passes often end up using simpler and simpler passwords. Only time password changes are really really important is when you believe either a machine you use or the site you used was compromised. |
03-07-2013, 12:21 PM | #19 |
Wizard
Posts: 1,014
Karma: 5595784
Join Date: May 2012
Device: Electronic Paper
|
It's much easier to backup your notes yourself like people did in the past 2'000 years than changing passwords every two months.
|
03-07-2013, 01:55 PM | #20 |
Guru
Posts: 826
Karma: 18573626
Join Date: Jun 2011
Location: Canada
Device: Kobo Touch, Nexus 7 (2013)
|
|
Advert | |
|
03-07-2013, 06:21 PM | #21 |
Wizard
Posts: 1,014
Karma: 5595784
Join Date: May 2012
Device: Electronic Paper
|
Yeah, that's an advantage actually.
Ernest Hemingway would never use Evernote. It's not cool enough. Source: The Art of Manliness - The Pocket Notebooks of 20 Famous Men |
03-08-2013, 08:27 PM | #22 | |
Wizard
Posts: 1,474
Karma: 14328611
Join Date: May 2009
Location: Tokyo, Japan
Device: Aura, Aura H2O, Kindle PW3
|
Quote:
|
|
03-10-2013, 01:06 PM | #23 | |
Wizard
Posts: 1,931
Karma: 5456284
Join Date: Nov 2010
Device: Kindle Paperwhite 2, iPhone, Kindle Fire HD 6
|
Quote:
Carol |
|
03-10-2013, 10:56 PM | #24 |
temp. out of service
Posts: 2,787
Karma: 24285242
Join Date: May 2010
Location: Duisburg (DE)
Device: PB 623
|
Say you set codes for 5 users. Give nr. 3 to janitor Joe. He enters at 2230 you get msg: 2230; Usercode 3 used for unlock.
|
03-10-2013, 11:20 PM | #25 | |
temp. out of service
Posts: 2,787
Karma: 24285242
Join Date: May 2010
Location: Duisburg (DE)
Device: PB 623
|
Quote:
"My mistress eyes are nothing like the sun" becomes: M m e R (for ar) -t (- for no t for thing) l t s An easy to remember sentence becomes a mnemonic key for: "mmeR-tlts" Now think of some sentences containing the words "and"; "free" or "at" these could be replaced with: & _ @ Its logical - thus easier to remember. replace numerals with numbers. All this gives a nice long mix far away from any dictionary. And you have to remember 1 sentence. |
|
03-11-2013, 06:49 AM | #26 | |
Guru
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
Quote:
For physical access systems that are just a single code based one, there's no alternative but to provide lots of different codes to identify different people. The reduction is strength of the system due to many codes been valid is worth it in exchange for knowing who/when has accessed it. What you would normally do for audit logs with a computer login though is have users login with user/pass, generate a hash from their password, compare that hash+salt to the stored hash to see if they match. If they do, allow the user in and log success/failure (or rather a % of failures if there's a surge to avoid dos). In addition to that, success attempts could trigger an email/sms to say user X logged in. X could be a real username or another identifier that IDs a user. Either way, the system doesn't know (and shouldn't know) the real password so cannot nor should it be able to email it. Regarding passwords stored electronically/written down or in your head. Well that's the real problem that password safes were created to try to solve. In order for people to use strong passwords and a unique one for each site they use, there's no way to remember them all unless you only use a single bank and a handful of sites. Just an average internet user will end up with banks, forums, shopping sites, kindles, computers, email... iow tons of passwords to remember. The options are, either hope you're going to remember them, write them down or use a password safe. Jury may be out, but in some ways writing them down may be more secure than a password safe because the chances of your home been burgled may be less than the chance of you PC been hacked. Hacked PC + key logger that logs the master password and copies the DB gives access to every pass you have ever made. However, if your password safe is on a offline device such as an old mobile phoneor pda or laptop (none of which you use online/on a network), then you get the security level of a password safe if you are burgled but also remove the risk of hacking getting your DB or master pass. Remembering passwords is the most secure (but also problematic for large numbers of secure passwords). Writing it down vs Pass Safe really depends on the environment you use computers in and/or where your pass safe is stored. Any of those three though are better than compromising the strength of passwords hoping to remember them all. Brute force login attempts are much more likely to occur than someone hacking your PC. As it happens, if you use a set of sites/devices frequently enough you'll eventually remember even a random password. But the safe remains a memory failsafe |
