"whisky-dave" wrote in message
...
On Wednesday, 10 February 2016 08:24:14 UTC, The Natural Philosopher
wrote:
On 10/02/16 01:40, F Murtz wrote:

I end up with extremely rude vulgar passwords in the end because of
this practice.
It is self defeating because everyone is writing their passwords down
and carrying them with them because it id becoming impossible to
remember them.


The point about a password manager is this:

If any one of your passwords that you use online is nicked, it doesn't
compromise any others.

unless it's the one used for the password manager.

Only a fool would do that.

Since you never use the master password except to unlock the
password manager, it is unlikely that anyone will get to know it.,

unless they nick the device you use for whatever.

Useless when they don't have the master password which is only in your head.

Since the encrypted passwords are held on only one
machine, its unlikely they will be hacked and cracked either

what happens if that machine dies, or gets stolen.

You get the encrypted passwords from the backup.

This is the only way to ameliorate this habit of having
totally different password requirements on sites.

My system works I have a 'crib' sheet written in a particualar
app which has all my passwords stored crypitaclly.
so if yuo found out that

Ferritors monthly, users name dave, password "61"

how would you get to my Ferritors monthly subscription ?
what would you type for the password ?

Makes a lot more sense to use a proper password manager
and have your passwords available on any device you use.

but when I've forgotten my password I go to that document type in
my master password and I see the number 61, and then I remmeber.....
as a kid at school, me and my mates had codes.
And rather than say to my mates corrrr.. look at the arse on that...
I'd wink and say sixty-one and nod in a direction which actually
means look at her/that "sexybum".

sort of cockney slang.

Doesn't work for passwords.

of course you might not know that any passwrod I use for finacail
stuff such as buying/selling I always spell in reverse or I always add
01 to the beginning or at the end or I use a "-" every 3 characters
or it always ends in uppercase.

Makes a lot more sense to use a proper password manager
and have your passwords available on any device you use.
And to have it fill out any forms you ever need to fill out
with your data you only ever enter into the form filler once.

If you have a reasonable memory and can set yourself rules then
having lots of passwords isn't as big a problem as it might seem.

Makes a lot more sense to use a proper password manager
and have your passwords available on any device you use.
And to have it fill out any forms you ever need to fill out
with your data you only ever enter into the form filler once.

On 10/02/2016 11:48, Martin Brown wrote:
On 10/02/2016 11:22, John Rumm wrote:
On 10/02/2016 07:41, Mike Barnes wrote:
Jonno wrote:
Apparently Tesco are expecting online shoppers to remember parts of
their passwords, like the 1st, 4th, 5th and 8th letters/digits.
Brilliant, the person who told me had to write out the password and
pick
out the digits they required. So much for security.

Those would be so much easier, if they presented a "fill in the blanks"
form rather than telling us the digit positions.

E.g. instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?

But that would require a level of user focus that seems to be lacking in
the current generation of software designers.

It would also be poorer security, since it discloses the length of the
secret word, which may be all an attacker needs to select one of several
possible options.

Several banking sites do something like that - Santander for instance.

I didn't people don't do it... some banking sites have made some curious
security choices.

Whereas Lloyds offer three drop down boxes to choose a character from.

Drop downs are good since they circumvent capture by key loggers.

Its the same reason that when you fail to log into a system it does not
(or at least should not) distinguish between an unknown account name and
a wrong password - thus preventing giving useful information to an
attacker.

Although it is damned annoying when the problem is that CAPS LOCK is on.

It could halves the password space to give away that information but
OTOH the only person likely to do this is the owner of the password!

Its one of those things that's easy to detect on the local machine (as
windows does on login), but not so easy with a web site. Keep in mind
that if the web site has good security, they don't know what your
password is. All they can do is see if what you entered matches the hash
they generated from your original password. Either it matches or it does
not, there are no shades of grey.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 10/02/2016 16:42, Mike Barnes wrote:
John Rumm wrote:
On 10/02/2016 07:41, Mike Barnes wrote:
Jonno wrote:
Apparently Tesco are expecting online shoppers to remember parts of
their passwords, like the 1st, 4th, 5th and 8th letters/digits.
Brilliant, the person who told me had to write out the password and
pick
out the digits they required. So much for security.

