Home |
Search |
Today's Posts |
|
UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
#81
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
"whisky-dave" wrote in message ... On Wednesday, 10 February 2016 08:24:14 UTC, The Natural Philosopher wrote: On 10/02/16 01:40, F Murtz wrote: I end up with extremely rude vulgar passwords in the end because of this practice. It is self defeating because everyone is writing their passwords down and carrying them with them because it id becoming impossible to remember them. The point about a password manager is this: If any one of your passwords that you use online is nicked, it doesn't compromise any others. unless it's the one used for the password manager. Only a fool would do that. Since you never use the master password except to unlock the password manager, it is unlikely that anyone will get to know it., unless they nick the device you use for whatever. Useless when they don't have the master password which is only in your head. Since the encrypted passwords are held on only one machine, its unlikely they will be hacked and cracked either what happens if that machine dies, or gets stolen. You get the encrypted passwords from the backup. This is the only way to ameliorate this habit of having totally different password requirements on sites. My system works I have a 'crib' sheet written in a particualar app which has all my passwords stored crypitaclly. so if yuo found out that Ferritors monthly, users name dave, password "61" how would you get to my Ferritors monthly subscription ? what would you type for the password ? Makes a lot more sense to use a proper password manager and have your passwords available on any device you use. but when I've forgotten my password I go to that document type in my master password and I see the number 61, and then I remmeber..... as a kid at school, me and my mates had codes. And rather than say to my mates corrrr.. look at the arse on that... I'd wink and say sixty-one and nod in a direction which actually means look at her/that "sexybum". sort of cockney slang. Doesn't work for passwords. of course you might not know that any passwrod I use for finacail stuff such as buying/selling I always spell in reverse or I always add 01 to the beginning or at the end or I use a "-" every 3 characters or it always ends in uppercase. Makes a lot more sense to use a proper password manager and have your passwords available on any device you use. And to have it fill out any forms you ever need to fill out with your data you only ever enter into the form filler once. If you have a reasonable memory and can set yourself rules then having lots of passwords isn't as big a problem as it might seem. Makes a lot more sense to use a proper password manager and have your passwords available on any device you use. And to have it fill out any forms you ever need to fill out with your data you only ever enter into the form filler once. |
#82
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 11:48, Martin Brown wrote:
On 10/02/2016 11:22, John Rumm wrote: On 10/02/2016 07:41, Mike Barnes wrote: Jonno wrote: Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. Those would be so much easier, if they presented a "fill in the blanks" form rather than telling us the digit positions. E.g. instead of presenting us with something like this, where ? represents an input field: Enter the 1st, 4th, 5th and 8th characters: ? ? ? ? they could present us with: Enter the requested characters: ? - - ? ? - - ? But that would require a level of user focus that seems to be lacking in the current generation of software designers. It would also be poorer security, since it discloses the length of the secret word, which may be all an attacker needs to select one of several possible options. Several banking sites do something like that - Santander for instance. I didn't people don't do it... some banking sites have made some curious security choices. Whereas Lloyds offer three drop down boxes to choose a character from. Drop downs are good since they circumvent capture by key loggers. Its the same reason that when you fail to log into a system it does not (or at least should not) distinguish between an unknown account name and a wrong password - thus preventing giving useful information to an attacker. Although it is damned annoying when the problem is that CAPS LOCK is on. It could halves the password space to give away that information but OTOH the only person likely to do this is the owner of the password! Its one of those things that's easy to detect on the local machine (as windows does on login), but not so easy with a web site. Keep in mind that if the web site has good security, they don't know what your password is. All they can do is see if what you entered matches the hash they generated from your original password. Either it matches or it does not, there are no shades of grey. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#83
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 16:42, Mike Barnes wrote:
