Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Password madness!

  1. #1
    Member Array
    Join Date
    Nov 2017
    Posts
    12
    Likes (Given)
    0
    Likes (Received)
    0

    Default Password madness!

    Anyone else stressed out by the constant required password changes when it comes to email, facebook, etc?

    The progression of my password over the years has been something like this

    Password:apple

    .......a year later.....
    "To increase security, please add a capital letter to your password"
    Password: Apple

    .......a year later.....
    "To increase account security, your password must be longer than 5 characters, please change your password"
    Password: Appleapple

    .......a year later.....
    "To increase account security, your password should have a non letter character such as a number, please change your password"
    Password: Appleapple1

    ......a year later.....
    "To increase account security, your password must have a special character, please change your password"
    Password: Appleapple1!

    Of all my different password requiring applications, I have a variety of versions of passwords, anytime my auto fill in ''forgets'' my password, I have to go through the list of password variations. Of course I end up getting it wrong three times, and then I have to decipher the security captcha image...

    Will the madness ever end?

  2. The Franchise Blueprint
  3. #2
    Post Impressionist Array vangogh's Avatar
    Join Date
    Aug 2008
    Location
    Boulder, Colorado
    Posts
    15,023
    Likes (Given)
    252
    Likes (Received)
    510

    Default

    It's not madness. It's to help protect you (and everyone else who uses the sites) by enforcing tighter security. A password like apple can be cracked in seconds and a password like Appleapple1! might take a few minutes.

    I understand having so many different passwords can get confusing. There are password management apps you can use. The apps will generate long secure passwords. You only ever need to remember the one master password that unlocks the app. Two popular ones are 1Password and Lastpass. Both charge a monthly fee and I think they work on MacOS/iOS and Windows/Android.
    l Join me as I share my creative process and journey as a writer | StevenBradley.me
    l Design, Development, Marketing, and SEO Tutorials | Steven Bradley's Notebook
    l Get my book about Design Fundamentals

  4. #3
    Rockin' the Casbah Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,524
    Likes (Given)
    1038
    Likes (Received)
    959

    Default

    I agree it's madness, but necessary. I agree with VG that a password manager is a good idea, although anything with a single point of failure bothers me.
    I have been using LastPass recently, but I don't put everything in it.

    I keep my critical stuff to myself and use 2 factor on some things as well including multiple U2F security keys.

    I recently followed a 30 Day security challenge by Shannon Morse, and day 13 is about password managers.
    May be helpful.


  5. #4
    Member Needs New Keyboard Array
    Join Date
    Dec 2012
    Location
    New York
    Posts
    588
    Likes (Given)
    12
    Likes (Received)
    131

    Default

    Quote Originally Posted by Harold Mansfield View Post
    I agree it's madness, but necessary. I agree with VG that a password manager is a good idea, although anything with a single point of failure bothers me.]

    I can’t see trusting an online password mgr. Although I have no idea of the tech involved it still seems like a single hack gives away all your info.

    I did use the same or similar password for all my accounts until paypal was hacked and they stole couple thousand, a few hundred dollars at a time (paypal refunded me immediately) . They told me the hackers probably got the password by hacking some other account.

    I have too many to remember which is why I used just one. But, now I gave myself a very simple system. I actually have them listed on a document in my word file. I know, sounds stupid because a hack would reveal all passwords. But what I did was write down the first letter of a word or name then the numbers and/or symbols. I can remember what word or name each letter means. So on my sheet a password looks like this L345 but I know the actual password is Larry345. Or N234# means Nancy234#. I figure even if my sheet was hacked they’d have to figure out what the letters meant and then would have to do a lot of guessing to get it right. Basically I just have to remember what the letters represent which isn’t too difficult. Of course I don't use the same pass more than once anymore. I do similar for user name unless its my email.

  6. #5
    Rockin' the Casbah Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,524
    Likes (Given)
    1038
    Likes (Received)
    959

    Default

    It is incredibly hard to hack a decent password. Doing it cold without any social engineering or other kinds of information reconnaissance literally amounts to running huge lists of words and hoping to find a match or matching combination. Add in variables like case, numbers, and special characters and the fact that you have no idea where to start, it could take 10 minutes or 10 years.