Those would be so much easier, if they presented a "fill in the blanks"
form rather than telling us the digit positions.

E.g. instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?

But that would require a level of user focus that seems to be lacking in
the current generation of software designers.

It would also be poorer security, since it discloses the length of the
secret word

How does it do that? In the example above the length could be anything
from eight upwards.

So I am sat there looking at the post-it note on the side of your screen
with a number of random words scribbled on it... I note only one of them
is 8 or more characters long.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

wrote in message ...
Jonno wrote:
Jethro_uk scribbled


3) If cloud based, you can access your passwords anywhere in the world.

How secure is the 'cloud' ?

That is my main issue with stuff on the cloud. If someone has direct
access to the 'cloud computer' then they're in an excellent position
to brute force your password [manager].

Useless if it needs your fingerprint to be used.

I share my encrypted secure (passwords and other things) files
directly between my laptop and my desktop machines. Whenever
the laptop is at home the files are synchronised. Thus I have the
encrypted files with me just about all of the time.

If I'm away without my laptop then I can ssh to my home desktop
machine (two step process via another site, access not allowed
directly to my home machine) and look at the encrypted files that way.
I have an ssh client on my tablet and my phone.

And there is no reason why the password manager
can't require fingerprint access using your phone
before it will fill in any password etc.

It's even possible to design the total system so that
even if someone holds a gun to your head and forces
you to authorise access to the password manager
using the fingerprint in the phone, it flags to the
password manager that you have a gun held to
your head at the time and so it whistles up the
cops for you, completely automatically and takes
photos of the crim who is holding a gun to your
head too.

On 10/02/2016 16:20, The Natural Philosopher wrote:

The first root password to try is always gandalf.



You wouldn't get root access like that on the Unix machines I put in
System X. There is no root on them. You had to load an archive to get
root back and we never gave BT that.

The Natural Philosopher wrote:

The first root password to try is always gandalf.

Only on Sun kit IME (or if admin has a Sun background) if not "gandalf"
then "wand" ...

"Jethro_uk" wrote in message
...
On Wed, 10 Feb 2016 03:45:31 -0800, whisky-dave wrote:

On Wednesday, 10 February 2016 08:24:14 UTC, The Natural Philosopher
wrote:
On 10/02/16 01:40, F Murtz wrote:

I end up with extremely rude vulgar passwords in the end because of
this practice.
It is self defeating because everyone is writing their passwords down
and carrying them with them because it id becoming impossible to
remember them.


The point about a password manager is this:

If any one of your passwords that you use online is nicked, it doesn't
compromise any others.

unless it's the one used for the password manager.

Which isn't stored anywhere.



Since you never use the master password except to unlock the password
manager, it is unlikely that anyone will get to know it.,

unless they nick the device you use for whatever.



So ? Lastpass stores your vault encrypted in the cloud. Takes seconds to
provision a new device with it. As long as you complete the 2FA challege,
of course.

Since the encrypted passwords are held on only one machine, its
unlikely they will be hacked and cracked either

what happens if that machine dies, or gets stolen.



See above

This is the only way to ameliorate this habit of having totally
different password requirements on sites.

My system works I have a 'crib' sheet written in a particualar app which
has all my passwords stored crypitaclly.
so if yuo found out that

Ferritors monthly, users name dave, password "61"

how would you get to my Ferritors monthly subscription ?
what would you type for the password ?

but when I've forgotten my password I go to that document type in my
master password and I see the number 61, and then I remmeber.....
as a kid at school, me and my mates had codes.
And rather than say to my mates corrrr.. look at the arse on that...
I'd wink and say sixty-one and nod in a direction which actually means
look at her/that "sexybum".

sort of cockney slang.

of course you might not know that any passwrod I use for finacail stuff
such as buying/selling I always spell in reverse or I always add 01 to
the beginning or at the end or I use a "-" every 3 characters or it
always ends in uppercase.

If you have a reasonable memory and can set yourself rules then having
lots of passwords isn't as big a problem as it might seem.

Trusting in memory is like trusting in hardware.

To be honest, all of this discussion is moot anyway. Almost by definition
the self-selecting group posting here are well up the tree when it comes
to online risks. The chances of any uk.d-i-y poster being the victim of a
password-related fraud is far smaller than for the general population
anyway.

