Home |
Search |
Today's Posts |
|
UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
#41
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On Wednesday, February 10, 2016 at 2:49:55 AM UTC, Rod Speed wrote:
"Graham." wrote in message ... I just use a very decent password manager and form filler that allows you to only enter your info once and then it will fill in any form you like in any browser, manage your passwords completely, invent them as complex as you like, and which uses a single master password that you need to enter manually to use it, and keeps the completely encrypted database in synch across all the devices you own. Great when you start ordering from a new online seller etc. What happens when you upgrade to a new computer? Jonathan |
#42
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On Wednesday, 10 February 2016 00:34:05 UTC, Dave Plowman (News) wrote:
In article , Jonno wrote: Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. Barclays have used that for ages. A drop down menu. But perhaps they expect most people with a bank account can spell. what does spelling have to do with it the best passwords aren't spellable they even tell you not to use words in teh dictonary, how many wordss can you spell that arn't in the dictionary that yuo can remmeber. who can;t remebr how to spell password. but what if your password was psswrdao as a clue to the clueless I used this system for a while . you take a known name/word you can spell and rememeber but use constants 1st, then add the vowels at the end. or visa versa. Or how about turning your keyboard upside down, but this ,ight only work if you are a touch typist. |
#43
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On Wednesday, 10 February 2016 00:48:07 UTC, Graham. wrote:
On Wed, 10 Feb 2016 00:31:38 -0000, Sam Plusnet wrote: In article , says... I've used the same password for years, nobody has a hope in hell of ever guessing it. I can remember it. Recently some site insist on having numbers as well, so I've had to add one. Now the bloody things want an upper case letter as well! Didn't they ask for a non-alphanumeric character as well? Not trying hard enough. One of your competitors, who supplies me with calls on my landline, asks for my web passworm as one of their security questions when I call their helpdesk. I have written to their CEO pointing out the error of their ways. In the meantime, I have changed my passworm to neveraskforpassword in order to make a point if I am asked again. Probebly should have ROTted that ;-) That's an idea ROTted passworms, does anyone do that? Didn't a consumer show have someone complaining that their bank wouldn;t allow them to use an obscene password, well **** them I'd say. |
#44
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On Wed, 10 Feb 2016 11:22:44 +1100, "Blanco"
wrote: "ss" wrote in message ... On 09/02/2016 23:11, Jonno wrote: David Lang scribbled I've used the same password for years, nobody has a hope in hell of ever guessing it. I can remember it. Recently some site insist on having numbers as well, so I've had to add one. Now the bloody things want an upper case letter as well! How the 'kinell does that make anything more secure? Surely it's my choice, not some bell end running a web site? Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. I have so many passwords now that I cant remember that I have to write them down or put on a spreadsheet, not the best security. A decent password manager fixes that problem That way you only have to remember the master password or use a fingerprint sensor etc for that. The password manager concept is also being pulled apart. Mine can generate passwords but the often are not accepted by the host. I can copy username and password to clipboard but increasingly sites do not allow these to be pasted. Whilst I may know my passphrases fairly well I find it a struggle to pick out the 3rd, 7th and 9th characters without writing it down - though I have them written down in my password manager with the position type above, though the editor is not fixed font so another pain. Other sites require the entry to be via their little keyboard which jumbles the numbers up so I have to look for each one in a weird position. And as a part of extra security my password manager will not accept biometric finger print access - no doubt for fear that someone has pinched my finger for nefarious purposes. I do try to have different passwords for different sites especially where banking/finance are involved. I'm with the OP on this. It's becoming a PITA and I hope someone comes up with a better way. -- AnthonyL |
#45
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On Wednesday, 10 February 2016 07:43:41 UTC, Mike Barnes wrote:
Jonno wrote: Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. Those would be so much easier, if they presented a "fill in the blanks" form rather than telling us the digit positions. my bank has that system. I wish visa verification was like that. E.g. instead of presenting us with something like this, where ? represents an input field: Enter the 1st, 4th, 5th and 8th characters: ? ? ? ? they could present us with: Enter the requested characters: ? - - ? ? - - ? |
#46
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On Wed, 10 Feb 2016 10:23:43 +0000, charles wrote:
I count on my fingers since mine has 13 characters. You're from Norfolk? |
#47
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 07:41, Mike Barnes wrote:
