Forum Settings
       
« Previous 1 2 3
Reply To Thread

P@$$w0rd S3cur!tyFollow

#1 Oct 18 2013 at 7:33 AM Rating: Decent
The All Knowing
Avatar
*****
10,152 posts
Ok, so I consider myself a moderate when dealing with passwords. I don't use common names, dates and/or words, none of my security questions and answers are legit and I vary the level of password difficulty pending on what I'm safeguarding. However, I don't use 20 character passwords or have paranoia that people are always trying to hack me.

So, with that being said, I've been getting rather frustrated with the varying password policies from websites. I applaud their desire to protect our data, but their policies aren't uniform and are dumb, making me create and remember more and more passwords. The more unnecessary restrictions you have, the less possibilities there are.

Prime example. Same website made me create a password that had to be at least so many characters, but no special characters. Later, in the same website, I had to create another password that had to be EXACTLY 8 characters, using at least one number, one special character, but only SOME special characters. (I don't remember the exact policies, but they were something to that effect). Because my first password violated the second password policy, I had to create an entirely different (modified) password for the same site! And, no, this wasn't Healthcare.gov.

As I start to do more stuff online, I run into this more and more and has become more and more frustrating. What's the point of creating a policy that doesn't allow special characters?

What say ye?
#2 Oct 18 2013 at 7:49 AM Rating: Good
Unforkgettable
*****
13,251 posts
I just use KeePass to manage all my passwords.
____________________________
Banh
#3 Oct 18 2013 at 7:50 AM Rating: Decent
******
21,720 posts
Funny you mention healthcare.gov. I was going to sign up for that until they told me my USERNAME had to have numbers and/or special characters. Password security recommendations are fine. Arbitrary restrictions left up to the developers to determine are asinine.
____________________________
R.I.P. Jessica M. 5/3/2010
This post brought to you by Carl's Jr.
gbaji wrote:
You guys keep tossing facts out there like they mean something.


#4 Oct 18 2013 at 7:54 AM Rating: Good
******
21,720 posts
Spoonless wrote:
I just use KeePass to manage all my passwords.

KeePass is great, unless you ever need to log in from a computer that doesn't have access to your password kdb file. I use DropBox to ensure that I have access to it from several computers, but **** all if I'm going to download my password db to a third party or public computer, let alone download or install KeePass to read it.

____________________________
R.I.P. Jessica M. 5/3/2010
This post brought to you by Carl's Jr.
gbaji wrote:
You guys keep tossing facts out there like they mean something.


#5 Oct 18 2013 at 9:26 AM Rating: Excellent
Meat Popsicle
*****
13,369 posts
I have 3 different generic passwords I use commonly. Those are varied enough that I can almost always use one of them no matter the restrictions. Since most places give you 3 guesses on your password it works out well for the whole remembering part (which I suck at). After that important stuff has subtle variations of the above, something that easy enough for me to remember (i.e. somehow related), but changes the password fairly significantly, and has some part I can iterate on if I'm forced to change things up a bit, like the work password which changes every few months.

The questions are the bane of my existence though. Firstly I don't have a favorite teacher, or a favorite fruit, don't remember the model of my first girlfriend's car, split my childhood between a few different houses, can never seem to remember whether or not my first phone number should include the area code, and that theme continues for 90% of what they come up with. I'd make up fake answers for those (which I'm told is best to do anyway), but I get forced into using those questions so infrequently I can't seem to remember my fake answers.

I'll just stick with the herd thing and hope enough of the rest of you are feeble, injured, or somehow look more delicious so the predators will go after you first and leave me alone. Smiley: nod

Edited, Oct 18th 2013 8:28am by someproteinguy
____________________________
That monster in the mirror, he just might be you. -Grover
#6 Oct 18 2013 at 9:53 AM Rating: Good
Needs More Smut
******
21,262 posts
My passwords these days all follow a specific pattern, but each one is unique. I think of a keyword related to the site I'm trying to access (like bank, or game) and tack on a specific number combo and special character at the end. I almost always end up with nice, 8-10 character passwords that are unique to the service I'm trying to access. Even if someone keylogs me one place, it won't help them get anywhere else without brute forcing a bit.
____________________________
FFXI: Catwho on Bismarck: Retired December 2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest and Taprara Rara on Lamia Server - Member of The Swarm
Curator of the XIV Wallpapers Tumblr and the XIV Fashion Tumblr
#7 Oct 18 2013 at 10:19 AM Rating: Good
Skelly Poker Since 2008
*****
16,594 posts
I disappointed no one has come up with something easier and more secure for the home computer user than passwords. Retina-scans, odor-recognition or fingerprint passes, heck even a swipe card would work.
____________________________
Alma wrote:
I lost my post
#8 Oct 18 2013 at 10:19 AM Rating: Excellent
Avatar
******
29,911 posts
I may have one or two thoughts on the subjects of passwords...
http://everquest.allakhazam.com/forum.html?forum=25&mid=130025123118577481
____________________________
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
#9 Oct 18 2013 at 12:07 PM Rating: Excellent
Soulless Internet Tiger
******
35,366 posts
I will not discuss my passwords here. TLW frequents this place.
____________________________
Donate. One day it could be your family.