Dunno, I've already looted Dave's bank accounts, he just hasnt noticed yet.

On 10/02/2016 16:51, Mike Barnes wrote:
John Rumm wrote:
On 10/02/2016 07:40, Mike Barnes wrote:
What we're talking about is them disallowing some combinations of the
same characters that have been available all along, and therefore
*reducing* the number of legal combinations that have to be tested.

I don't think that statement can be supported with maths ;-)

I think it can.

Go on then ;-)

To be fair, I see what you are getting at, but the purpose of the
exercise is to force users to use more of the available "combination
space", even if that is at the cost of a small reduction in the total
number of legal passwords available.

So without the policy, a very fast crack attempt with all the dictionary
words in all lower case, would get you into a percentage of accounts.
With the policy, it will fail every time.

If "password" is a legal password, the bad guy has to
take the (admittedly small) time taken to test for it. If it's not
legal, he doesn't have to test for it.

but now he does have to test Password, pAssword, paSsword, pasSword,
passWord, passwOrd, passwOrd, passwoRd, passworD,

and

PAssword, PaSsword.... PASSwORD.... PASSWORd

and so on.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

Huge wrote:

Fingerprint readers can be fooled by lifting a print from a surface & impressing it onto a gelatine "finger".

More difficult with the "swipe" rather than "prod" fingerprint readers,
which makes it odd that the FIPS compliant ones seem to be the "prod"
variety ...

Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.

--
Chris Green
·

Martin Brown wrote:

Choose your favourite song or poem and a generating rule and you can
have very memorable passwords that are all but unguessable.

What do you do with sites that insist on a password change every month
or so?

--
Chris Green
·

In article ,
says...

Our PCI auditor failed a multi-million pound initiative at a bank (he
declined to say which one) after tailgating an employee through reception
5 minutes before his scheduled meeting. He called them up and said "I'm
in the canteen").

I notice, with interest, nearly all big-boy offices have gates that only
allow one at a time through (with serious injury a possibility if you try
to tailgate).


I bet they also get very shirty when their employees take ages to get
from A to B.

In article , graham-
says...

One of your competitors, who supplies me with calls on my landline,
asks for my web passworm as one of their security questions when I
call their helpdesk. I have written to their CEO pointing out the
error of their ways.
In the meantime, I have changed my passworm to neveraskforpassword in
order to make a point if I am asked again.


How about when someone phones you, claiming to represent $%&** Company
and then asks YOU for your password/ secret decoder ring/ mother's
inside leg measurement etc. ?

On 10/02/2016 17:26, Blanco wrote:


Dunno, I've already looted Dave's bank accounts, he just hasnt noticed
yet.

You mean you stole my overdraft?

--
Dave - The Medway Handyman

On 10/02/2016 16:18, The Natural Philosopher wrote:


You mean you don't have daily backups?



I have ten minute backups and daily, weekly, monthly, offsite, etc.
All done automagically by windows and linux.

If I lose it then there is a serious problem.

On 10/02/2016 17:47, wrote:
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.


Finger prints are not extra security.
They are more convenient.

They only become extra security if you need a pin and a fingerprint (for
example).

F Murtz wrote
The Natural Philosopher wrote
Jonathan wrote
Rod Speed wrote
Graham. wrote

I just use a very decent password manager and form filler that
allows you to only enter your info once and then it will fill in
any form you like in any browser, manage your passwords
completely, invent them as complex as you like, and which
uses a single master password that you need to enter
manually to use it, and keeps the completely encrypted
database in synch across all the devices you own.

Great when you start ordering from a new online seller etc.

What happens when you upgrade to a new computer?

copy the password database across to it.

Its encrypted...

And the hard drive has died?

Get the encrypted password database from the backup.

And if you have it auto synched between all your devices,
its a complete yawn if one of the devices dies, just replace
it and have it auto synched.

wrote:
Martin wrote:

Choose your favourite song or poem and a generating rule and you can
have very memorable passwords that are all but unguessable.


What do you do with sites that insist on a password change every month
or so?


Not use them.

Sam Plusnet wrote:
In , graham-
says...


