Why It's Imporatant to Use Unique Passwords...
- Richard S.
- Mayor
- Posts: 15243
- Joined: Fri. Oct. 01, 2004 8:35 pm
- Location: NEPA
- Stoker Coal Boiler: Van Wert VA1200
- Coal Size/Type: Buckwheat/Anthracite
I cannot stress how important it is to use unique passwords on different sites no matter what site it is. Matter of fact it's probably even more important on sites like this. I'm not a banking site and while I try my hardest to protect your personal data there is no guarantee I can. The password that you use for this site is encrypted in the database, I could not tell you what it is even if I wanted too however because of performance issues the encryption used is not unbreakable. There is also other means to obtain it such as simply compromising a script used for the login process.
What happens is this, a hacker first obtains the user data from a site like this. Now they have an associated username, email address and a password. The next thing they do is try and use your password that you used here to get into the email account. Once they are in your email account they can then look for bank statements, Ebay , Paypal or even other sites like this one. Now it's off to those sites.....
If you are using the same password on this site that you are using on other sites you need to make them unique .
The easiest way to manage passwords is with something like Keepass. This will generate very good passwords and store them for you. It uses an encrypted file on your local machine and you only need to remember one password to get to the rest of them. The program itself can even be stored on something like flash card or USB thumb drive for portability .
What happens is this, a hacker first obtains the user data from a site like this. Now they have an associated username, email address and a password. The next thing they do is try and use your password that you used here to get into the email account. Once they are in your email account they can then look for bank statements, Ebay , Paypal or even other sites like this one. Now it's off to those sites.....
If you are using the same password on this site that you are using on other sites you need to make them unique .
The easiest way to manage passwords is with something like Keepass. This will generate very good passwords and store them for you. It uses an encrypted file on your local machine and you only need to remember one password to get to the rest of them. The program itself can even be stored on something like flash card or USB thumb drive for portability .
- mozz
- Member
- Posts: 1363
- Joined: Mon. Sep. 17, 2007 5:27 pm
- Location: Wayne county PA.
- Stoker Coal Boiler: Axeman Anderson 1982 AA-130 Steam
Just had my password hacked,they used my account to buy stuff at Walmart.com. I had no credit card info on file but they used some other name and card info to order digital downloads of cell phone minute cards. I happened to use the same password for about 10 forums and Walmart. What I have been reading tells me forums are very often hacked and then the hackers try very popular sites such as Amazon ebay paypal etc. I have now 50 different passwords.
- Lightning
- Site Moderator
- Posts: 14669
- Joined: Wed. Nov. 16, 2011 9:51 am
- Location: Olean, NY
- Stoker Coal Boiler: Modified AA 130
- Coal Size/Type: Pea Size - Anthracite
I've used Steganos Password Manager 7 for several years now. The only thing I worry about is, how do you know that these password programs aren't gonna ship off your information? I suppose that's a paranoid argument, but still I've been reluctant to use something different since it seems I've been safe with the one I'm using. Any way to make sure a password vault is legit?
- mozz
- Member
- Posts: 1363
- Joined: Mon. Sep. 17, 2007 5:27 pm
- Location: Wayne county PA.
- Stoker Coal Boiler: Axeman Anderson 1982 AA-130 Steam
Some of the password software and apps keep the passwords on your device. They never go to a company or cloud so there is no chance of getting hacked, unless your device gets hacked, but then they often use aes256 encryption or something of that sort.
Stupid Walmart and a few others keep your credit card or debit card info. I'm sure there was a box to uncheck which said "click here and we won't save your card info" but they have it so hidden on the website you can never find it. They get paid, sell merchandise, make a profit so they really don't care where the money comes from. All my passwords, each of them different, are now saved with pencil and paper. Bank wants me to start using my debit card as "credit" when I use it, or they are gonna charge me $1 a transaction. Can I bolt a safe to the AA130?
Stupid Walmart and a few others keep your credit card or debit card info. I'm sure there was a box to uncheck which said "click here and we won't save your card info" but they have it so hidden on the website you can never find it. They get paid, sell merchandise, make a profit so they really don't care where the money comes from. All my passwords, each of them different, are now saved with pencil and paper. Bank wants me to start using my debit card as "credit" when I use it, or they are gonna charge me $1 a transaction. Can I bolt a safe to the AA130?
- Richard S.
- Mayor
- Posts: 15243
- Joined: Fri. Oct. 01, 2004 8:35 pm
- Location: NEPA
- Stoker Coal Boiler: Van Wert VA1200
- Coal Size/Type: Buckwheat/Anthracite
Keepass is open source and used by many people with technical backgrounds.
- Richard S.