John Rumm wrote: On 10/02/2016 07:41, Mike Barnes wrote: Jonno wrote: Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. Those would be so much easier, if they presented a "fill in the blanks" form rather than telling us the digit positions. E.g. instead of presenting us with something like this, where ? represents an input field: Enter the 1st, 4th, 5th and 8th characters: ? ? ? ? they could present us with: Enter the requested characters: ? - - ? ? - - ? But that would require a level of user focus that seems to be lacking in the current generation of software designers. It would also be poorer security, since it discloses the length of the secret word How does it do that? In the example above the length could be anything from eight upwards. So I am sat there looking at the post-it note on the side of your screen with a number of random words scribbled on it... I note only one of them is 8 or more characters long. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#84
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
wrote in message ... Jonno wrote: Jethro_uk scribbled 3) If cloud based, you can access your passwords anywhere in the world. How secure is the 'cloud' ? That is my main issue with stuff on the cloud. If someone has direct access to the 'cloud computer' then they're in an excellent position to brute force your password [manager]. Useless if it needs your fingerprint to be used. I share my encrypted secure (passwords and other things) files directly between my laptop and my desktop machines. Whenever the laptop is at home the files are synchronised. Thus I have the encrypted files with me just about all of the time. If I'm away without my laptop then I can ssh to my home desktop machine (two step process via another site, access not allowed directly to my home machine) and look at the encrypted files that way. I have an ssh client on my tablet and my phone. And there is no reason why the password manager can't require fingerprint access using your phone before it will fill in any password etc. It's even possible to design the total system so that even if someone holds a gun to your head and forces you to authorise access to the password manager using the fingerprint in the phone, it flags to the password manager that you have a gun held to your head at the time and so it whistles up the cops for you, completely automatically and takes photos of the crim who is holding a gun to your head too. |
#85
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 16:20, The Natural Philosopher wrote:
The first root password to try is always gandalf. You wouldn't get root access like that on the Unix machines I put in System X. There is no root on them. You had to load an archive to get root back and we never gave BT that. |
#86
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
The Natural Philosopher wrote:
The first root password to try is always gandalf. Only on Sun kit IME (or if admin has a Sun background) if not "gandalf" then "wand" ... |
#87
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
"Jethro_uk" wrote in message ... On Wed, 10 Feb 2016 03:45:31 -0800, whisky-dave wrote: On Wednesday, 10 February 2016 08:24:14 UTC, The Natural Philosopher wrote: On 10/02/16 01:40, F Murtz wrote: I end up with extremely rude vulgar passwords in the end because of this practice. It is self defeating because everyone is writing their passwords down and carrying them with them because it id becoming impossible to remember them. The point about a password manager is this: If any one of your passwords that you use online is nicked, it doesn't compromise any others. unless it's the one used for the password manager. Which isn't stored anywhere. Since you never use the master password except to unlock the password manager, it is unlikely that anyone will get to know it., unless they nick the device you use for whatever. So ? Lastpass stores your vault encrypted in the cloud. Takes seconds to provision a new device with it. As long as you complete the 2FA challege, of course. Since the encrypted passwords are held on only one machine, its unlikely they will be hacked and cracked either what happens if that machine dies, or gets stolen. See above This is the only way to ameliorate this habit of having totally different password requirements on sites. My system works I have a 'crib' sheet written in a particualar app which has all my passwords stored crypitaclly. so if yuo found out that Ferritors monthly, users name dave, password "61" how would you get to my Ferritors monthly subscription ? what would you type for the password ? but when I've forgotten my password I go to that document type in my master password and I see the number 61, and then I remmeber..... as a kid at school, me and my mates had codes. And rather than say to my mates corrrr.. look at the arse on that... I'd wink and say sixty-one and nod in a direction which actually means look at her/that "sexybum". sort of cockney slang. of course you might not know that any passwrod I use for finacail stuff such as buying/selling I always spell in reverse or I always add 01 to the beginning or at the end or I use a "-" every 3 characters or it always ends in uppercase. If you have a reasonable memory and can set yourself rules then having lots of passwords isn't as big a problem as it might seem. Trusting in memory is like trusting in hardware. To be honest, all of this discussion is moot anyway. Almost by definition the self-selecting group posting here are well up the tree when it comes to online risks. The chances of any uk.d-i-y poster being the victim of a password-related fraud is far smaller than for the general population anyway. Dunno, I've already looted Dave's bank accounts, he just hasnt noticed yet. |