One of your competitors, who supplies me with calls on my landline,
asks for my web passworm as one of their security questions when I
call their helpdesk. I have written to their CEO pointing out the
error of their ways.
In the meantime, I have changed my passworm to neveraskforpassword in
order to make a point if I am asked again.



How about when someone phones you, claiming to represent $%&** Company
and then asks YOU for your password/ secret decoder ring/ mother's
inside leg measurement etc. ?



Mothers inside leg is tricky on two counts, 2 legs are rarely
equal, at her age the measurements vary from month to month. Course, if
cremated this is a another problem!!

"Huge" wrote in message
...
On 2016-02-10, AnthonyL wrote:


[snippage]

And as a part of extra security my password manager will not accept
biometric finger print access - no doubt for fear that someone has
pinched my finger for nefarious purposes.

Fingerprint readers can be fooled by lifting a print from a surface &
impressing it onto a gelatine "finger".

And it is perfectly possible for the fingerprint sensor to
check if it’s a live finger, and not one on a corpse etc.

wrote in message ...
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.

Not if it only falls back when the fingerprint sensor stops working.

"David Lang" wrote in message
...
On 10/02/2016 17:26, Blanco wrote:


Dunno, I've already looted Dave's bank accounts, he just hasnt noticed
yet.

You mean you stole my overdraft?

Yep, ran them up to the max so you will have to pay it off.

On Wednesday, 10 February 2016 18:03:06 UTC, wrote:
Choose your favourite song or poem and a generating rule and you can
have very memorable passwords that are all but unguessable.
What do you do with sites that insist on a password change every month
or so?

use mhallifwwasjan and mhallifwwasfeb, etc.

Most only check for 'identical' password reuse and not 'similar'.

There's a virtual screwfix voucher for anyone who can guess the origin of the password (which I haven't used on any real system).

Owain

wrote:
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.

But it's not extra security. It's extra convenience.

--
Mike Barnes
Cheshire, England

John Rumm wrote:
On 10/02/2016 16:42, Mike Barnes wrote:
John Rumm wrote:
On 10/02/2016 07:41, Mike Barnes wrote:
Jonno wrote:
Apparently Tesco are expecting online shoppers to remember parts of
their passwords, like the 1st, 4th, 5th and 8th letters/digits.
Brilliant, the person who told me had to write out the password and
pick
out the digits they required. So much for security.

Those would be so much easier, if they presented a "fill in the blanks"
form rather than telling us the digit positions.

E.g. instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?

But that would require a level of user focus that seems to be lacking in
the current generation of software designers.

It would also be poorer security, since it discloses the length of the
secret word

How does it do that? In the example above the length could be anything
from eight upwards.

So I am sat there looking at the post-it note on the side of your screen
with a number of random words scribbled on it... I note only one of them
is 8 or more characters long.

No you don't, but if you did, so what? Both methods tell you that the
length is eight or more, so there's no difference in the amount of
information divulged. But there's a considerable difference in
usability, because one method requires you to count and spell at the
same time, and the other doesn't.

--
Mike Barnes
Cheshire, England

John Rumm wrote:
On 10/02/2016 16:51, Mike Barnes wrote:
John Rumm wrote:
On 10/02/2016 07:40, Mike Barnes wrote:
What we're talking about is them disallowing some combinations of the
same characters that have been available all along, and therefore
*reducing* the number of legal combinations that have to be tested.

I don't think that statement can be supported with maths ;-)

I think it can.

Go on then ;-)

To be fair, I see what you are getting at, but the purpose of the
exercise is to force users to use more of the available "combination
space", even if that is at the cost of a small reduction in the total
number of legal passwords available.

So without the policy, a very fast crack attempt with all the dictionary
words in all lower case, would get you into a percentage of accounts.
With the policy, it will fail every time.

If "password" is a legal password, the bad guy has to
take the (admittedly small) time taken to test for it. If it's not
legal, he doesn't have to test for it.

but now he does have to test Password, pAssword, paSsword, pasSword,
passWord, passwOrd, passwOrd, passwoRd, passworD,

and

PAssword, PaSsword.... PASSwORD.... PASSWORd

and so on.

He'd have to test those anyway.