    It also takes incredibly powerful computers.

    It is honestly the last resort because there are easier ways to hack someone or a system.

  7. #6
    Member Needs New Keyboard Array
    Join Date
    Feb 2013
    Location
    Ontario, Canada
    Posts
    1,248
    Likes (Given)
    115
    Likes (Received)
    238

    Default

    Last password I made I wrote out 10 random numbers, letters, and symbols verbally. It took me about a month to finally memorize it.
    Brad Miedema
    Fulcrum Saw & Tool

  8. #7
    Rockin' the Casbah Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,524
    Likes (Given)
    1038
    Likes (Received)
    959

    Default

    My password process is pretty convoluted on purpose. Besides my personal accounts, there's dozens client accounts, and multiple business accounts.
    But I can share a couple of tips that I suggest to clients and business associates. Anyone who needs more details on each just ask.

    Separate personal and business accounts completely. Devices, social media, emails and phone numbers.
    It should be like two completely different entities. (most people don't listen to this).

    Password managers are OK. I personally only use one for certain, non critical accounts.
    Critical accounts such as those that control my devices, financial, computer log ins, MS, Google, and other accounts that are important to using my computers or accounts I use 2-Factor authentication on ALL of them and use FIDO U2F Security Key's when it's supported.
    https://www.amazon.com/gp/product/B0...?ie=UTF8&psc=1


    If you are intent on storing a master list of your stuff on your computer, use encryption and password protect the folder.
    If you have a NAS there are instructions for each on how to do that.

    For Windows users, Windows 10 Pro comes with Bitlocker.
    You can also use Veracrypt, although it can be a bit "techy".
    https://www.veracrypt.fr/en/Home.html

    Or you can follow this tried and true method:
    https://www.laptopmag.com/articles/p...der-windows-10

    This will also work for USB drives.

    If you need help creating strong passwords there are a ton of random password creators online such as:
    https://lastpass.com/generatepassword.php

    For passwords that you need to remember frequently, use long phrases such as song lyrics and movie quotes that only YOU know are special to you. Don't use common phrases and quotes that everyone uses. If you're a Black Crows fan (for instance) and everyone knows it, then don't use lyrics from their songs as your phrase. Long passwords are ridiculously hard to crack.

    Last point, all the security in the world is only effective as the weakest link. If the company or account or service that you are using is hacked, you are essentially screwed too. Especially if you use the same email and password across multiple accounts.

    You can find out if an email or username that you use has been hacked and posted on the "dark web" with this site:
    https://haveibeenpwned.com/

    If anything shows up, change that password, or even better delete the account if you no longer use it.

    You can hear security tips all day long, but they are worthless if you don't implement them. Yes, it can be time consuming. However wanting everything to be easy like a Ron Popeil appliance is why so many people are sitting ducks.

    If your attitude is "I don't have anything that anyone could possibly want" then you are the weakest link of all your family, friends, business associates and the company you work for. To get to them, (if I was a bad hacker) I'd target you. Just something to think about.
    Last edited by Harold Mansfield; 12-09-2017 at 07:10 AM. Reason: TMI

  9. Likes Business Attorney liked this post
  10. #8
    Refugee from the .com Array cbscreative's Avatar
    Join Date
    Aug 2008
    Location
    Right here
    Posts
    2,894
    Likes (Given)
    48
    Likes (Received)
    92

    Default

    Quote Originally Posted by Harold Mansfield View Post
    If your attitude is "I don't have anything that anyone could possibly want" then you are the weakest link of all your family, friends, business associates and the company you work for. To get to them, (if I was a bad hacker) I'd target you. Just something to think about.
    This is probably one of the leading excuses for bad security. Aside from Harold's point about this attitude putting others at risk, there are the multitude of reasons hackers want to break through. One of which is to commandeer weak computers and make them part of a zombie network. If your computer is attacked in this manner, you could become a channel for spam blasts or worse, criminal activity. Imagine getting a knock on your door from the FBI for something you know nothing about. Yes, that does happen. You may even lose your computer during the investigation.