Jonno wrote: Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. Those would be so much easier, if they presented a "fill in the blanks" form rather than telling us the digit positions. E.g. instead of presenting us with something like this, where ? represents an input field: Enter the 1st, 4th, 5th and 8th characters: ? ? ? ? they could present us with: Enter the requested characters: ? - - ? ? - - ? But that would require a level of user focus that seems to be lacking in the current generation of software designers. It would also be poorer security, since it discloses the length of the secret word, which may be all an attacker needs to select one of several possible options. Its the same reason that when you fail to log into a system it does not (or at least should not) distinguish between an unknown account name and a wrong password - thus preventing giving useful information to an attacker. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#48
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
In article ,
Andy Burns wrote: Dave Plowman (News) wrote: Jonno wrote: Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Barclays have used that for ages. Not for me the don't, I logon using my surname, sortcode and account number which are burnt into my brain having been the same for 30+ years, plus a one time code generated from my smartphone (or a PIN sentry device plus my debit card). What - details anyone could know from a cheque, etc? The old way - which still works here - is surname, online banking membership number, passcode number and memorable word. The memorable word bit asks for a random two letters from it, using a drop down menu. The only details of which that would be easy to find being the surname. Or, of course, the PIN sentry device. -- *Why is the time of day with the slowest traffic called rush hour? Dave Plowman London SW To e-mail, change noise into sound. |
#49
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
In article ,
Andy Burns wrote: Some of the worst websites simply store your password on their servers exactly as you type it, so their administrators don't need to guess it, they can see it, they usually know your email address too, so they *could* take your password home on a memory stick and try logging into eBay/facebook/banks etc. Given their crappy security practices they are probably more likely to get hacked and your password ends up in China/India/Russia ... Surely most would realise whether it could cost you if your password was found out or not? Only an idiot would use the same password for a bank account etc as Facebook. Except, of course for paranoids like the turnip. Those who think themselves so important that the world is interested in their tiniest detail. -- *Save the whale - I'll have it for my supper* Dave Plowman London SW To e-mail, change noise into sound. |
#50
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On Wednesday, 10 February 2016 08:24:14 UTC, The Natural Philosopher wrote:
On 10/02/16 01:40, F Murtz wrote: I end up with extremely rude vulgar passwords in the end because of this practice. It is self defeating because everyone is writing their passwords down and carrying them with them because it id becoming impossible to remember them. The point about a password manager is this: If any one of your passwords that you use online is nicked, it doesn't compromise any others. unless it's the one used for the password manager. Since you never use the master password except to unlock the password manager, it is unlikely that anyone will get to know it., unless they nick the device you use for whatever. Since the encrypted passwords are held on only one machine, its unlikely they will be hacked and cracked either what happens if that machine dies, or gets stolen. This is the only way to ameliorate this habit of having totally different password requirements on sites. My system works I have a 'crib' sheet written in a particualar app which has all my passwords stored crypitaclly. so if yuo found out that Ferritors monthly, users name dave, password "61" how would you get to my Ferritors monthly subscription ? what would you type for the password ? but when I've forgotten my password I go to that document type in my master password and I see the number 61, and then I remmeber..... as a kid at school, me and my mates had codes. And rather than say to my mates corrrr.. look at the arse on that... I'd wink and say sixty-one and nod in a direction which actually means look at her/that "sexybum". sort of cockney slang. of course you might not know that any passwrod I use for finacail stuff such as buying/selling I always spell in reverse or I always add 01 to the beginning or at the end or I use a "-" every 3 characters or it always ends in uppercase. If you have a reasonable memory and can set yourself rules then having lots of passwords isn't as big a problem as it might seem. |
#51
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
In article ,
whisky-dave wrote: Barclays have used that for ages. A drop down menu. But perhaps they expect most people with a bank account can spell. what does spelling have to do with it the best passwords aren't spellable they even tell you not to use words in teh dictonary, how many wordss can you spell that arn't in the dictionary that yuo can remmeber. who can;t remebr how to spell password. I rest my case. ;-) -- *Suicidal twin kills sister by mistake. Dave Plowman London SW To e-mail, change noise into sound. |
