Mike Barnes wrote:

Here's what I suggested again, unsnipped:

---------------------------------------------------------------
Instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?
---------------------------------------------------------------

I don't see either of those being easier/better than the other from
the point of view of entering the characters. I'd still have to 'say'
(hopefully in my head) the characters of the password for both of them.

--
Chris Green
·

On 11/02/2016 07:40, Mike Barnes wrote:
John Rumm wrote:
On 11/02/2016 00:04, Mike Barnes wrote:

No you don't, but if you did, so what? Both methods tell you that the
length is eight or more,

Not necessarily. One that presents a picture of all the character
positions does. One that asks for three random character positions often
won't - it might wan characters 1, 2 and 4 for example.

The second was designed by a sensible person. The first wasn't. I was
assuming the second.

so there's no difference in the amount of
information divulged. But there's a considerable difference in
usability, because one method requires you to count and spell at the
same time, and the other doesn't.

If you are going to use that technique, then put up a line of say 15
boxes every time, and highlight the cells you want. That way you give
away less.

You're actually giving away *more* by indicating that the length doesn't
exceed 15.


Here's what I suggested again, unsnipped:

---------------------------------------------------------------
Instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?
---------------------------------------------------------------

Turning the first into the second requires no knowledge of the length of
the password. It's giving nothing away that wasn't there in the first
place.

Perhaps I was misreading what you were suggesting...

Say the system requested characters 1, 2, and 3, and the password was 8
characters long, I was assuming you meant it should display:

Enter the requested characters: ? ? ? - - - - -

Which discloses the length. Are you actually suggesting that it only
pads the missing characters far enough to reach the last requested
digit? Is so, yup that would be fine, although I soppose it might
confuse a some people who then think it does not match their word
because the length is wrong.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

wrote:
On Wednesday, 10 February 2016 18:03:06 UTC, wrote:
Choose your favourite song or poem and a generating rule and you can
have very memorable passwords that are all but unguessable.
What do you do with sites that insist on a password change every month
or so?

use mhallifwwasjan and mhallifwwasfeb, etc.

Can you reall synchronise them so that the password matches the month
though?

The only system I use which does this asks for a change every three
months or so, by the time I need to enter the password again I will
have forgotten when the last change was. Fortunately it doesn't have
password history so I simply change the password to something boring
and then change it back to the original one.


--
Chris Green
·

wrote:
Mike Barnes wrote:
wrote:
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.

But it's not extra security. It's extra convenience.

Really?

Well it is on my iPhone 6. You can always enter your PIN instead. And
very useful that facility is too.

--
Mike Barnes
Cheshire, England

wrote:
Mike Barnes wrote:

Here's what I suggested again, unsnipped:

---------------------------------------------------------------
Instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?
---------------------------------------------------------------

I don't see either of those being easier/better than the other from
the point of view of entering the characters. I'd still have to 'say'
(hopefully in my head) the characters of the password for both of them.

Obviously people's brains work in different ways. To me the big
difference is that in the second case you wouldn't have to count at the
same time as you're 'spelling' the password.

--
Mike Barnes
Cheshire, England

John Rumm wrote:
On 11/02/2016 07:40, Mike Barnes wrote:
John Rumm wrote:
On 11/02/2016 00:04, Mike Barnes wrote:

No you don't, but if you did, so what? Both methods tell you that the
length is eight or more,

Not necessarily. One that presents a picture of all the character
positions does. One that asks for three random character positions often
won't - it might wan characters 1, 2 and 4 for example.

The second was designed by a sensible person. The first wasn't. I was
assuming the second.

so there's no difference in the amount of
information divulged. But there's a considerable difference in
usability, because one method requires you to count and spell at the
same time, and the other doesn't.

If you are going to use that technique, then put up a line of say 15
boxes every time, and highlight the cells you want. That way you give
away less.

You're actually giving away *more* by indicating that the length doesn't
exceed 15.


Here's what I suggested again, unsnipped:

---------------------------------------------------------------
Instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?
---------------------------------------------------------------

Turning the first into the second requires no knowledge of the length of
the password. It's giving nothing away that wasn't there in the first
place.

Perhaps I was misreading what you were suggesting...

Say the system requested characters 1, 2, and 3, and the password was 8
characters long, I was assuming you meant it should display:

Enter the requested characters: ? ? ? - - - - -

Which discloses the length. Are you actually suggesting that it only
pads the missing characters far enough to reach the last requested
digit?

Yes.

Is so, yup that would be fine, although I soppose it might
confuse a some people who then think it does not match their word
because the length is wrong.

Possibly. I'd be interested to hear from one of the people who've said
in this thread that some banks do things that way (e.g. Santander IIRC).

Quite irrelevantly, I imagine my bank has confused more than one
customer by asking for the "penultimate" character.

--
Mike Barnes
Cheshire, England

wrote in message ...
Mike Barnes wrote:
wrote:
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.

But it's not extra security. It's extra convenience.

Really?

Its both. Much more convenient to put your finger on
the sensor than to fart around with a passwords and
much more secure too when using it to pay with your
phone etc.

