I would like to comment on passwords security

frenchman96 · 27 Apr 2021

Hi Guys

As I have had lots of help on W10, and although I acknowledge that most of you will have LOTS more pc experience than me, I feel sure others with less experience MAY benefit from what I think about password security.

Correct me if I am wrong, but there are a few main comments and tips about passwords.

1- use upper and lower case, and some sites insist on a + or % or * as well.
2- the text book tells us to have a different one for each site
3- they also say, never write them down
4- never us a 1234 or 1066 etc, in other words, very obvious one that intruders might gues.
5-scammers or virus senders use a "shotgun affect" when guessing emails like john100@hotmail and repeat it with change of no, theory being, it will find at least one person, which is all they need.

My comments to the above are
1- makes sense, but using that method with different sites-wow
2- so if you visit 20 sites, maybe more, you have to remember them.
3- as we are told not to write them down, best of luck-
4- totally agree
5- true

Solution >>>remember, you are trying to create a p/w the "baddies" can't associate to you or guess, and it must be one (yes, I only use 1) so you think of a phrase, or happening you will always remember.

I met my wife in London in 1966, then you use first letter of each word >> immwiLi1966
I contact w10 forum today > Icw10ft
There are 22 teams in the premier league > Ta22titpl

As you can all imagine, the possible choice is endless and as we all know, even if we make it more complicated, using it each day, it becomes imbedded in you mind. I welcome comments

AddRAM · 27 Apr 2021

That`s crazy, I always write them down, and mine are quite complicated. And I use 2 or even 3 ways confirmation wherever possible.

Another member told me about these.

Buy YubiKeys at Yubico.com | Shop hardware authentication security keys

Paul Black · 27 Apr 2021

Hello @frenchman96,

You will probably get a good response to this. There are many such threads here on the Forum.

Whatever method someone ends up using, it boils down to the fact that the User has got to Remember what the UserName and Passwords are, what they are used for, and where they are.

I have a throw away email account for maybe a one time Sign-Up and Sign-In.

Other than that, they are NOT only in my head, but are written down and put in a REALLY SAFE place.

My logic is, they are FAR SAFER in my house than on Password Software or the Internet. If your house was to get burgled, they will NOT be looking for that information, whereas if they are on the Internet, you have a world of potential hackers.

Just my thoughts.

Kol12 · 27 Apr 2021

I highly suggest you use a password manager like Bitwarden or Lastpass and 2 factor authentication. Yubikey is the strongest form of 2FA, particularly good for your Google account but many others too.

https://bitwarden.com/
#1 Password Manager & Vault App, Enterprise SSO & MFA | LastPass

Ghot · 27 Apr 2021

I use the same password everywhere... it's: C'mon in, let's fight.

Just kidding.

The very first rule of internet passwords, is.... don't talk about them on an internet forum. ^^

Try3 · 27 Apr 2021

frenchman96 said:

3- they also say, never write them down
3- as we are told not to write them down, best of luck-

I agree with the others. Write them down somewhere secure yet accessible.

I write mine in a password-protected Excel file that lives on a small USB stick that lives on my keyring.
I write down the password to the password-protected Excel file on a strip of paper that lives in one of those dog nametag cylinder things that also lives on my keyring.
The USB stick is never connected to my computer whilst I am connected to the internet.

Here's a [UK] link for some example ID tags https://www.amazon.co.uk/Pet-Barrel-.../dp/B00DEB1JVQ There are lots of available choices but I bought ones that, like these, have a slot in the bottom for me to swing off so I can be confident they won't come apart accidentally while I'm out & about.

All my passwords are, at least, 18 random characters long.
- I estimate that, even after taking account of possible technological advances over the next twenty five years, online hackers [who have often offered a 100 hours password cracking effort as their standard service] will only have a 1/1,000,000 chance of cracking such long, random passwords even if they dedicate a complete datacentre of 2 million PC-equivalents to the job.
- Hackers are more likely to be able to crack the host of a poor-quality online store of passwords such as a poorly-secured website. That's why it is important to use different passwords for each purpose.
- There's a 2015 discussion of this topic in the context of Office 2007 passwords at Office passwords - MSAForum

You might hear about 'Password reset disks' for Local user accounts [only]. They are an expensive alternative to a piece of paper.

Denis

Kol12 · 27 Apr 2021

I have probably 100 passwords. Don't you guys find a password manager so much easier?

Ghot · 27 Apr 2021

See... if I was a hacker, you've all just saved me months of work.
I now know exactly where to start for each of you.

I know it seems silly, but these days a bad guy can set a bot to look for stuff like this on forums.

Try3 · 27 Apr 2021

Kol12 said:

I have probably 100 passwords. Don't you guys find a password manager so much easier?

No, not all of us. This discussion has been had many times in TenForums.
- Some people like to use password managers whilst others prefer to use their own lists [such as my Excel list].
- I always read threads on this topic but have never reached any firm conclusion about which solution is the better one [bearing in mind that browsers include a degree of password management with their ability to operate 'Remember me' functions for websites].

If an overwhelmingly convincing case was put forward for using a password manager, I would take account of it but I do suspect that, since I've been satisfied with my current solution for so long, I'd take ages to make the time to do the changeover. Not a sensible attitude, I know, but it's probably what would happen in my case.

All the best,
Denis

Try3 · 27 Apr 2021

Ghot said:

See... if I was a hacker, you've all just saved me months of work.
I now know exactly where to start for each of you.

I know it seems silly, but these days a bad guy can set a bot to look for stuff like this on forums.

So where are you going to start with me?

Denis