An invasion of armies can be resisted, but not an idea whose time has come. Victor Hugo

#10 Oct 18 2013 at 12:52 PM Rating: Decent
Lunatic
******
30,084 posts
What's the point of creating a policy that doesn't allow special characters?

It makes users feel more secure. The reality is most password files are barely encrypted if not kept in plaintext and take an hour for a 12 year old to break. Forcing users to rule out "password" as a password seems like a good idea until dictionary attacks add "password_1" to lists.
____________________________
Disclaimer:

To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a *****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? ***. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.

#11 Oct 18 2013 at 12:58 PM Rating: Good
******
20,020 posts
Relevant.
Screenshot
____________________________
IDrownFish wrote:
Anyways, you all are horrible, @#%^ed up people

lolgaxe wrote:
Never underestimate the healing power of a massive dong.
#12 Oct 18 2013 at 1:03 PM Rating: Excellent
Meat Popsicle
*****
13,369 posts
Quote:
Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.
One more sign the computer overlords have already taken over.

Smiley: tinfoilhat

Edited, Oct 18th 2013 12:05pm by someproteinguy
____________________________
That monster in the mirror, he just might be you. -Grover
#13 Oct 18 2013 at 4:39 PM Rating: Decent
The All Knowing
Avatar
*****
10,152 posts
someproteinguy wrote:
I have 3 different generic passwords I use commonly. Those are varied enough that I can almost always use one of them no matter the restrictions. Since most places give you 3 guesses on your password it works out well for the whole remembering part (which I suck at). After that important stuff has subtle variations of the above, something that easy enough for me to remember (i.e. somehow related), but changes the password fairly significantly, and has some part I can iterate on if I'm forced to change things up a bit, like the work password which changes every few months.

Smiley: nod

Edited, Oct 18th 2013 8:28am by someproteinguy


That's how I am and that usually isn't an issue, but over time, I have come across ridiculous password policies that forces me to alter my passwords, creating new alterations.

SPG wrote:
The questions are the bane of my existence though. Firstly I don't have a favorite teacher, or a favorite fruit, don't remember the model of my first girlfriend's car, split my childhood between a few different houses, can never seem to remember whether or not my first phone number should include the area code, and that theme continues for 90% of what they come up with. I'd make up fake answers for those (which I'm told is best to do anyway), but I get forced into using those questions so infrequently I can't seem to remember my fake answers.

I'll just stick with the herd thing and hope enough of the rest of you are feeble, injured, or somehow look more delicious so the predators will go after you first and leave me alone.


Easy solution. Think of one place: Gotham City, One name : Peter Parker, One Pet Name: Alpha5, one car name: Pento and use those for every question. NEVER USE anything real that someone can use facebook/ social engineering to get.
Name of best friend/ girlfriend/ teacher/etc. = Peter Parker.

Place of birth; honeymoon; first vacation, etc = Gotham City

Now, the key is to remember this if a person challenges you on the phone. You have to ask are these MY security questions or are you using your database? A few years ago, a woman asked me the name of my son. I responded "??? I don't have a son, do you know something that I don't know?". There was an awkward pause, until I realized that she was asking my security question and answered. We laughed.

Smasharoo wrote:
What's the point of creating a policy that doesn't allow special characters?

It makes users feel more secure. The reality is most password files are barely encrypted if not kept in plaintext and take an hour for a 12 year old to break. Forcing users to rule out "password" as a password seems like a good idea until dictionary attacks add "password_1" to lists.