#88
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 16:51, Mike Barnes wrote:
John Rumm wrote: On 10/02/2016 07:40, Mike Barnes wrote: What we're talking about is them disallowing some combinations of the same characters that have been available all along, and therefore *reducing* the number of legal combinations that have to be tested. I don't think that statement can be supported with maths ;-) I think it can. Go on then ;-) To be fair, I see what you are getting at, but the purpose of the exercise is to force users to use more of the available "combination space", even if that is at the cost of a small reduction in the total number of legal passwords available. So without the policy, a very fast crack attempt with all the dictionary words in all lower case, would get you into a percentage of accounts. With the policy, it will fail every time. If "password" is a legal password, the bad guy has to take the (admittedly small) time taken to test for it. If it's not legal, he doesn't have to test for it. but now he does have to test Password, pAssword, paSsword, pasSword, passWord, passwOrd, passwOrd, passwoRd, passworD, and PAssword, PaSsword.... PASSwORD.... PASSWORd and so on. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#89
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
Huge wrote:
Fingerprint readers can be fooled by lifting a print from a surface & impressing it onto a gelatine "finger". More difficult with the "swipe" rather than "prod" fingerprint readers, which makes it odd that the FIPS compliant ones seem to be the "prod" variety ... |
#90
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
Blanco wrote:
Much more convenient to use for the master access to the password manager or for your net banking and tap payment systems than a PIN or master password, particularly if there is a fallback to a master password if the fingerprint sensor stops working. Rather spoils the extra security if it has a fallback to a password though. -- Chris Green · |
#91
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
Martin Brown wrote:
Choose your favourite song or poem and a generating rule and you can have very memorable passwords that are all but unguessable. What do you do with sites that insist on a password change every month or so? -- Chris Green · |
#92
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
|
#93
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
|
#94
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 17:26, Blanco wrote:
Dunno, I've already looted Dave's bank accounts, he just hasnt noticed yet. You mean you stole my overdraft? -- Dave - The Medway Handyman |
#95
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 16:18, The Natural Philosopher wrote:
You mean you don't have daily backups? I have ten minute backups and daily, weekly, monthly, offsite, etc. All done automagically by windows and linux. If I lose it then there is a serious problem. |
#96
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
|
#97
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
F Murtz wrote
The Natural Philosopher wrote Jonathan wrote Rod Speed wrote Graham. wrote I just use a very decent password manager and form filler that allows you to only enter your info once and then it will fill in any form you like in any browser, manage your passwords completely, invent them as complex as you like, and which uses a single master password that you need to enter manually to use it, and keeps the completely encrypted database in synch across all the devices you own. Great when you start ordering from a new online seller etc. What happens when you upgrade to a new computer? copy the password database across to it. Its encrypted... And the hard drive has died? Get the encrypted password database from the backup. And if you have it auto synched between all your devices, its a complete yawn if one of the devices dies, just replace it and have it auto synched. |
#98
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
|
#99
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
Sam Plusnet wrote:
In , graham- says... One of your competitors, who supplies me with calls on my landline, asks for my web passworm as one of their security questions when I call their helpdesk. I have written to their CEO pointing out the error of their ways. In the meantime, I have changed my passworm to neveraskforpassword in order to make a point if I am asked again. How about when someone phones you, claiming to represent $%&** Company and then asks YOU for your password/ secret decoder ring/ mother's inside leg measurement etc. ? Mothers inside leg is tricky on two counts, 2 legs are rarely equal, at her age the measurements vary from month to month. Course, if cremated this is a another problem!! |
#100
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
"Huge" wrote in message ... On 2016-02-10, AnthonyL wrote: [snippage] And as a part of extra security my password manager will not accept biometric finger print access - no doubt for fear that someone has pinched my finger for nefarious purposes. Fingerprint readers can be fooled by lifting a print from a surface & impressing it onto a gelatine "finger". And it is perfectly possible for the fingerprint sensor to check if it’s a live finger, and not one on a corpse etc. |
