Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book General > News

Notices

Reply
 
Thread Tools Search this Thread
Old 03-06-2013, 05:19 PM   #16
ucfgrad93
Wizard
ucfgrad93 ought to be getting tired of karma fortunes by now.ucfgrad93 ought to be getting tired of karma fortunes by now.ucfgrad93 ought to be getting tired of karma fortunes by now.ucfgrad93 ought to be getting tired of karma fortunes by now.ucfgrad93 ought to be getting tired of karma fortunes by now.ucfgrad93 ought to be getting tired of karma fortunes by now.ucfgrad93 ought to be getting tired of karma fortunes by now.ucfgrad93 ought to be getting tired of karma fortunes by now.ucfgrad93 ought to be getting tired of karma fortunes by now.ucfgrad93 ought to be getting tired of karma fortunes by now.ucfgrad93 ought to be getting tired of karma fortunes by now.
 
ucfgrad93's Avatar
 
Posts: 2,299
Karma: 7782413
Join Date: Jun 2011
Location: Colorado
Device: Kindle Paperwhite 2nd Gen
Quote:
Originally Posted by Apache View Post
I have business and personal accounts in different banks. All of them have told me they are required to do so by the Fed.
Apache
My bank hasn't told me this.
ucfgrad93 is offline   Reply With Quote
Old 03-07-2013, 09:31 AM   #17
jersysman
Wizard
jersysman ought to be getting tired of karma fortunes by now.jersysman ought to be getting tired of karma fortunes by now.jersysman ought to be getting tired of karma fortunes by now.jersysman ought to be getting tired of karma fortunes by now.jersysman ought to be getting tired of karma fortunes by now.jersysman ought to be getting tired of karma fortunes by now.jersysman ought to be getting tired of karma fortunes by now.jersysman ought to be getting tired of karma fortunes by now.jersysman ought to be getting tired of karma fortunes by now.jersysman ought to be getting tired of karma fortunes by now.jersysman ought to be getting tired of karma fortunes by now.
 
jersysman's Avatar
 
Posts: 1,747
Karma: 3761220
Join Date: Mar 2011
Location: Pennsylvania
Device: T1 Red, Kindle Fire, Kindle PW, PW2, Nook HD+, Kobo Mini, Aura HD
I have had the same password at my banks for a long time and have not been asked to change any. Perhaps I should change it anyway to be on the safe side.
jersysman is offline   Reply With Quote
 
Advertisement
Old 03-07-2013, 11:45 AM   #18
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 889
Karma: 4383958
Join Date: Nov 2007
Device: Hanlin v3, iPad, Kindle 4NT
I'm not really sure changing passwords regularly leads to any better security. If you use a long enough and random enough password nobody is realistically going to brute force it, it's more likely the site/bank will throttle the connection attempts long before they've tested more than a few possibilities.

I bet most people who have to change passes often end up using simpler and simpler passwords.

Only time password changes are really really important is when you believe either a machine you use or the site you used was compromised.
JoeD is offline   Reply With Quote
Old 03-07-2013, 01:21 PM   #19
medard
Wizard
medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.
 
medard's Avatar
 
Posts: 1,014
Karma: 5591936
Join Date: May 2012
Device: Electronic Paper
It's much easier to backup your notes yourself like people did in the past 2'000 years than changing passwords every two months.
medard is offline   Reply With Quote
Old 03-07-2013, 02:55 PM   #20
Ninjalawyer
Guru
Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.Ninjalawyer ought to be getting tired of karma fortunes by now.
 
Ninjalawyer's Avatar
 
Posts: 823
Karma: 18464912
Join Date: Jun 2011
Location: Canada
Device: Kobo Touch, Nexus 7 (2013)
Quote:
Originally Posted by medard View Post
It's much easier to backup your notes yourself like people did in the past 2'000 years than changing passwords every two months.
True, but paper notes aren't searchable or everywhere I am.
Ninjalawyer is offline   Reply With Quote
Old 03-07-2013, 07:21 PM   #21
medard
Wizard
medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.medard ought to be getting tired of karma fortunes by now.
 
medard's Avatar
 
Posts: 1,014
Karma: 5591936
Join Date: May 2012
Device: Electronic Paper
Yeah, that's an advantage actually.

Ernest Hemingway would never use Evernote. It's not cool enough.



Source: The Art of Manliness - The Pocket Notebooks of 20 Famous Men
medard is offline   Reply With Quote
Old 03-08-2013, 09:27 PM   #22
Canuck_in_Japan
Wizard
Canuck_in_Japan ought to be getting tired of karma fortunes by now.Canuck_in_Japan ought to be getting tired of karma fortunes by now.Canuck_in_Japan ought to be getting tired of karma fortunes by now.Canuck_in_Japan ought to be getting tired of karma fortunes by now.Canuck_in_Japan ought to be getting tired of karma fortunes by now.Canuck_in_Japan ought to be getting tired of karma fortunes by now.Canuck_in_Japan ought to be getting tired of karma fortunes by now.Canuck_in_Japan ought to be getting tired of karma fortunes by now.Canuck_in_Japan ought to be getting tired of karma fortunes by now.Canuck_in_Japan ought to be getting tired of karma fortunes by now.Canuck_in_Japan ought to be getting tired of karma fortunes by now.
 
Canuck_in_Japan's Avatar
 
Posts: 1,224
Karma: 8386579
Join Date: May 2009
Location: Tokyo, Japan
Device: iTouch, Jetbook, PRS 650, Aura HD
Quote:
Originally Posted by medard View Post
Yeah, that's an advantage actually.

Ernest Hemingway would never use Evernote. It's not cool enough.



Source: The Art of Manliness - The Pocket Notebooks of 20 Famous Men
Awesome!
Canuck_in_Japan is online now   Reply With Quote
Old 03-10-2013, 02:06 PM   #23
sadievan
Wizard
sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.
 
sadievan's Avatar
 
Posts: 1,801
Karma: 3000000
Join Date: Nov 2010
Device: Kindle Paperwhite 2, iPhone, Kindle Fire HD 6
Quote:
Originally Posted by Apache View Post
Anytime you have a password written down someone can use it. Even if you have it stored encrypted electronically it can be hacked. The only safe password is the one that stays in your brain and nowhere else.
Every one of my employees that has access to my security system has his own unique code. Whenever my system is accessed it is logged and I receive email and text alerts allowing me to see which code is being used. Your security is important and everyone should always be aware of theirs.
Apache
If you get an email or text telling you which code is used, isn't that password being transmitted? I'm confused.

Carol
sadievan is offline   Reply With Quote
Old 03-10-2013, 11:56 PM   #24
Freeshadow
temp. out of service
Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.
 
Posts: 2,332
Karma: 12999524
Join Date: May 2010
Location: Duisburg (DE)
Device: BeBook mini
Say you set codes for 5 users. Give nr. 3 to janitor Joe. He enters at 2230 you get msg: 2230; Usercode 3 used for unlock.
Freeshadow is offline   Reply With Quote
Old 03-11-2013, 12:20 AM   #25
Freeshadow
temp. out of service
Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.Freeshadow ought to be getting tired of karma fortunes by now.
 
Posts: 2,332
Karma: 12999524
Join Date: May 2010
Location: Duisburg (DE)
Device: BeBook mini
Quote:
Originally Posted by Apache View Post
I have multiple passwords of differing difficulties depending on the sites.
Apache
That. The best long ones are alphanumeric string abbreviations of complete passphrases. An example:

"My mistress eyes are nothing like the sun" becomes:
M
m
e
R (for ar)
-t (- for no t for thing)
l
t
s

An easy to remember sentence becomes a mnemonic key for: "mmeR-tlts"
Now think of some sentences containing the words "and"; "free" or "at" these could be replaced with: & _ @
Its logical - thus easier to remember.
replace numerals with numbers.
All this gives a nice long mix far away from any dictionary. And you have to remember 1 sentence.
Freeshadow is offline   Reply With Quote
Old 03-11-2013, 07:49 AM   #26
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 889
Karma: 4383958
Join Date: Nov 2007
Device: Hanlin v3, iPad, Kindle 4NT
Quote:
Originally Posted by sadievan View Post
If you get an email or text telling you which code is used, isn't that password being transmitted? I'm confused.

Carol
If a code is used as a password to gain entry to a system, there should be no way the system should ever email out or text the code, it shouldn't have any idea what the code is. Although things may work differently for physical entry systems to computers, because with computers the username is the "code" and the password is a secret. In access system the two are rolled into one.

For physical access systems that are just a single code based one, there's no alternative but to provide lots of different codes to identify different people. The reduction is strength of the system due to many codes been valid is worth it in exchange for knowing who/when has accessed it.

What you would normally do for audit logs with a computer login though is have users login with user/pass, generate a hash from their password, compare that hash+salt to the stored hash to see if they match. If they do, allow the user in and log success/failure (or rather a % of failures if there's a surge to avoid dos). In addition to that, success attempts could trigger an email/sms to say user X logged in.

X could be a real username or another identifier that IDs a user.

Either way, the system doesn't know (and shouldn't know) the real password so cannot nor should it be able to email it.

Regarding passwords stored electronically/written down or in your head. Well that's the real problem that password safes were created to try to solve.