- Mayor
- Posts: 15243
- Joined: Fri. Oct. 01, 2004 8:35 pm
- Location: NEPA
- Stoker Coal Boiler: Van Wert VA1200
- Coal Size/Type: Buckwheat/Anthracite
Keepass is completely localized however you could for example store the file on a server and be able to access it from any device.mozz wrote:Some of the password software and apps keep the passwords on your device.
- davidmcbeth3
- Member
- Posts: 8505
- Joined: Sun. Jun. 14, 2009 2:31 pm
- Coal Size/Type: nut/pea/anthra
Anyone who banks online is goofy. Even if YOU have 10,000 passwords, those passwords may not be secret or secure.
I won't even do banking over the phone.
I won't even do banking over the phone.
- Lightning
- Site Moderator
- Posts: 14669
- Joined: Wed. Nov. 16, 2011 9:51 am
- Location: Olean, NY
- Stoker Coal Boiler: Modified AA 130
- Coal Size/Type: Pea Size - Anthracite
Actually, doing banking online and paying bills online is thought to be safer and more reliable than writing checks and using the postal service. I don't even use checks anymore. I haven't written a check in about 10 years. I do everything online.davidmcbeth3 wrote:Anyone who banks online is goofy. Even if YOU have 10,000 passwords, those passwords may not be secret or secure.
I won't even do banking over the phone.
It's when places like Home Depot and Target where I used my card manually that have given me issues.
As long as you are careful doing things online, there is rarely any problems.
- SMITTY
- Member
- Posts: 12526
- Joined: Sun. Dec. 11, 2005 12:43 pm
- Location: West-Central Mass
- Stoker Coal Boiler: EFM 520 Highboy
- Coal Size/Type: Rice / Blaschak anthracite
- Other Heating: Oil fired Burnham boiler
I've been banking and buying online for over 13 years now. Never had an issue with any of it, up until this year. Had both my credit cards hacked - one only once, but the other 3x! Each time someone charged a small amount to test, then went for a big purchase, which my provider blocked. Why they don't contact you when this happens, I have no idea. I contacted them after noticing a couple charges I didn't make, plus a few emails saying I opened an account on a site I had never heard of, let alone visited.
Each time the card squashed the charges - no harm, no foul ..... so far at least.
I do have lots of passwords though. I keep them in a secure, violently-booby-trapped location.
Each time the card squashed the charges - no harm, no foul ..... so far at least.
I do have lots of passwords though. I keep them in a secure, violently-booby-trapped location.
-
- Member
- Posts: 191
- Joined: Tue. Dec. 17, 2013 11:01 am
- Location: Benton,ME
- Hot Air Coal Stoker Stove: Leisure Line Pioneer LE top vent
- Coal Size/Type: Rice
My password on here is so unique that I couldn't remember the damn thing!Well,I have a new one now.I've been banking online for over 10 years.All of my statements are via email.The only times my cards have been compromised are when using them physically.
- Richard S.
- Mayor
- Posts: 15243
- Joined: Fri. Oct. 01, 2004 8:35 pm
- Location: NEPA
- Stoker Coal Boiler: Van Wert VA1200
- Coal Size/Type: Buckwheat/Anthracite
If you don't want to use a password manager you can always use something tied to the site.scoobydoo wrote:My password on here is so unique that I couldn't remember the damn thing!
Here's an example but it could be more elaborate.
pacr - this is the 2nd to 6ths letters in the domain.pacr90062
90062 - the number of letters in the domain name times 6433 which was the last 4 digits in the phone I had years ago.
This is not ideal because someone that was determined could figure it out if they were able to obtain two of your passwords however it will provide unique and easy to remember passwords for any domain.
- Yanche
- Member
- Posts: 3026
- Joined: Fri. Dec. 23, 2005 12:45 pm
- Location: Sykesville, Maryland
- Stoker Coal Boiler: Alternate Heating Systems S-130
- Coal Size/Type: Anthracite Pea
Passwords, we all know the rules. Longer and complex the better, different for each site/account, change frequently, etc. The problem is how to remember them. Write them down, use software encryption aids (i.e. Keypass or others), biometric sensors, and on and on.
I've struggled with a solution for years. What I realized early that is you need to be able to re-construct your password when your memory fails you and you can't find your list. What's needed is a method you use to create passwords combined with things that are well engrained in your memory. For example their are things in our life we don't forget. Our first love, first car, etc. Concatenate these words in together as part of your password. Make each password unique by some phrase that identifies the site.
For example, "NEPA crossroads" + "first love" + "first car" + "some punctuation characters" + "numbers". Numbers should be some that you already know, like a previous phone or house number. Don't use anything current, use numbers that had some past meaning to you and you can find if you really have too. Stringing all this together will result in a very long password. Shorten it by only using the first few characters in each sub-section of the algorithm. Your goal is 20 plus characters. Updating a particular password is easy, just interchange some of the subsections, i.e. interchange "first love" and "first car".