But I take your point about altering user behaviour, I just don't think
that brute force is a polite way to do it. There are plenty of password
systems which rank your password strength but leave the final choice up
to you. To my mind those are far preferable to systems which force
people to use passwords that they wouldn't otherwise use, and therefore
might feel compelled to write down.

--
Mike Barnes
Cheshire, England

On 11/02/2016 00:04, Mike Barnes wrote:

No you don't, but if you did, so what? Both methods tell you that the
length is eight or more,

Not necessarily. One that presents a picture of all the character
positions does. One that asks for three random character positions often
won't - it might wan characters 1, 2 and 4 for example.

so there's no difference in the amount of
information divulged. But there's a considerable difference in
usability, because one method requires you to count and spell at the
same time, and the other doesn't.


If you are going to use that technique, then put up a line of say 15
boxes every time, and highlight the cells you want. That way you give
away less.



--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 10/02/2016 17:57, wrote:
Martin Brown wrote:

Choose your favourite song or poem and a generating rule and you can
have very memorable passwords that are all but unguessable.

What do you do with sites that insist on a password change every month
or so?

IME most people do "password" the first month. Then passwordjan16,
passeordfeb16 next month and so on...


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

The Natural Philosopher wrote:
On 10/02/16 15:22, F Murtz wrote:
The Natural Philosopher wrote:
On 10/02/16 10:53, Jonathan wrote:
On Wednesday, February 10, 2016 at 2:49:55 AM UTC, Rod Speed wrote:
"Graham." wrote in message
...

I just use a very decent password manager and form filler that
allows you to only enter your info once and then it will fill in
any form you like in any browser, manage your passwords
completely, invent them as complex as you like, and which
uses a single master password that you need to enter
manually to use it, and keeps the completely encrypted
database in synch across all the devices you own.

Great when you start ordering from a new online seller etc.

What happens when you upgrade to a new computer?

copy the password database across to it.

Its encrypted...



Jonathan



And the hard drive has died?

You mean you don't have daily backups?



It is ,or used to just a password why should we be almost forced to go
through all these contortions using software and the frailties of the
computer storage Just to be able to use an horrible unremberable (just
made up a new word) password

Rod Speed wrote:
F Murtz wrote
The Natural Philosopher wrote
Jonathan wrote
Rod Speed wrote
Graham. wrote

I just use a very decent password manager and form filler that
allows you to only enter your info once and then it will fill in
any form you like in any browser, manage your passwords
completely, invent them as complex as you like, and which
uses a single master password that you need to enter
manually to use it, and keeps the completely encrypted
database in synch across all the devices you own.

Great when you start ordering from a new online seller etc.

What happens when you upgrade to a new computer?

copy the password database across to it.

Its encrypted...

And the hard drive has died?

Get the encrypted password database from the backup.

And if you have it auto synched between all your devices,
its a complete yawn if one of the devices dies, just replace
it and have it auto synched.
All this complication for what used to be simple.

John Rumm wrote:
On 11/02/2016 00:04, Mike Barnes wrote:

No you don't, but if you did, so what? Both methods tell you that the
length is eight or more,

Not necessarily. One that presents a picture of all the character
positions does. One that asks for three random character positions often
won't - it might wan characters 1, 2 and 4 for example.

The second was designed by a sensible person. The first wasn't. I was
assuming the second.

so there's no difference in the amount of
information divulged. But there's a considerable difference in
usability, because one method requires you to count and spell at the
same time, and the other doesn't.

If you are going to use that technique, then put up a line of say 15
boxes every time, and highlight the cells you want. That way you give
away less.

You're actually giving away *more* by indicating that the length doesn't
exceed 15.


Here's what I suggested again, unsnipped:

---------------------------------------------------------------
Instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?
---------------------------------------------------------------

Turning the first into the second requires no knowledge of the length of
the password. It's giving nothing away that wasn't there in the first place.

--
Mike Barnes
Cheshire, England

On 10/02/16 16:44, Mike Barnes wrote:
The Natural Philosopher wrote:
The problem with the big Adobe style hacks, is that access to very
little imporantinfo on yer adobe account, becomes a huge issue if you
have the same username and password on a really important site, like
your bank or something

Which is why nobody with any sense would do that.

which means that millions of people have no sense.