#52
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 11:22, John Rumm wrote:
On 10/02/2016 07:41, Mike Barnes wrote: Jonno wrote: Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. Those would be so much easier, if they presented a "fill in the blanks" form rather than telling us the digit positions. E.g. instead of presenting us with something like this, where ? represents an input field: Enter the 1st, 4th, 5th and 8th characters: ? ? ? ? they could present us with: Enter the requested characters: ? - - ? ? - - ? But that would require a level of user focus that seems to be lacking in the current generation of software designers. It would also be poorer security, since it discloses the length of the secret word, which may be all an attacker needs to select one of several possible options. Several banking sites do something like that - Santander for instance. Whereas Lloyds offer three drop down boxes to choose a character from. Its the same reason that when you fail to log into a system it does not (or at least should not) distinguish between an unknown account name and a wrong password - thus preventing giving useful information to an attacker. Although it is damned annoying when the problem is that CAPS LOCK is on. It could halves the password space to give away that information but OTOH the only person likely to do this is the owner of the password! -- Regards, Martin Brown |
#53
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
Dave Plowman (News) wrote:
Andy Burns wrote: I logon [to Barclays] using my surname, sortcode and account number which are burnt into my brain having been the same for 30+ years, What - details anyone could know from a cheque, etc? The surname/sortcode/account is used to identify *not* to authenticate. The smartphone needs a fingerprint to unlock, the banking app (or pinsentry plus debit card) needs a pin before it generates the code, which is what authenticates. |
#54
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On Wednesday, 10 February 2016 11:22:11 UTC, John Rumm wrote:
On 10/02/2016 07:41, Mike Barnes wrote: Jonno wrote: Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. Those would be so much easier, if they presented a "fill in the blanks" form rather than telling us the digit positions. E.g. instead of presenting us with something like this, where ? represents an input field: Enter the 1st, 4th, 5th and 8th characters: ? ? ? ? they could present us with: Enter the requested characters: ? - - ? ? - - ? But that would require a level of user focus that seems to be lacking in the current generation of software designers. It would also be poorer security, since it discloses the length of the secret word, And I don;t understand why they do that, it's uneccassary most peole if tehy know theier passwrod also know they lengh so why not use teh whole screen for blank characters like you have on forms. which may be all an attacker needs to select one of several possible options. Yes But I still think sitting at a computer (especailly a public one) and mumbling your password while counting on your fingers is far less secure. Its the same reason that when you fail to log into a system it does not (or at least should not) distinguish between an unknown account name and a wrong password - thus preventing giving useful information to an attacker. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#55
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
Dave Plowman (News) wrote:
Surely most would realise whether it could cost you if your password was found out or not? Well the O/P did say he's used "the same password for years", and I doubt he's alone in that, I was just explaining why it doesn't matter how unguessable he thinks the password is, as he can't be sure nobody else sees or stores it ... Only an idiot would use the same password for a bank account etc as Facebook. TMH, I'll hold your coat! |
#56
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
Jonno wrote:
Jethro_uk scribbled 3) If cloud based, you can access your passwords anywhere in the world. How secure is the 'cloud' ? That is my main issue with stuff on the cloud. If someone has direct access to the 'cloud computer' then they're in an excellent position to brute force your password [manager]. I share my encrypted secure (passwords and other things) files directly between my laptop and my desktop machines. Whenever the laptop is at home the files are synchronised. Thus I have the encrypted files with me just about all of the time. If I'm away without my laptop then I can ssh to my home desktop machine (two step process via another site, access not allowed directly to my home machine) and look at the encrypted files that way. I have an ssh client on my tablet and my phone. -- Chris Green · |
#57
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 11:45, whisky-dave wrote:
On Wednesday, 10 February 2016 08:24:14 UTC, The Natural Philosopher wrote: On 10/02/16 01:40, F Murtz wrote: I end up with extremely rude vulgar passwords in the end because of this practice. It is self defeating because everyone is writing their passwords down and carrying them with them because it id becoming impossible to remember them. The point about a password manager is this: If any one of your passwords that you use online is nicked, it doesn't compromise any others. unless it's the one used for the password manager. Since you never use the master password except to unlock the password manager, it is unlikely that anyone will get to know it., unless they nick the device you use for whatever. Since the encrypted passwords are held on only one machine, its unlikely they will be hacked and cracked either what happens if that machine dies, or gets stolen. This is the only way to ameliorate this habit of having totally different password requirements on sites. My system works I have a 'crib' sheet written in a particualar app which has all my passwords stored crypitaclly. so if yuo found out that Ferritors monthly, users name dave, password "61" how would you get to my Ferritors monthly subscription ? what would you type for the password ? but when I've forgotten my password I go to that document type in my master password and I see the number 61, and then I remmeber..... as a kid at school, me and my mates had codes. And rather than say to my mates corrrr.. look at the arse on that... I'd wink and say sixty-one and nod in a direction which actually means look at her/that "sexybum". sort of cockney slang. of course you might not know that any passwrod I use for finacail stuff such as buying/selling I always spell in reverse or I always add 01 to the beginning or at the end or I use a "-" every 3 characters or it always ends in uppercase. If you have a reasonable memory and can set yourself rules then having lots of passwords isn't as big a problem as it might seem. Paranoia all of it. The whole world can have access to anything of mine apart from bank stuff, .....and the pin-ups. |
#58
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 10:53, Jonathan wrote:
On Wednesday, February 10, 2016 at 2:49:55 AM UTC, Rod Speed wrote: "Graham." wrote in message ... I just use a very decent password manager and form filler that allows you to only enter your info once and then it will fill in any form you like in any browser, manage your passwords completely, invent them as complex as you like, and which uses a single master password that you need to enter manually to use it, and keeps the completely encrypted database in synch across all the devices you own. Great when you start ordering from a new online seller etc. What happens when you upgrade to a new computer? copy the password database across to it. Its encrypted... Jonathan -- Karl Marx said religion is the opium of the people. But Marxism is the crack cocaine. |
#59
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 10:59, AnthonyL wrote:
On Wed, 10 Feb 2016 11:22:44 +1100, "Blanco" wrote: "ss" wrote in message ... On 09/02/2016 23:11, Jonno wrote: David Lang scribbled I've used the same password for years, nobody has a hope in hell of ever guessing it. I can remember it. Recently some site insist on having numbers as well, so I've had to add one. Now the bloody things want an upper case letter as well! How the 'kinell does that make anything more secure? Surely it's my choice, not some bell end running a web site? Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. I have so many passwords now that I cant remember that I have to write them down or put on a spreadsheet, not the best security. A decent password manager fixes that problem That way you only have to remember the master password or use a fingerprint sensor etc for that. The password manager concept is also being pulled apart. Mine can generate passwords but the often are not accepted by the host. use a manager that will display your passwords in plain text, if asked. You can then retype them I can copy username and password to clipboard but increasingly sites do not allow these to be pasted. Whilst I may know my passphrases fairly well I find it a struggle to pick out the 3rd, 7th and 9th characters without writing it down - though I have them written down in my password manager with the position type above, though the editor is not fixed font so another pain. Other sites require the entry to be via their little keyboard which jumbles the numbers up so I have to look for each one in a weird position. And as a part of extra security my password manager will not accept biometric finger print access - no doubt for fear that someone has pinched my finger for nefarious purposes. I do try to have different passwords for different sites especially where banking/finance are involved. I'm with the OP on this. It's becoming a PITA and I hope someone comes up with a better way. there is no real other way - if it were that easy we would already have done it. You dont need to be an IT expert to answer the basic question - if someo0nbe or something at the other end of an insecure connection wants to know its me at the other, how can they do it? And that's before we even ask the question 'am I the same person today as I was yesterday' -- Karl Marx said religion is the opium of the people. But Marxism is the crack cocaine. |
#60
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 08:44, The Natural Philosopher wrote:
On 10/02/16 08:38, Martin Brown wrote: I find it annoying when they don't specify which character set is allowed and my choice is too unusual for their password filter. And they don't tell you what the password filter is, only why you failed it. So you enter passwords over and over with a different error each time. You have that problem too then? A bit like the joke the OP posted. -- Regards, Martin Brown |
#61
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 09:18, Andy Burns wrote:
David Lang wrote: I've used the same password for years, nobody has a hope in hell of ever guessing it. Some of the worst websites simply store your password on their servers exactly as you type it, so their administrators don't need to guess it, they can see it, they usually know your email address too, so they *could* take your password home on a memory stick and try logging into eBay/facebook/banks etc. Given their crappy security practices they are probably more likely to get hacked and your password ends up in China/India/Russia ... Scary the idea of passwords being held in the clear but that is why I have independent ones for every site. The low security ones for reading free newspapers and the like would not take too much guessing. Things that allow writing are a bit more secure and then there are a small number of really tough ones for banking and the like. Choose your favourite song or poem and a generating rule and you can have very memorable passwords that are all but unguessable. Good websites should store passwords in a "salted hashed" format so they can tell if you got it right, but they can't see it, the complexity requirements you see are so that even if someone hacks their server and steals the salted/hashed copy of your password, it would take the hackers centuries to decode it. Depends on how much resources the attackers are willing to deploy. Salted hashed is about as good as it gets, but if the attacker knows the code used (or has grabbed that too) then all bets are off. That or spear phishing I presume is how Impact Team did Ashley Madison. http://krebsonsecurity.com/2015/07/o...adison-hacked/ I recall my university mainframe originally had default PW=Userid until some enterprising individual grabbed the password hash file and the userid file and then used it to print a list of all default PW=Userid accounts and their resources to the system monitor console. I taught my wife to use the same system as I use. Her works password even written down for a service engineer requires him to look at the piece of paper and the keyboard to enter it since unless you know the generating rule there is apparently neither rhyme nor reason to it. They have a corporate policy of monthly password changes with no reuse (ever) which I think is ludicrous. Plenty of screens have postit's on and usually it is the senior managers that are worst offenders. -- Regards, Martin Brown |
#62
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
The Natural Philosopher wrote:
On 10/02/16 10:53, Jonathan wrote: On Wednesday, February 10, 2016 at 2:49:55 AM UTC, Rod Speed wrote: "Graham." wrote in message ... I just use a very decent password manager and form filler that allows you to only enter your info once and then it will fill in any form you like in any browser, manage your passwords completely, invent them as complex as you like, and which uses a single master password that you need to enter manually to use it, and keeps the completely encrypted database in synch across all the devices you own. Great when you start ordering from a new online seller etc. What happens when you upgrade to a new computer? copy the password database across to it. Its encrypted... Jonathan And the hard drive has died? |
#63
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 00:30, T i m wrote:
Oh, and they even contacted me because 'Some of the passwords would be easy to guess' ... like L10nKing$ Like why? The owner of that account wasn't into Disney, lions, kings or even had kids! Any password that is on a password list is likely to be easy. You can download such lists so you can crack poorly implemented sites, etc. The chances of anyone guessing say two words and a number concatenated within the three or so tries a secure site should allow are pretty low without needing any specials. Now if its a password for say a document, where they can take as long as they like to crack it, its a different matter. |
#64
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 2/10/2016 2:10 PM, The Natural Philosopher wrote:
On 10/02/16 10:59, AnthonyL wrote: On Wed, 10 Feb 2016 11:22:44 +1100, "Blanco" wrote: "ss" wrote in message ... On 09/02/2016 23:11, Jonno wrote: David Lang scribbled I've used the same password for years, nobody has a hope in hell of ever guessing it. I can remember it. Recently some site insist on having numbers as well, so I've had to add one. Now the bloody things want an upper case letter as well! How the 'kinell does that make anything more secure? Surely it's my choice, not some bell end running a web site? Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. I have so many passwords now that I cant remember that I have to write them down or put on a spreadsheet, not the best security. A decent password manager fixes that problem That way you only have to remember the master password or use a fingerprint sensor etc for that. The password manager concept is also being pulled apart. Mine can generate passwords but the often are not accepted by the host. use a manager that will display your passwords in plain text, if asked. You can then retype them I can copy username and password to clipboard but increasingly sites do not allow these to be pasted. Whilst I may know my passphrases fairly well I find it a struggle to pick out the 3rd, 7th and 9th characters without writing it down - though I have them written down in my password manager with the position type above, though the editor is not fixed font so another pain. Other sites require the entry to be via their little keyboard which jumbles the numbers up so I have