|
03-11-2013, 06:57 AM | #27 | |
Guru
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
Quote:
If you only have 5-6 passwords to remember it may make it easier for people to remember them. If however you use quite a few web forums or different shopping sites the number of passwords grows rapidly and then you either use the same phrases for a few sites or have an issue remember which phrases you used. A light internet user may have only a few passwords such as computer login, email, facebook, maybe a phone web login, a bank and credit card login. That's 5-6 but doesn't include web forums, shopping sites, device accounts like Apple ID, gaming passwords, phone pin, bank and cc pins and so on. It doesn't take much before the number of passwords an internet user needs to remember has grown to quite a few. Add in sites that require you use at least one upper case, one number, or two uppercase or other site specific rules and you have to then remember how you adjusted your phrase to account for that. I'm basing this not just on my own opinion though, but also an admittedly minute sampling too, a few friends used the method you suggested One still uses it, but they only have a couple of logins. The others stopped after they hit double figures on passwords. That said, IF a person finds it easier to remember lots of phrases and it helps them use longer slightly more random passwords, then it's a step in the right direction because the biggest threat login wise atm imo is either brute force login attempts or brute forcing of stolen hash DBs. Unless you get a trojan of course Last edited by JoeD; 03-11-2013 at 07:22 AM. |
|
03-11-2013, 08:57 AM | #28 | |
Basculocolpic
Posts: 4,356
Karma: 20181319
Join Date: Jul 2010
Location: Sweden
Device: Kindle 3 WiFi, Kindle 4SO, Kindle for Android, Sony PRS-350 and PRS-T1
|
Quote:
Having it on the PC is fine, but what happens when you need it on a tablet and phone as well? And what do you do if you want to change passwords every two weeks or so? |
|
03-11-2013, 11:31 AM | #29 | |
IOC Chief Archivist
Posts: 3,950
Karma: 53868218
Join Date: Dec 2010
Location: Fruitland Park, FL, USA
Device: Meebook M7, Paperwhite 2021, Fire HD 8+, Fire HD 10+, Lenovo Tab P12
|
Quote:
Changing passwords is pretty easy. It usually detects that you've changed your password and asks you to save the changes. If it doesn't detect it, it's easy to pull up that site info from the vault and make the changes. It's not flawless, sometimes you have to manually tell it that you're on a login page depending on the site design, but with the browser extensions, it's available at all times so at the most you might have to click an extra time or two to fill in your info. I've been using it for at least a couple of years now, and have had premium for the last 5 months or so. You can even set different security options for devices / sites. For ex, on my home desktop, I leave LastPass logged in, but I have some sites set to require the LastPass main password every time, like Paypal. |
|
03-11-2013, 12:18 PM | #30 | |
Wizard
Posts: 1,931
Karma: 5456284
Join Date: Nov 2010
Device: Kindle Paperwhite 2, iPhone, Kindle Fire HD 6
|
Quote:
OT. Would be interested in your feedback in a thread I started regarding iCloud vs Google vs Outlook - Here Carol |
|
Thread Tools | Search this Thread |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Classic Passwords etc | Pomtroll | Barnes & Noble NOOK | 3 | 04-03-2013 01:25 PM |
News for PRS-T2 Users: EVERNOTE passwords were hacked | gardenstate | Sony Reader | 1 | 03-03-2013 06:08 AM |
PRS-T1 problem with passwords | Priscillux | Sony Reader | 10 | 11-13-2011 04:30 PM |
Passwords, mashwords.......... | carpetmojo | News | 32 | 05-03-2011 06:49 PM |
Confused by behavior of two pdfs w/permissions passwords, but no open passwords/DRM | grr | 0 | 12-21-2009 02:21 PM |