I think you misread what I wrote. I'm asking why create a policy that does NOT allow special characters.
idiggory, King of Bards wrote:


I've been arguing this concept for awhile. The more restrictions that you give, the less possibilities there are.
#14 Oct 18 2013 at 6:36 PM Rating: Default
Avatar
****
7,546 posts
I use password protected computers on a private network to generate me a random password every week at noon, it then auto dumps to my PC and replaces the saved password information saved on my PC. I can access the same file on my phone but have to manually change passwords (***.)

I removed my self from the password making process and life has never been more blissful.
____________________________
HEY GOOGLE. **** OFF YOU. **** YOUR ******** SEARCH ENGINE IN ITS ******* ****** BINARY ***. ALL DAY LONG.

#15 Oct 18 2013 at 6:51 PM Rating: Default
The All Knowing
Avatar
*****
10,152 posts
rdmcandie wrote:
I use password protected computers on a private network to generate me a random password every week at noon, it then auto dumps to my PC and replaces the saved password information saved on my PC. I can access the same file on my phone but have to manually change passwords (***.)

I removed my self from the password making process and life has never been more blissful.


Different strokes for different folks. That's too much automation involved with sensitive information. I like to have some interaction. Besides, how exactly are your passwords automatically dumped onto your PC if the generator is on a private network? Sounds like spillage.
#16 Oct 18 2013 at 7:10 PM Rating: Decent
Avatar
****
7,546 posts
Well its not really that sensitive. Online Games/online game forums/associated emails/freeporn/news papers.

Why anyone would put sensitive stuff on the net is beyond me.

Edited, Oct 18th 2013 9:12pm by rdmcandie
____________________________
HEY GOOGLE. **** OFF YOU. **** YOUR ******** SEARCH ENGINE IN ITS ******* ****** BINARY ***. ALL DAY LONG.

#17 Oct 18 2013 at 7:24 PM Rating: Default
The All Knowing
Avatar
*****
10,152 posts
rdmcandie wrote:
Well its not really that sensitive. Online Games/online game forums/associated emails/freeporn/news papers.

Why anyone would put sensitive stuff on the net is beyond me.

Edited, Oct 18th 2013 9:12pm by rdmcandie


You don't do online banking? I would imagine that anyone who has a program to create and update their passwords would also be a proponent of auto-pay. Not having to ever worry about paying bills is a great feeling.
#18 Oct 18 2013 at 8:13 PM Rating: Good
Avatar
*****
13,221 posts
Uglysasquatch wrote:
I will not discuss my passwords here. TLW frequents this place.


It's like you don't trust me.
____________________________
Just as Planned.
#19 Oct 18 2013 at 9:08 PM Rating: Decent
Avatar
****
7,546 posts
Almalieque wrote:
rdmcandie wrote:
Well its not really that sensitive. Online Games/online game forums/associated emails/freeporn/news papers.

Why anyone would put sensitive stuff on the net is beyond me.

Edited, Oct 18th 2013 9:12pm by rdmcandie


You don't do online banking? I would imagine that anyone who has a program to create and update their passwords would also be a proponent of auto-pay. Not having to ever worry about paying bills is a great feeling.


Oh I have autopay, I just don't use online banking, I also have direct deposit but I don't need to do anything with it at all, I already go to the bank twice a month to talk about my investments with my representative, and if I have any actual pressing banking matters I can clean them up while I am there anyway.

I think maybe the most sensitive information I have on the internet might be my pay pal account, which Is tied to my credit card, but that is just a pay as you go credit card unaffiliated with my bank used solely to top up pay pal so I can play and buy games. Everything else is pretty much on my debit card, and statements from banking machines IF I need cash, which only happens if I go to the bar, or need to buy some more weed.

Lets see. Ya I don't think Ive ever visited the bank website outside of my bank and making my first password. Now I could...I just haven't.


Actually that is not true the Government made me put my birthdate and my sin number into an online form a few years back when I was applying to colleges and college loans.

Edited, Oct 18th 2013 11:10pm by rdmcandie

Edited, Oct 18th 2013 11:11pm by rdmcandie
____________________________
HEY GOOGLE. **** OFF YOU. **** YOUR ******** SEARCH ENGINE IN ITS ******* ****** BINARY ***. ALL DAY LONG.

#20 Oct 19 2013 at 1:53 AM Rating: Decent
The All Knowing
Avatar
*****
10,152 posts
RDD wrote:
Oh I have autopay, I just don't use online banking, I also have direct deposit but I don't need to do anything with it at all, I already go to the bank twice a month to talk about my investments with my representative, and if I have any actual pressing banking matters I can clean them up while I am there anyway.