    Sometimes, you need to listen to us "scare mongers" because the "I don't have anything someone wants" attitude is exactly what someone out there is looking to exploit. Being an easy target is dangerous.
    Steve Chittenden

    Web design, graphic design, professional writing, and marketing.

    "Far better is it to dare mighty things, to win glorious triumphs, even though checkered by failure, than to rank with those poor spirits who neither enjoy much nor suffer much, because they live in the gray twilight that knows not victory nor defeat." -- Theodore Roosevelt

  11. Likes Harold Mansfield liked this post
  12. #9
    Rockin' the Casbah Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,524
    Likes (Given)
    1038
    Likes (Received)
    959

    Default

    Quote Originally Posted by cbscreative View Post
    This is probably one of the leading excuses for bad security. Aside from Harold's point about this attitude putting others at risk, there are the multitude of reasons hackers want to break through. One of which is to commandeer weak computers and make them part of a zombie network. If your computer is attacked in this manner, you could become a channel for spam blasts or worse, criminal activity. Imagine getting a knock on your door from the FBI for something you know nothing about. Yes, that does happen. You may even lose your computer during the investigation.

    Sometimes, you need to listen to us "scare mongers" because the "I don't have anything someone wants" attitude is exactly what someone out there is looking to exploit. Being an easy target is dangerous.
    Excellent point.

    The most common attack against networks are DDOS, Distributed Denial of Service attacks. In short this means a hacker summons the power of hundreds, thousands or millions of computers AND/OR devices and makes them all send requests to one target. The server gets overloaded and either locks up so that no one can access it, or shuts down. This can also open a hole in the security to allow an attacker into the network.

    Hackers who use this method don't own thousands of computers, they are using yours. Little scripts that lay dormant on your computer that you don't even know are there lay wait to get the signal and send out attacks. Most times you will never know it's happening or that you've even been infected.

    The Dyn DNS attack that shut down thousands of websites last year was a series of multiple DDOS attacks that used the hundreds of thousands of Internet of Things devices that had already been infected. Things like wif cameras, baby monitors, home automation devices, and so on.

    It's literally just like the movie Independence Day. The invading aliens first crippled our communications by using our own satellites against us and using them to send their own signal for attack. A DDOS attack is the exact same thing. Using our devices against us to execute the attack.

    So, maybe you personally don't care about your own privacy, but you still have a responsibility to NOT be a catalyst for others to be attacked. Take your security seriously.

    Use common sense security. Don't download free stuff that you know is not supposed to be free. Don't use free music and movie sites...these are some of the most successful ways to continually infect thousands of computers. Don't just buy and connect anything to your network because it's cool. Check it's security. Check reviews. Vet the manufacturer. Take old devices offline.

    If you are connected to the internet in any way it's not just about you. It's about all of us.

    Something else to think about, large businesses are doing something about it and are increasingly hard to hack. Small businesses and individuals are doing nothing and it's why attacks on people and small businesses are skyrocketing. Easy targets.

    If your company network, or computer is breached, what kind of info would a hacker get about you, your business, your associates, your family, or know about your life in general?

    Don't ignore your security because it's too hard or too time consuming or because you're mad that we have to do all of this now. We've always had to, we just didn't. Now we have to catch up and get smarter.

  13. #10
    Member Needs New Keyboard Array
    Join Date
    Dec 2012
    Location
    New York
    Posts
    588
    Likes (Given)
    12
    Likes (Received)
    131

    Default

    Interesting info about comps being used to attack other comps. Something most of us non tech folks would never know about. For basic security what do you recommend, Norton, pc matic or what. I mean for the NON-tech people.

    I don't do anything hi-tech but I use the comp extensively basically for documents and presentations and communications. Nothing too secret or valuable to a hacker BUT I do have to keep records that include a lot of personal info for clients and investors including ss#s, address, financial info, bank info, wire transfer info, copies of checks, spouse info even copies of signatures etc.

    I do NOT keep that info on a computer (just paper files, boxes full of paper) for fear of a hack. Would love to know of a foolproof way to keep in pdf form on computer.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •