On 09/02/2016 23:11, Jonno wrote:
David Lang scribbled


I've used the same password for years, nobody has a hope in hell of ever
guessing it. I can remember it.

Recently some site insist on having numbers as well, so I've had to add one.

Now the bloody things want an upper case letter as well!

How the 'kinell does that make anything more secure?

Surely it's my choice, not some bell end running a web site?

Apparently Tesco are expecting online shoppers to remember parts of
their passwords, like the 1st, 4th, 5th and 8th letters/digits.
Brilliant, the person who told me had to write out the password and pick
out the digits they required. So much for security.

That is actually a secure form of challenge and with practice you can
memorise a password to recall individual characters without writing it
down. The sites using this method that annoy me are the ones where you
have to hit tab to move between input fields. If you type in the entire
password and there is a keylogger and not countermeasures (or they too
have been compromised) then you are already lost.

The point is that you never disclose the entire password and on some
sites you input it using an unconventional no keyboard method.

Increasingly banking sites are using two factor password and PIN
challenges and allow you to customise the home page with a slogan and a
picture of your choice so you can easily spot a forgery.

--
Regards,
Martin Brown