I think maybe the most sensitive information I have on the internet might be my pay pal account, which Is tied to my credit card, but that is just a pay as you go credit card unaffiliated with my bank used solely to top up pay pal so I can play and buy games. Everything else is pretty much on my debit card, and statements from banking machines IF I need cash, which only happens if I go to the bar, or need to buy some more weed.

Lets see. Ya I don't think Ive ever visited the bank website outside of my bank and making my first password. Now I could...I just haven't.


Actually that is not true the Government made me put my birthdate and my sin number into an online form a few years back when I was applying to colleges and college loans.


Whatever floats your boat. It just seems odd to me for a person who doesn't do online banking or make online purchases with credit cards to have such an over complex system for password management as opposed to having simple, but "safe" passwords.

It sounds like you have an unreasonable level of paranoia. If your password management is about simplicity and not security (because you have nothing sensitive to protect), then you realize the simplicity of online banking as opposed to physically visiting your bank.

Edited, Oct 19th 2013 9:53am by Almalieque
#21 Oct 19 2013 at 8:29 AM Rating: Decent
*****
12,829 posts
I have a wireless password that follows more in line with the XKCD comic. I would love to see someone brute force it. I wonder how many decades it would take....
____________________________
Twitter: http://www.twitter.com/pawkeshup
YouTube: http://www.youtube.com/pawkeshup
Twitch: http://www.twitch.tv/pawkeshup
Blog: http://pawkeshup.blogspot.com
Olorinus the Ludicrous wrote:
The idea of old school is way more interesting than the reality
#22 Oct 19 2013 at 8:34 AM Rating: Decent
Avatar
****
7,546 posts
Are you just making an argument for the sake of arguing?

I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.

Now if for whatever reason I did use online banking I wouldn't have much issue using it, because I am confident that my PC and information is protected on my end just as much as it is their end. But that day has not come yet. I seem to be able to tackle all my banking needs when I visit my bank 2 times a month to discuss my investments.

Now do I need random passwords thrown at me from an old PC? Not really.
Why do it then if you don't need it? Why not.



Edited, Oct 19th 2013 10:35am by rdmcandie
____________________________
HEY GOOGLE. **** OFF YOU. **** YOUR ******** SEARCH ENGINE IN ITS ******* ****** BINARY ***. ALL DAY LONG.

#23 Oct 19 2013 at 8:41 AM Rating: Excellent
Supreme Lionator
*****
14,174 posts
Just use whatever, then forget it.
____________________________
“Socialism never took root in America because the poor see themselves not as an exploited proletariat but as temporarily embarrassed millionaires.”
#24 Oct 19 2013 at 8:51 AM Rating: Excellent
Liberal Conspiracy
*******
TILT
rdmcandie wrote:
I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.

Personally, it's the sort of thing that's just handy when I need it. If I want/need to know my balance or whether the sitter finally cashed that check or whatever, I can find out there and then. It's never saved a life or rescued a tree full of kittens but it's a nice quality-of-life thing.
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#25 Oct 19 2013 at 9:11 AM Rating: Decent
Avatar
****
7,546 posts
Jophiel wrote:
rdmcandie wrote:
I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.

Personally, it's the sort of thing that's just handy when I need it. If I want/need to know my balance or whether the sitter finally cashed that check or whatever, I can find out there and then. It's never saved a life or rescued a tree full of kittens but it's a nice quality-of-life thing.



Thats what I assumed, just another tool that is nice to have available should you need it.
____________________________
HEY GOOGLE. **** OFF YOU. **** YOUR ******** SEARCH ENGINE IN ITS ******* ****** BINARY ***. ALL DAY LONG.

#26 Oct 19 2013 at 9:11 AM Rating: Good
******
27,272 posts
Online banking is mostly a way for me to keep an eye on my money, especially with my bank's app. Since I almost ever have or use cash it's basically my wallet.
____________________________
Theophany wrote:
YOU'RE AN ELITIST @#%^ AETHIEN, NO WONDER YOU HAVE NO FRIENDS AND PEOPLE HATE YOU.
someproteinguy wrote:
Aethien you take more terrible pictures than a Japanese tourist.
Astarin wrote:
One day, Maz, you'll learn not to click on anything Aeth links.
« Previous 1 2 3
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 50 All times are in CDT
Anonymous Guests (50)