#101
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
wrote in message ... Blanco wrote: Much more convenient to use for the master access to the password manager or for your net banking and tap payment systems than a PIN or master password, particularly if there is a fallback to a master password if the fingerprint sensor stops working. Rather spoils the extra security if it has a fallback to a password though. Not if it only falls back when the fingerprint sensor stops working. |
#102
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
"David Lang" wrote in message ... On 10/02/2016 17:26, Blanco wrote: Dunno, I've already looted Dave's bank accounts, he just hasnt noticed yet. You mean you stole my overdraft? Yep, ran them up to the max so you will have to pay it off. |
#103
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On Wednesday, 10 February 2016 18:03:06 UTC, wrote:
Choose your favourite song or poem and a generating rule and you can have very memorable passwords that are all but unguessable. What do you do with sites that insist on a password change every month or so? use mhallifwwasjan and mhallifwwasfeb, etc. Most only check for 'identical' password reuse and not 'similar'. There's a virtual screwfix voucher for anyone who can guess the origin of the password (which I haven't used on any real system). Owain |
#104
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
|
#105
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
John Rumm wrote:
On 10/02/2016 16:42, Mike Barnes wrote: John Rumm wrote: On 10/02/2016 07:41, Mike Barnes wrote: Jonno wrote: Apparently Tesco are expecting online shoppers to remember parts of their passwords, like the 1st, 4th, 5th and 8th letters/digits. Brilliant, the person who told me had to write out the password and pick out the digits they required. So much for security. Those would be so much easier, if they presented a "fill in the blanks" form rather than telling us the digit positions. E.g. instead of presenting us with something like this, where ? represents an input field: Enter the 1st, 4th, 5th and 8th characters: ? ? ? ? they could present us with: Enter the requested characters: ? - - ? ? - - ? But that would require a level of user focus that seems to be lacking in the current generation of software designers. It would also be poorer security, since it discloses the length of the secret word How does it do that? In the example above the length could be anything from eight upwards. So I am sat there looking at the post-it note on the side of your screen with a number of random words scribbled on it... I note only one of them is 8 or more characters long. No you don't, but if you did, so what? Both methods tell you that the length is eight or more, so there's no difference in the amount of information divulged. But there's a considerable difference in usability, because one method requires you to count and spell at the same time, and the other doesn't. -- Mike Barnes Cheshire, England |
#106
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
John Rumm wrote:
On 10/02/2016 16:51, Mike Barnes wrote: John Rumm wrote: On 10/02/2016 07:40, Mike Barnes wrote: What we're talking about is them disallowing some combinations of the same characters that have been available all along, and therefore *reducing* the number of legal combinations that have to be tested. I don't think that statement can be supported with maths ;-) I think it can. Go on then ;-) To be fair, I see what you are getting at, but the purpose of the exercise is to force users to use more of the available "combination space", even if that is at the cost of a small reduction in the total number of legal passwords available. So without the policy, a very fast crack attempt with all the dictionary words in all lower case, would get you into a percentage of accounts. With the policy, it will fail every time. If "password" is a legal password, the bad guy has to take the (admittedly small) time taken to test for it. If it's not legal, he doesn't have to test for it. but now he does have to test Password, pAssword, paSsword, pasSword, passWord, passwOrd, passwOrd, passwoRd, passworD, and PAssword, PaSsword.... PASSwORD.... PASSWORd and so on. He'd have to test those anyway. But I take your point about altering user behaviour, I just don't think that brute force is a polite way to do it. There are plenty of password systems which rank your password strength but leave the final choice up to you. To my mind those are far preferable to systems which force people to use passwords that they wouldn't otherwise use, and therefore might feel compelled to write down. -- Mike Barnes Cheshire, England |
#107
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 11/02/2016 00:04, Mike Barnes wrote:
No you don't, but if you did, so what? Both methods tell you that the length is eight or more, Not necessarily. One that presents a picture of all the character positions does. One that asks for three random character positions often won't - it might wan characters 1, 2 and 4 for example. so there's no difference in the amount of information divulged. But there's a considerable difference in usability, because one method requires you to count and spell at the same time, and the other doesn't. If you are going to use that technique, then put up a line of say 15 boxes every time, and highlight the cells you want. That way you give away less. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#108
