Ransomware..is this a real threat.

It's a good policy to regularly change your passwords and don't use words in them, randomise them as much as possible.

swarfega said:

It's a good policy to regularly change your passwords and don't use words in them, randomise them as much as possible.

You might laugh now, but I use addresses as passwords, usually places like hotels or landmarks I have visited, but also home addresses for people important to me.

This sounds complicated, but I can assure you it is extremely easy. I have used this "password protection" system for years, without any issues.

An example. Let's say I need an additional Outlook.com account, and a good password for it. There's a pub in London I have reasons to remember, in 44 Elizabeth Street, post / zip code SW1W 9PA.

My passwords always start with post / zip code, followed by the house / building number and street name. In addition, as this example is about a new Outlook.com account, I need to remember it has a 16 character limit for password.

I would now set the new email account's password as SW1W9PA44Elizabe, 16 first characters from the address written in my way (zip, house #, street). I have an encrypted, password protected password list (Excel workbook) stored in OneDrive. I would now add this account as Outlook 5 - London to that list (I have 4 Outlook.com email addresses already). Part of that list would look like this:

Outlook 1	Isle of Skye 16
Outlook 2	Oslo 16
Outlook 3	Utsjoki 16
Outlook 4	Carrara 16
Outlook 5	London 16
Gmail 1	Charleston FULL

The number after the city in the list reminds me of password length. As Gmail allows really long passwords, FULL in cities assigned to Gmail accounts means I can use the full address; for Outlook, the password in this example would be SW1W9PA44Elizabe, the same address used as Gmail password would be SW1W9PA44ElizabethStreet.

Note that cities in above list are naturally not the real ones I use!

OK, I now have a strong, long password with upper and lower case letters and digits. Together with 2FA, access to my accounts is as secured as possible.

I have no issues in remembering the places or landmarks I associate with each city, they are all important places / companies / people for me. I only use one city for one password, so even if I forgot the password to this sample Outlook.com account, I would check my encrypted list, see the password hint is London. Remembering the place I used in London, I could now use Bing to find their address and be able to sign in.

Kari

Mystere said:

I should point out, this is not ransomware. Ransomware is when malware encrypts your hard drive, and demands a ransome to get your data back. At best, this is more like a bad blackmail attempt.

Exactly.

If this is true Ransomware you would have limited or no access to your filesystem.

Always keep your personal details secure.

roy111 said:

Hi, with this detailed explanation on "how it works" it shuld be possible to brute force your encripted password.

Please tell me how?

You have information that my "Outlook 5" account password hint is "London". You have absolutely no idea about what is my "Outlook 5" email address, and even if you had, you have absolutely no idea about what the place / address I associate with "London" is.

As you seem to be clever, could you please tell tell me how you could find my email address and password for account "Outlook 5", without knowing what first name.last name combination I have used to create that account, and what place / address in London I had on my mind when creating the password?

And, let's not forget the 2FA. Even if you had my email address, and the password, you could not sign in without a code sent as text message to my mobile phone.

You might be clever, but I strongly advice you not to reply. You might just make more fool of yourself.

Kari