--
No Apple devices were knowingly used in the preparation of this post.

On 10/02/16 17:22, dennis@home wrote:
On 10/02/2016 16:20, The Natural Philosopher wrote:

The first root password to try is always gandalf.



You wouldn't get root access like that on the Unix machines I put in
System X. There is no root on them. You had to load an archive to get
root back and we never gave BT that.

Dear old Dennis.

If they didn't have root as an UID/GID they wouldn't run.

And you can always 'get root access' on Unix if you know what you are doing.




--
He who ****s in the road, will meet flies on his return.

"Mr Natural"

On 10/02/16 17:25, Andy Burns wrote:
The Natural Philosopher wrote:

The first root password to try is always gandalf.

Only on Sun kit IME (or if admin has a Sun background) if not "gandalf"
then "wand" ...

...true...


--
He who ****s in the road, will meet flies on his return.

"Mr Natural"

On 10/02/16 19:18, Sam Plusnet wrote:
In article , graham-
says...

One of your competitors, who supplies me with calls on my landline,
asks for my web passworm as one of their security questions when I
call their helpdesk. I have written to their CEO pointing out the
error of their ways.
In the meantime, I have changed my passworm to neveraskforpassword in
order to make a point if I am asked again.


How about when someone phones you, claiming to represent $%&** Company
and then asks YOU for your password/ secret decoder ring/ mother's
inside leg measurement etc. ?

Phone them back.

On the number on your credit card or bank statement

And tell them why you are doing it.

After first dialling someone else to make sure they have put the phone
down their end.



--
Outside of a dog, a book is a man's best friend. Inside of a dog it's
too dark to read.

Groucho Marx

On 10/02/16 19:51, dennis@home wrote:
On 10/02/2016 16:18, The Natural Philosopher wrote:


You mean you don't have daily backups?



I have ten minute backups and daily, weekly, monthly, offsite, etc.
All done automagically by windows and linux.

If I lose it then there is a serious problem.

Dennis, even for you that is making less sense then usual.

I think, dear heart, that you may have 'lost it' already.

--
Bureaucracy defends the status quo long past the time the quo has lost
its status.

Laurence Peter

On 10/02/16 21:09, Capitol wrote:
wrote:
Martin wrote:
Choose your favourite song or poem and a generating rule and you can
have very memorable passwords that are all but unguessable.

What do you do with sites that insist on a password change every month
or so?

Not use them.

+1


--
Bureaucracy defends the status quo long past the time the quo has lost
its status.

Laurence Peter

"F Murtz" wrote in message
eb.com...
The Natural Philosopher wrote:
On 10/02/16 15:22, F Murtz wrote:
The Natural Philosopher wrote:
On 10/02/16 10:53, Jonathan wrote:
On Wednesday, February 10, 2016 at 2:49:55 AM UTC, Rod Speed wrote:
"Graham." wrote in message
...

I just use a very decent password manager and form filler that
allows you to only enter your info once and then it will fill in
any form you like in any browser, manage your passwords
completely, invent them as complex as you like, and which
uses a single master password that you need to enter
manually to use it, and keeps the completely encrypted
database in synch across all the devices you own.

Great when you start ordering from a new online seller etc.

What happens when you upgrade to a new computer?

copy the password database across to it.

Its encrypted...



Jonathan



And the hard drive has died?

You mean you don't have daily backups?



It is ,or used to just a password why should we be almost forced to go
through all these contortions using software and the frailties of the
computer storage Just to be able to use an horrible unremberable (just
made up a new word) password

Because there needs to be some way to work out if its you or not.

You dont have to use a password if you use a fingerprint etc.

The Natural Philosopher wrote:
On 10/02/16 16:44, Mike Barnes wrote:
The Natural Philosopher wrote:
The problem with the big Adobe style hacks, is that access to very
little imporantinfo on yer adobe account, becomes a huge issue if you
have the same username and password on a really important site, like
your bank or something

Which is why nobody with any sense would do that.

which means that millions of people have no sense.

That's so true. Many security systems are not fit for purpose partly
because they take little account of that fact.

--
Mike Barnes
Cheshire, England

Mike Barnes wrote:
wrote:
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.

But it's not extra security. It's extra convenience.

Really?

--
Chris Green
·