to look for each one in a weird position. And as a part of extra security my password manager will not accept biometric finger print access - no doubt for fear that someone has pinched my finger for nefarious purposes. I do try to have different passwords for different sites especially where banking/finance are involved. I'm with the OP on this. It's becoming a PITA and I hope someone comes up with a better way. there is no real other way - if it were that easy we would already have done it. You dont need to be an IT expert to answer the basic question - if someo0nbe or something at the other end of an insecure connection wants to know its me at the other, how can they do it? And that's before we even ask the question 'am I the same person today as I was yesterday' Which is why more and more banks, as well as Microsoft, use two factor authentication. |
#65
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
"Jonno" wrote in message ... Blanco scribbled A decent password manager fixes that problem That way you only have to remember the master password or use a fingerprint sensor etc for that. **** using fingerprints. Much more convenient to use for the master access to the password manager or for your net banking and tap payment systems than a PIN or master password, particularly if there is a fallback to a master password if the fingerprint sensor stops working. |
#66
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 14:15, Tim Streater wrote:
In article , Martin Brown wrote: Although it is damned annoying when the problem is that CAPS LOCK is on. Much the best thing is to permanently disable caps-lock. +1. Here it allows me to enter 'spècïâl' characters, inßtead, now -- Karl Marx said religion is the opium of the people. But Marxism is the crack cocaine. |
#67
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 14:37, Martin Brown wrote:
On 10/02/2016 08:44, The Natural Philosopher wrote: On 10/02/16 08:38, Martin Brown wrote: I find it annoying when they don't specify which character set is allowed and my choice is too unusual for their password filter. And they don't tell you what the password filter is, only why you failed it. So you enter passwords over and over with a different error each time. You have that problem too then? A bit like the joke the OP posted. yep. it was so true it almost wasn't funny. -- No Apple devices were knowingly used in the preparation of this post. |
#68
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 14:56, Capitol wrote:
As his computer security is professional grade, it could have only come from one of the on line suppliers storing information or having poor security. Not necessarily. For example, you might have used a card in a compromised machine, or someone who collects this info might have some or all of the info from a dropped credit card receipt. My cards have always had the same 12 digits FIRST and then the last 4 are changed with a new card. My receipts show in fact the last four digits ONLY. Not hard too work out my car number from a dropped receipt...and maybe an old card Armed with a thousand card numbers and only a 3 digit security code on the back, its very likely you will hit on at least one card that you get 'right first time' and which can then be raped. "computer security is professional grade" reminds me of the time my security consultant visited a Very Large Company to audit their (Internet) firewall. It was, he said, rather good, but pointless, because several employees had attached dial in modems to their DDI extensions and their PCS in order to allow total access to their normal company network work environment when working from home... -- No Apple devices were knowingly used in the preparation of this post. |
#69
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 15:22, F Murtz wrote:
The Natural Philosopher wrote: On 10/02/16 10:53, Jonathan wrote: On Wednesday, February 10, 2016 at 2:49:55 AM UTC, Rod Speed wrote: "Graham." wrote in message ... I just use a very decent password manager and form filler that allows you to only enter your info once and then it will fill in any form you like in any browser, manage your passwords completely, invent them as complex as you like, and which uses a single master password that you need to enter manually to use it, and keeps the completely encrypted database in synch across all the devices you own. Great when you start ordering from a new online seller etc. What happens when you upgrade to a new computer? copy the password database across to it. Its encrypted... Jonathan And the hard drive has died? You mean you don't have daily backups? -- "It is an established fact to 97% confidence limits that left wing conspirators see right wing conspiracies everywhere" |
#70
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 15:52, dennis@home wrote:
On 10/02/2016 00:30, T i m wrote: Oh, and they even contacted me because 'Some of the passwords would be easy to guess' ... like L10nKing$ Like why? The owner of that account wasn't into Disney, lions, kings or even had kids! Any password that is on a password list is likely to be easy. You can download such lists so you can crack poorly implemented sites, etc. The chances of anyone guessing say two words and a number concatenated within the three or so tries a secure site should allow are pretty low without needing any specials. Now if its a password for say a document, where they can take as long as they like to crack it, its a different matter. The first root password to try is always gandalf. -- "It is an established fact to 97% confidence limits that left wing conspirators see right wing conspiracies everywhere" |
