Passwords - I am trying a new approach

Braces Airgun Masters
Haha, I know that feeling.
I don't use specific software like lastpass, but I do use a Secure Login add on for mozilla so I don't have to remember individual site logins & passwords any more.
 
Eyefor said:
Try

IWFTP01 (then 02, 03, 04 etc or any number you care)?

as in

I Won't Forget This Password 01......etc?
Click to expand...

Thanks, but that doesn't score very well. 38% on the following url. Needs to have special characters and be 20+ characters long I think. Lastpass is letting me set 64 character passwords if the application is up to it.

http://www.passwordmeter.com/

Secondly, I log onto lots of websites and the recommendation is not to use the same password on any two sites.

LastPass - Password Manager, Form Filler, Password Management is working well, except with IE8 at work. Regards JCS
 
bobt said:
why not use an old address? swapping letters for numbers in places.
Click to expand...

Bob. It's a rare day that I don't use ten different passwords and for things like HR, I might log on once or twice a year. Over the course of a year, I probably access over a 100 distinct systems. One option for the less frequently used systems is just to request a password reset each time you use them. Then use a password generator to set a strong password and then forget it.

https://www.grc.com/passwords.htm

Thanks JCS
 
Last edited:
This all sounds very worrying and a bit OTT, but I'm a complete novice at on-line security. I'm not sure what the point of changing passwords regularly is. If the website you're using can be hacked into then your new concoction is just as insecure as the last one.

Surely you need something which is fairly static and memorable to you so you're not likely to forget it, seek outside help, or have to write it down. You could use a randomizer and memorise a meaningless character string, but wouldn't want to be doing that too often or you'll lose track. You could invest in a bit of encryption software or generator as you've done, but that costs money and is out of your complete control.
The only way I can operate the couple of dozen sites I access is to use the same password (gasps) where 8 characters max. is the practical limit. I put some sort of keyword into a form which no-one can guess. I use scottish gaelic (which hardly anyone knows) and has a bizarre grammar that few understand, often including me ..... noun forms are unfathomable. It makes my PSW unpredictable so maybe quite hard to crack, and that's about all that bothers me.
 
Sinistral said:
..The only way I can operate the couple of dozen sites I access is to use the same password (gasps) where 8 characters max. is the practical limit. I put some sort of keyword into a form which no-one can guess. I use scottish gaelic (which hardly anyone knows) and has a bizarre grammar that few understand, often including me ..... noun forms are unfathomable. It makes my PSW unpredictable so maybe quite hard to crack, and that's about all that bothers me.
Click to expand...

How does your password score on http://www.passwordmeter.com/ ? Regards JCS
 
Sinistral said:
This all sounds very worrying and a bit OTT, but I'm a complete novice at on-line security. I'm not sure what the point of changing passwords regularly is. If the website you're using can be hacked into then your new concoction is just as insecure as the last one.

Surely you need something which is fairly static and memorable to you so you're not likely to forget it, seek outside help, or have to write it down. You could use a randomizer and memorise a meaningless character string, but wouldn't want to be doing that too often or you'll lose track. You could invest in a bit of encryption software or generator as you've done, but that costs money and is out of your complete control.
The only way I can operate the couple of dozen sites I access is to use the same password (gasps) where 8 characters max. is the practical limit. I put some sort of keyword into a form which no-one can guess. I use scottish gaelic (which hardly anyone knows) and has a bizarre grammar that few understand, often including me ..... noun forms are unfathomable. It makes my PSW unpredictable so maybe quite hard to crack, and that's about all that bothers me.
Click to expand...
Sounds like it could be a bit of an attraction to someone like Turing & his co workers!:-D
 
Contrary to popular opinion few passwords are 'cracked' by guessing an easy password, or by brute forcing a short password for that matter. Most compromises in security are due to the user giving the password away themselves, either via phishing emails/web sites or malware (keyloggers etc.), by writing it down somewhere, throwing away paperwork, or even telling someone who asks pretending to be in an official capacity.

The problem with very strict password policies (e.g. have to be very long, contain upper/lower/alphanumeric/special characters/have to be changed regularly) is that they are hard to remember so the users are much more likely to write them down or put them in their phone or email themselves (unencrypted) etc. thereby completely defeating the purpose of having an extra strong password in the first place.

I worked in IT security for a large defence company for ten years where security was understandably tight and password policies were over-the-top in my opinion and I have caught people with their login details written on a post-it note and stuck to the monitor! :doh:

There is nothing wrong with having an easy to remember word or name personal to yourself and perhaps a date or calibre or something that throws in a few numerics. You can even 'encode' it to the site, for example word 1 + first 5 digits of the website + numeric. If you can remember it and don't have to save it anywhere or write it down so it only exists in your mind and it is reasonably strong (say 10+ digits and alphanumeric) then you are not going to be compromised by someone guessing or brute forcing it.

That and good practice with your PC, good AV, make sure you are familiar with what phishing emails look like etc, don't get sucked in when 'Microsoft' calls you from India etc. and you aren't going to have any problems.

Alex
 
You must log in or register to reply here.

Similar threads

Help/Advice Sought: Open FAC Withdrawal Without Land
2
Replies
24
Views
2K
Bowland blades
Bowland blades
New import member here
Replies
7
Views
504
jcampbellsmith
jcampbellsmith
Shotgun certificate revoked due to cancer
3 4 5
Replies
93
Views
4K
PEM406
PEM406
  • Locked
Pulsar / Yukon warranty support issues - A warning to the community
Replies
13
Views
730
Community Team
Community Team
‘The Firearms Law Handbook’
Replies
9
Views
1K
Tim.243
Tim.243
Back
Top