In order for people to use strong passwords and a unique one for each site they use, there's no way to remember them all unless you only use a single bank and a handful of sites. Just an average internet user will end up with banks, forums, shopping sites, kindles, computers, email... iow tons of passwords to remember.

The options are, either hope you're going to remember them, write them down or use a password safe.

Jury may be out, but in some ways writing them down may be more secure than a password safe because the chances of your home been burgled may be less than the chance of you PC been hacked. Hacked PC + key logger that logs the master password and copies the DB gives access to every pass you have ever made.

However, if your password safe is on a offline device such as an old mobile phoneor pda or laptop (none of which you use online/on a network), then you get the security level of a password safe if you are burgled but also remove the risk of hacking getting your DB or master pass.

Remembering passwords is the most secure (but also problematic for large numbers of secure passwords). Writing it down vs Pass Safe really depends on the environment you use computers in and/or where your pass safe is stored.

Any of those three though are better than compromising the strength of passwords hoping to remember them all. Brute force login attempts are much more likely to occur than someone hacking your PC.

As it happens, if you use a set of sites/devices frequently enough you'll eventually remember even a random password. But the safe remains a memory failsafe
JoeD is offline   Reply With Quote
Old 03-11-2013, 07:57 AM   #27
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 889
Karma: 4383958
Join Date: Nov 2007
Device: Hanlin v3, iPad, Kindle 4NT
Quote:
Originally Posted by Freeshadow View Post
That. The best long ones are alphanumeric string abbreviations of complete passphrases. An example:

"My mistress eyes are nothing like the sun" becomes:
This doesn't solve the problem for people with many passwords though.

If you only have 5-6 passwords to remember it may make it easier for people to remember them. If however you use quite a few web forums or different shopping sites the number of passwords grows rapidly and then you either use the same phrases for a few sites or have an issue remember which phrases you used.

A light internet user may have only a few passwords such as computer login, email, facebook, maybe a phone web login, a bank and credit card login. That's 5-6 but doesn't include web forums, shopping sites, device accounts like Apple ID, gaming passwords, phone pin, bank and cc pins and so on. It doesn't take much before the number of passwords an internet user needs to remember has grown to quite a few.

Add in sites that require you use at least one upper case, one number, or two uppercase or other site specific rules and you have to then remember how you adjusted your phrase to account for that.

I'm basing this not just on my own opinion though, but also an admittedly minute sampling too, a few friends used the method you suggested One still uses it, but they only have a couple of logins. The others stopped after they hit double figures on passwords.

That said, IF a person finds it easier to remember lots of phrases and it helps them use longer slightly more random passwords, then it's a step in the right direction because the biggest threat login wise atm imo is either brute force login attempts or brute forcing of stolen hash DBs. Unless you get a trojan of course

Last edited by JoeD; 03-11-2013 at 08:22 AM.
JoeD is offline   Reply With Quote
Old 03-11-2013, 09:57 AM   #28
Kumabjorn
Basculocolpic
Kumabjorn ought to be getting tired of karma fortunes by now.Kumabjorn ought to be getting tired of karma fortunes by now.Kumabjorn ought to be getting tired of karma fortunes by now.Kumabjorn ought to be getting tired of karma fortunes by now.Kumabjorn ought to be getting tired of karma fortunes by now.Kumabjorn ought to be getting tired of karma fortunes by now.Kumabjorn ought to be getting tired of karma fortunes by now.Kumabjorn ought to be getting tired of karma fortunes by now.Kumabjorn ought to be getting tired of karma fortunes by now.Kumabjorn ought to be getting tired of karma fortunes by now.Kumabjorn ought to be getting tired of karma fortunes by now.
 
Kumabjorn's Avatar
 
Posts: 4,065
Karma: 20131415
Join Date: Jul 2010
Location: Sweden
Device: Kindle 3 WiFi, Kindle 4SO, Kindle for Android, Sony PRS-350 and PRS-T1
Quote:
Originally Posted by Ninjalawyer View Post
I'm somewhat guilty of this. Aside from my bank and email accounts, I was using the same password for most sites with a login.

As of yesterday though, I've started using LastPass, and now have a different password for every site. The passwords are generally 12 to 16 character long strings of random letters, numbers and symbols to avoid an easy dictionary-based attacks, and I've also setup two-factor authentication where it's available. Even with all that, I still feel like my data on any given site is easy prey to a hacker with enough time or skill.