#71
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
"Jonathan" wrote in message ... On Wednesday, February 10, 2016 at 2:49:55 AM UTC, Rod Speed wrote: "Graham." wrote in message ... I just use a very decent password manager and form filler that allows you to only enter your info once and then it will fill in any form you like in any browser, manage your passwords completely, invent them as complex as you like, and which uses a single master password that you need to enter manually to use it, and keeps the completely encrypted database in synch across all the devices you own. Great when you start ordering from a new online seller etc. What happens when you upgrade to a new computer? You install it on that too. The database is fully encrypted so you can either just manually copy that to the new computer or if you are using the version that keeps the password database in synch across all your devices, or keeps the encrypted database in the cloud, just add the new device. You can also have the whole thing on a USB stick or any other form of removable media and just move that to the new computer and keep it somewhere secure when you aren't in the house etc too. |
#72
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 16:08, Jethro_uk wrote:
On Wed, 10 Feb 2016 15:52:36 +0000, dennis@home wrote: On 10/02/2016 00:30, T i m wrote: Oh, and they even contacted me because 'Some of the passwords would be easy to guess' ... like L10nKing$ Like why? The owner of that account wasn't into Disney, lions, kings or even had kids! Any password that is on a password list is likely to be easy. You can download such lists so you can crack poorly implemented sites, etc. The chances of anyone guessing say two words and a number concatenated within the three or so tries a secure site should allow are pretty low without needing any specials. Now if its a password for say a document, where they can take as long as they like to crack it, its a different matter. The problem is, if the attackers get unfettered access to the database (as has happened a lot) then they also have all the time in the world to crack the encrypted passwords. But that may in fact be still an impossible task. I had occasion to actually use salted hashes, and no two salted hashes of the same password are the same.. https://en.wikipedia.org/wiki/Salt_%28cryptography%29 That's *if* they were encrypted. Goodness knows how many websites store passwords in plaintext (underscoring my point previously that once you press "enter" you have no idea what happens to your password). Not many for anything important. however there are many that use old, short key but 'library' password routines. The problem with the big Adobe style hacks, is that access to very little imporantinfo on yer adobe account, becomes a huge issue if you have the same username and password on a really important site, like your bank or something -- If you tell a lie big enough and keep repeating it, people will eventually come to believe it. The lie can be maintained only for such time as the State can shield the people from the political, economic and/or military consequences of the lie. It thus becomes vitally important for the State to use all of its powers to repress dissent, for the truth is the mortal enemy of the lie, and thus by extension, the truth is the greatest enemy of the State. Joseph Goebbels |
#73
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
AnthonyL wrote:
On Wed, 10 Feb 2016 07:41:55 +0000, Mike Barnes wrote: Jonno wrote: Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. Those would be so much easier, if they presented a "fill in the blanks" form rather than telling us the digit positions. E.g. instead of presenting us with something like this, where ? represents an input field: Enter the 1st, 4th, 5th and 8th characters: ? ? ? ? they could present us with: Enter the requested characters: ? - - ? ? - - ? But that would require a level of user focus that seems to be lacking in the current generation of software designers. The latter gives away the size of the passphrase which I think is why there has been a move away from it. All you can tell is that it's at least eight characters, which is what you can tell from the first method. -- Mike Barnes Cheshire, England |
#74
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
John Rumm wrote:
On 10/02/2016 07:41, Mike Barnes wrote: Jonno wrote: Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. Those would be so much easier, if they presented a "fill in the blanks" form rather than telling us the digit positions. E.g. instead of presenting us with something like this, where ? represents an input field: Enter the 1st, 4th, 5th and 8th characters: ? ? ? ? they could present us with: Enter the requested characters: ? - - ? ? - - ? But that would require a level of user focus that seems to be lacking in the current generation of software designers. It would also be poorer security, since it discloses the length of the secret word How does it do that? In the example above the length could be anything from eight upwards. -- Mike Barnes Cheshire, England |
#75
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
The Natural Philosopher wrote:
The problem with the big Adobe style hacks, is that access to very little imporantinfo on yer adobe account, becomes a huge issue if you have the same username and password on a really important site, like your bank or something Which is why nobody with any sense would do that. -- Mike Barnes Cheshire, England |
#76
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
"AnthonyL" wrote in message ... On Wed, 10 Feb 2016 11:22:44 +1100, "Blanco" wrote: "ss" wrote in message ... On 09/02/2016 23:11, Jonno wrote: David Lang scribbled I've used the same password for years, nobody has a hope in hell of ever guessing it. I can remember it. Recently some site insist on having numbers as well, so I've had to add one. Now the bloody things want an upper case letter as well! How the 'kinell does that make anything more secure? Surely it's my choice, not some bell end running a web site? Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. I have so many passwords now that I cant remember that I have to write them down or put on a spreadsheet, not the best security. A decent password manager fixes that problem That way you only have to remember the master password or use a fingerprint sensor etc for that. The password manager concept is also being pulled apart. Not possible with a well designed one. Mine can generate passwords but the often are not accepted by the host. Mine has never generated a password that has not been accepted, presumably because a lot more work has gone into the character set that it uses. I can copy username and password to clipboard but increasingly sites do not allow these to be pasted. The best password managers are indistinguishable from someone typing the password and username. Perfectly possible to make it look like a human typing. Whilst I may know my passphrases fairly well I find it a struggle to pick out the 3rd, 7th and 9th characters without writing it down - And that is another thing a well designed password manager can do for you completely automatically. though I have them written down in my password manager with the position type above, though the editor is not fixed font so another pain. Clearly a well designed password manager can use a fixed font. Other sites require the entry to be via their little keyboard which jumbles the numbers up so I have to look for each one in a weird position. And a password manager can do that too. And as a part of extra security my password manager will not accept biometric finger print access - no doubt for fear that someone has pinched my finger for nefarious purposes. No reason why the password manager can't use 2 factor security for itself. And use anything it likes like the camera to check if it’s the owner too. I do try to have different passwords for different sites especially where banking/finance are involved. I not only try, I succeed in doing that. I'm with the OP on this. It's becoming a PITA and I hope someone comes up with a better way. The better way is here now, the best password managers. |
#77
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
"Jonno" wrote in message ... Tim Streater scribbled In article , Jonno wrote: Blanco scribbled A decent password manager fixes that problem That way you only have to remember the master password or use a fingerprint sensor etc for that. **** using fingerprints. As I suspected, you are a bot and so have no fingerprints. I only have one set of fingerprints. I can change passwords all day long, I can't change my fingerprints. We know websites are constantly under attack to obtain passwords. What happens if someone gets a copy of my fingerprints? I don't mean a photograph, in case you're thinking along those lines. Not possible to use them with the best fingerprint systems. When it's done on a phone, the phone can monitor what you are up to using the camera and can refuse to accept anything if you stop it watching what you are doing. It can also check that its you using the fingerprint sensor and not someone else and can have a two factor access system too. |
#78
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
John Rumm wrote:
On 10/02/2016 07:40, Mike Barnes wrote: What we're talking about is them disallowing some combinations of the same characters that have been available all along, and therefore *reducing* the number of legal combinations that have to be tested. I don't think that statement can be supported with maths ;-) I think it can. If "password" is a legal password, the bad guy has to take the (admittedly small) time taken to test for it. If it's not legal, he doesn't have to test for it. -- Mike Barnes Cheshire, England |
#79
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
"Jonno" wrote in message ... Jethro_uk scribbled 3) If cloud based, you can access your passwords anywhere in the world. How secure is the 'cloud' ? Doesn't matter with an encrypted database. How secure is your access to the 'cloud' ? Doesn't matter with an encrypted database. |
#80
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On Wednesday, 10 February 2016 16:44:31 UTC, Blanco wrote:
The better way is here now, the best password managers. Does that include the free ones that facebook and the like advertise, you just stick your passwords in it and they'll sort everything out for you for free. |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
OT - Job seekers getting asked for Facebook passwords | Home Repair | |||
Passwords | Woodworking | |||
crack hotmail passwords | Home Repair | |||
crack msn passwords | Home Repair | |||
Ebay Hacked Again - Passwords - Credit Cards? | Woodworking |