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/2016 17:57, wrote:
Martin Brown wrote: Choose your favourite song or poem and a generating rule and you can have very memorable passwords that are all but unguessable. What do you do with sites that insist on a password change every month or so? IME most people do "password" the first month. Then passwordjan16, passeordfeb16 next month and so on... -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#109
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
The Natural Philosopher wrote:
On 10/02/16 15:22, F Murtz wrote: The Natural Philosopher wrote: On 10/02/16 10:53, Jonathan wrote: On Wednesday, February 10, 2016 at 2:49:55 AM UTC, Rod Speed wrote: "Graham." wrote in message ... I just use a very decent password manager and form filler that allows you to only enter your info once and then it will fill in any form you like in any browser, manage your passwords completely, invent them as complex as you like, and which uses a single master password that you need to enter manually to use it, and keeps the completely encrypted database in synch across all the devices you own. Great when you start ordering from a new online seller etc. What happens when you upgrade to a new computer? copy the password database across to it. Its encrypted... Jonathan And the hard drive has died? You mean you don't have daily backups? It is ,or used to just a password why should we be almost forced to go through all these contortions using software and the frailties of the computer storage Just to be able to use an horrible unremberable (just made up a new word) password |
#110
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
Rod Speed wrote:
F Murtz wrote The Natural Philosopher wrote Jonathan wrote Rod Speed wrote Graham. wrote I just use a very decent password manager and form filler that allows you to only enter your info once and then it will fill in any form you like in any browser, manage your passwords completely, invent them as complex as you like, and which uses a single master password that you need to enter manually to use it, and keeps the completely encrypted database in synch across all the devices you own. Great when you start ordering from a new online seller etc. What happens when you upgrade to a new computer? copy the password database across to it. Its encrypted... And the hard drive has died? Get the encrypted password database from the backup. And if you have it auto synched between all your devices, its a complete yawn if one of the devices dies, just replace it and have it auto synched. All this complication for what used to be simple. |
#111
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
John Rumm wrote:
On 11/02/2016 00:04, Mike Barnes wrote: No you don't, but if you did, so what? Both methods tell you that the length is eight or more, Not necessarily. One that presents a picture of all the character positions does. One that asks for three random character positions often won't - it might wan characters 1, 2 and 4 for example. The second was designed by a sensible person. The first wasn't. I was assuming the second. so there's no difference in the amount of information divulged. But there's a considerable difference in usability, because one method requires you to count and spell at the same time, and the other doesn't. If you are going to use that technique, then put up a line of say 15 boxes every time, and highlight the cells you want. That way you give away less. You're actually giving away *more* by indicating that the length doesn't exceed 15. Here's what I suggested again, unsnipped: --------------------------------------------------------------- Instead of presenting us with something like this, where ? represents an input field: Enter the 1st, 4th, 5th and 8th characters: ? ? ? ? they could present us with: Enter the requested characters: ? - - ? ? - - ? --------------------------------------------------------------- Turning the first into the second requires no knowledge of the length of the password. It's giving nothing away that wasn't there in the first place. -- Mike Barnes Cheshire, England |
#112
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 16:44, Mike Barnes wrote:
The Natural Philosopher wrote: The problem with the big Adobe style hacks, is that access to very little imporantinfo on yer adobe account, becomes a huge issue if you have the same username and password on a really important site, like your bank or something Which is why nobody with any sense would do that. which means that millions of people have no sense. -- No Apple devices were knowingly used in the preparation of this post. |
#113
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 17:22, dennis@home wrote:
On 10/02/2016 16:20, The Natural Philosopher wrote: The first root password to try is always gandalf. You wouldn't get root access like that on the Unix machines I put in System X. There is no root on them. You had to load an archive to get root back and we never gave BT that. Dear old Dennis. If they didn't have root as an UID/GID they wouldn't run. And you can always 'get root access' on Unix if you know what you are doing. -- He who ****s in the road, will meet flies on his return. "Mr Natural" |
#114
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 17:25, Andy Burns wrote:
The Natural Philosopher wrote: The first root password to try is always gandalf. Only on Sun kit IME (or if admin has a Sun background) if not "gandalf" then "wand" ... ...true... -- He who ****s in the road, will meet flies on his return. "Mr Natural" |
#115
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 19:18, Sam Plusnet wrote:
In article , graham- says... One of your competitors, who supplies me with calls on my landline, asks for my web passworm as one of their security questions when I call their helpdesk. I have written to their CEO pointing out the error of their ways. In the meantime, I have changed my passworm to neveraskforpassword in order to make a point if I am asked again. How about when someone phones you, claiming to represent $%&** Company and then asks YOU for your password/ secret decoder ring/ mother's inside leg measurement etc. ? Phone them back. On the number on your credit card or bank statement And tell them why you are doing it. After first dialling someone else to make sure they have put the phone down their end. -- Outside of a dog, a book is a man's best friend. Inside of a dog it's too dark to read. Groucho Marx |
#116
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 19:51, dennis@home wrote:
On 10/02/2016 16:18, The Natural Philosopher wrote: You mean you don't have daily backups? I have ten minute backups and daily, weekly, monthly, offsite, etc. All done automagically by windows and linux. If I lose it then there is a serious problem. Dennis, even for you that is making less sense then usual. I think, dear heart, that you may have 'lost it' already. -- Bureaucracy defends the status quo long past the time the quo has lost its status. Laurence Peter |
#117
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
On 10/02/16 21:09, Capitol wrote:
wrote: Martin wrote: Choose your favourite song or poem and a generating rule and you can have very memorable passwords that are all but unguessable. What do you do with sites that insist on a password change every month or so? Not use them. +1 -- Bureaucracy defends the status quo long past the time the quo has lost its status. Laurence Peter |
#118
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
"F Murtz" wrote in message eb.com... The Natural Philosopher wrote: On 10/02/16 15:22, F Murtz wrote: The Natural Philosopher wrote: On 10/02/16 10:53, Jonathan wrote: On Wednesday, February 10, 2016 at 2:49:55 AM UTC, Rod Speed wrote: "Graham." wrote in message ... I just use a very decent password manager and form filler that allows you to only enter your info once and then it will fill in any form you like in any browser, manage your passwords completely, invent them as complex as you like, and which uses a single master password that you need to enter manually to use it, and keeps the completely encrypted database in synch across all the devices you own. Great when you start ordering from a new online seller etc. What happens when you upgrade to a new computer? copy the password database across to it. Its encrypted... Jonathan And the hard drive has died? You mean you don't have daily backups? It is ,or used to just a password why should we be almost forced to go through all these contortions using software and the frailties of the computer storage Just to be able to use an horrible unremberable (just made up a new word) password Because there needs to be some way to work out if its you or not. You dont have to use a password if you use a fingerprint etc. |
#119
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
The Natural Philosopher wrote:
On 10/02/16 16:44, Mike Barnes wrote: The Natural Philosopher wrote: The problem with the big Adobe style hacks, is that access to very little imporantinfo on yer adobe account, becomes a huge issue if you have the same username and password on a really important site, like your bank or something Which is why nobody with any sense would do that. which means that millions of people have no sense. That's so true. Many security systems are not fit for purpose partly because they take little account of that fact. -- Mike Barnes Cheshire, England |
#120
Posted to uk.d-i-y
|
|||
|
|||
; TOT; Piggin passwords
Mike Barnes wrote:
wrote: Blanco wrote: Much more convenient to use for the master access to the password manager or for your net banking and tap payment systems than a PIN or master password, particularly if there is a fallback to a master password if the fingerprint sensor stops working. Rather spoils the extra security if it has a fallback to a password though. But it's not extra security. It's extra convenience. Really? -- Chris Green · |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
OT - Job seekers getting asked for Facebook passwords | Home Repair | |||
Passwords | Woodworking | |||
crack hotmail passwords | Home Repair | |||
crack msn passwords | Home Repair | |||
Ebay Hacked Again - Passwords - Credit Cards? | Woodworking |