Think through your algorithm and write it down. Then start converting your existing passwords to it. Soon you will appreciate having a algorithm for creating passwords.
I keep lists of my passwords on an encrypted flash drive. I use a particularly secure one called "Iron Key". It pricy because the encryption to secure it is part of the hardware in the flash drive. For each account I also keep a file with answers to all those password recovery questions, "What's your high school mascot?", "Your best childhood friend", etc. Who can ever remember how you answered them. Did you capitalize, did you use a nickname, etc.?
If you need a really secure password, say one that gives to access to the encrypted flash drive, you need to do more. You use a passphrase. Here's how it works:
A passphrase should not consist of only one word, but a sentence, for example. You really should keep this passphrase “in your head” and never have to write it down. At the same time, it must not be possible to guess it. This may sound contradictory, but it is not. There are several proven methods of finding very unique and easy to remember passphrases, which cannot be easily guessed.
Think of a phrase that is very familiar to you, e.g.:
"People in glass houses should not be throwing stones."
Now, take every third letter of this sentence: oegsoehloerisn (People in glass houses should not be throwing stones.)
While it may not be easy to remember this sequence of letters, it is also unlikely that you will forget how to arrive at the passphrase as long as you remember the original sentence. Over time, and the more often you use the phrase, you will commit it to memory. No one else can guess the passphrase. Think of an event that you know you will never forget about. Maybe it’s a phrase that you will always associate with your child or partner, i.e. it has become “unforgettable”. Or a holiday memory or a line of text of a song that is personally important to you. Use capital and small letters, numbers, special characters and spaces, in any order. In principle, anything goes, including umlaute, special characters, digits etc.
I've struggled with a solution for years. What I realized early that is you need to be able to re-construct your password when your memory fails you and you can't find your list. What's needed is a method you use to create passwords combined with things that are well engrained in your memory. For example their are things in our life we don't forget. Our first love, first car, etc. Concatenate these words in together as part of your password. Make each password unique by some phrase that identifies the site.
For example, "NEPA crossroads" + "first love" + "first car" + "some punctuation characters" + "numbers". Numbers should be some that you already know, like a previous phone or house number. Don't use anything current, use numbers that had some past meaning to you and you can find if you really have too. Stringing all this together will result in a very long password. Shorten it by only using the first few characters in each sub-section of the algorithm. Your goal is 20 plus characters. Updating a particular password is easy, just interchange some of the subsections, i.e. interchange "first love" and "first car".
Think through your algorithm and write it down. Then start converting your existing passwords to it. Soon you will appreciate having a algorithm for creating passwords.
I keep lists of my passwords on an encrypted flash drive. I use a particularly secure one called "Iron Key". It pricy because the encryption to secure it is part of the hardware in the flash drive. For each account I also keep a file with answers to all those password recovery questions, "What's your high school mascot?", "Your best childhood friend", etc. Who can ever remember how you answered them. Did you capitalize, did you use a nickname, etc.?
If you need a really secure password, say one that gives to access to the encrypted flash drive, you need to do more. You use a passphrase. Here's how it works:
A passphrase should not consist of only one word, but a sentence, for example. You really should keep this passphrase “in your head” and never have to write it down. At the same time, it must not be possible to guess it. This may sound contradictory, but it is not. There are several proven methods of finding very unique and easy to remember passphrases, which cannot be easily guessed.
Think of a phrase that is very familiar to you, e.g.:
"People in glass houses should not be throwing stones."
Now, take every third letter of this sentence: oegsoehloerisn (People in glass houses should not be throwing stones.)
While it may not be easy to remember this sequence of letters, it is also unlikely that you will forget how to arrive at the passphrase as long as you remember the original sentence. Over time, and the more often you use the phrase, you will commit it to memory. No one else can guess the passphrase. Think of an event that you know you will never forget about. Maybe it’s a phrase that you will always associate with your child or partner, i.e. it has become “unforgettable”. Or a holiday memory or a line of text of a song that is personally important to you. Use capital and small letters, numbers, special characters and spaces, in any order. In principle, anything goes, including umlaute, special characters, digits etc.
- jpete
- Member
- Posts: 10829
- Joined: Thu. Nov. 22, 2007 9:52 am
- Location: Warwick, RI
- Hand Fed Coal Stove: Harman Mk II
- Coal Size/Type: Stove, Nut, Pea
- Other Heating: Dino juice
Doesn't matter. Your bank stores your information on a computer and is therefore vulnerable.davidmcbeth3 wrote:Anyone who banks online is goofy. Even if YOU have 10,000 passwords, those passwords may not be secret or secure.
I won't even do banking over the phone.
- davidmcbeth3
- Member
- Posts: 8505
- Joined: Sun. Jun. 14, 2009 2:31 pm
- Coal Size/Type: nut/pea/anthra
I use this code/PW for all websites:
If I forget it its easily found.
If I forget it its easily found.