Edit

If anyone is interested in setting up a password manager, LifeHacker has a tutorial on LastPass here.
How does that work over devices?
Having it on the PC is fine, but what happens when you need it on a tablet and phone as well? And what do you do if you want to change passwords every two weeks or so?
Kumabjorn is offline   Reply With Quote
Old 03-11-2013, 12:31 PM   #29
CWatkinsNash
IOC Chief Archivist
CWatkinsNash ought to be getting tired of karma fortunes by now.CWatkinsNash ought to be getting tired of karma fortunes by now.CWatkinsNash ought to be getting tired of karma fortunes by now.CWatkinsNash ought to be getting tired of karma fortunes by now.CWatkinsNash ought to be getting tired of karma fortunes by now.CWatkinsNash ought to be getting tired of karma fortunes by now.CWatkinsNash ought to be getting tired of karma fortunes by now.CWatkinsNash ought to be getting tired of karma fortunes by now.CWatkinsNash ought to be getting tired of karma fortunes by now.CWatkinsNash ought to be getting tired of karma fortunes by now.CWatkinsNash ought to be getting tired of karma fortunes by now.
 
CWatkinsNash's Avatar
 
Posts: 3,485
Karma: 32762584
Join Date: Dec 2010
Location: Nashville, TN, USA
Device: Nook STR Glowlight, Sony T1, Acer Iconia A200
Quote:
Originally Posted by Kumabjorn View Post
How does that work over devices?
Having it on the PC is fine, but what happens when you need it on a tablet and phone as well? And what do you do if you want to change passwords every two weeks or so?
They have mobile device apps (iOS, Android, Win, Symbian, Blackberry, WebOS) available with LastPass Premium, which is $12US / year. On my tablet, I have the LastPass extension for Dolphin browser in addition to the regular LastPass app.

Changing passwords is pretty easy. It usually detects that you've changed your password and asks you to save the changes. If it doesn't detect it, it's easy to pull up that site info from the vault and make the changes.

It's not flawless, sometimes you have to manually tell it that you're on a login page depending on the site design, but with the browser extensions, it's available at all times so at the most you might have to click an extra time or two to fill in your info. I've been using it for at least a couple of years now, and have had premium for the last 5 months or so.

You can even set different security options for devices / sites. For ex, on my home desktop, I leave LastPass logged in, but I have some sites set to require the LastPass main password every time, like Paypal.
CWatkinsNash is offline   Reply With Quote
Old 03-11-2013, 01:18 PM   #30
sadievan
Wizard
sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.sadievan ought to be getting tired of karma fortunes by now.
 
sadievan's Avatar
 
Posts: 1,801
Karma: 3000000
Join Date: Nov 2010
Device: Kindle Paperwhite 2, iPhone, Kindle Fire HD 6
Quote:
Originally Posted by JoeD View Post
Regarding passwords stored electronically/written down or in your head. Well that's the real problem that password safes were created to try to solve.

In order for people to use strong passwords and a unique one for each site they use, there's no way to remember them all unless you only use a single bank and a handful of sites. Just an average internet user will end up with banks, forums, shopping sites, kindles, computers, email... iow tons of passwords to remember.

The options are, either hope you're going to remember them, write them down or use a password safe.

Jury may be out, but in some ways writing them down may be more secure than a password safe because the chances of your home been burgled may be less than the chance of you PC been hacked. Hacked PC + key logger that logs the master password and copies the DB gives access to every pass you have ever made.

However, if your password safe is on a offline device such as an old mobile phoneor pda or laptop (none of which you use online/on a network), then you get the security level of a password safe if you are burgled but also remove the risk of hacking getting your DB or master pass.

Remembering passwords is the most secure (but also problematic for large numbers of secure passwords). Writing it down vs Pass Safe really depends on the environment you use computers in and/or where your pass safe is stored.

Any of those three though are better than compromising the strength of passwords hoping to remember them all. Brute force login attempts are much more likely to occur than someone hacking your PC.

As it happens, if you use a set of sites/devices frequently enough you'll eventually remember even a random password. But the safe remains a memory failsafe
I have heard the method Freeshadow mentioned to be a good one before. It was also suggested along with the abbreviations to use the letter or name of the site. For example using Freeshadow's method for Mobieread you could do something like, 'mr_mmeR-tlts'

OT. Would be interested in your feedback in a thread I started regarding iCloud vs Google vs Outlook - Here

Carol
sadievan is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Classic Passwords etc Pomtroll Barnes & Noble NOOK 3 04-03-2013 02:25 PM
News for PRS-T2 Users: EVERNOTE passwords were hacked gardenstate Sony Reader 1 03-03-2013 07:08 AM
PRS-T1 problem with passwords Priscillux Sony Reader 10 11-13-2011 05:30 PM
Passwords, mashwords.......... carpetmojo News 32 05-03-2011 07:49 PM
Confused by behavior of two pdfs w/permissions passwords, but no open passwords/DRM grr PDF 0 12-21-2009 03:21 PM


All times are GMT -4. The time now is 06:16 PM.


MobileRead.com is a privately owned, operated and funded community.