Blanco wrote:


wrote in message ...
Mike Barnes wrote:
wrote:
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.

But it's not extra security. It's extra convenience.

Really?

Its both. Much more convenient to put your finger on
the sensor than to fart around with a passwords and
much more secure too when using it to pay with your
phone etc.

Ah, I was forgetting the pervasiveness of smartphones. I have
virtually nothing on my smartphone that involves any sort of security.
Thus my smartphone is virtually unsecured, no PIN at turn on or
whatever, but the only thing anyone could steal (apart from the phone
itself) is five or ten pounds worth of top-up.

--
Chris Green
·

On 10/02/2016 07:40, Mike Barnes wrote:

AFAIK in
most cases it's "always" been possible for me to include digits, mixed
case, and punctuation if I want.

No, several sites I use, including a bank, will not distinguish between
upper and lower case and will not allow punctuation.

I've suggested they change but they're deaf to that.

--
F

On Wednesday, 10 February 2016 17:01:42 UTC, Rod Speed wrote:
"whisky-dave" wrote in message
...
On Wednesday, 10 February 2016 08:24:14 UTC, The Natural Philosopher
wrote:
On 10/02/16 01:40, F Murtz wrote:

I end up with extremely rude vulgar passwords in the end because of
this practice.
It is self defeating because everyone is writing their passwords down
and carrying them with them because it id becoming impossible to
remember them.


The point about a password manager is this:

If any one of your passwords that you use online is nicked, it doesn't
compromise any others.

unless it's the one used for the password manager.

Only a fool would do that.

There's plenty out there, those that give passwords over the phoine on buses or shops, they give all sorts of details out because they don't believe anyone is listening. Only those that aren't good at remmebering and asiging passwords use password managers.



Since you never use the master password except to unlock the
password manager, it is unlikely that anyone will get to know it.,

unless they nick the device you use for whatever.

Useless when they don't have the master password which is only in your head.

Most people that use password managers tend to write down their passwords and use managers because they can't remmeber passwords. Soem are better at it than others.


Since the encrypted passwords are held on only one
machine, its unlikely they will be hacked and cracked either

what happens if that machine dies, or gets stolen.

You get the encrypted passwords from the backup.

and we all know how many have such backups don't we,
but if the computers been stolen what's stopping someone from using it ?



Ferritors monthly, users name dave, password "61"

how would you get to my Ferritors monthly subscription ?
what would you type for the password ?

Makes a lot more sense to use a proper password manager
and have your passwords available on any device you use.

Not to me it doesn't
I only do my banking on one device, I certainmly would to it on internet cafe machines, I don't even do it on my work computer.


but when I've forgotten my password I go to that document type in
my master password and I see the number 61, and then I remmeber.....
as a kid at school, me and my mates had codes.
And rather than say to my mates corrrr.. look at the arse on that...
I'd wink and say sixty-one and nod in a direction which actually
means look at her/that "sexybum".

sort of cockney slang.

Doesn't work for passwords.

it does.


of course you might not know that any passwrod I use for finacail
stuff such as buying/selling I always spell in reverse or I always add
01 to the beginning or at the end or I use a "-" every 3 characters
or it always ends in uppercase.

Makes a lot more sense to use a proper password manager

not for me.


and have your passwords available on any device you use.
And to have it fill out any forms you ever need to fill out
with your data you only ever enter into the form filler once.

and anyone can log on a use my forms is that it.


If you have a reasonable memory and can set yourself rules then
having lots of passwords isn't as big a problem as it might seem.

Makes a lot more sense to use a proper password manager
and have your passwords available on any device you use.
And to have it fill out any forms you ever need to fill out
with your data you only ever enter into the form filler once.

But I don;t need my password availbel on every computer in teh country .
My email is differnt, thats handy to check anywhere.
But while I'm having a crap I don;t feel the need to get to my bank account details.

On 09/02/2016 22:40, David Lang wrote:
I've used the same password for years, nobody has a hope in hell of ever
guessing it. I can remember it.

Recently some site insist on having numbers as well, so I've had to add
one.

Now the bloody things want an upper case letter as well!

Store them in eWallet.

--
F

On Wednesday, 10 February 2016 17:26:14 UTC, Blanco wrote:
"Jethro_uk" wrote in message
...
On Wed, 10 Feb 2016 03:45:31 -0800, whisky-dave wrote:

On Wednesday, 10 February 2016 08:24:14 UTC, The Natural Philosopher
wrote:
On 10/02/16 01:40, F Murtz wrote:

I end up with extremely rude vulgar passwords in the end because of
this practice.
It is self defeating because everyone is writing their passwords down
and carrying them with them because it id becoming impossible to
remember them.


The point about a password manager is this:

If any one of your passwords that you use online is nicked, it doesn't
compromise any others.

unless it's the one used for the password manager.

Which isn't stored anywhere.



Since you never use the master password except to unlock the password
manager, it is unlikely that anyone will get to know it.,

unless they nick the device you use for whatever.



So ? Lastpass stores your vault encrypted in the cloud. Takes seconds to
provision a new device with it. As long as you complete the 2FA challege,
of course.

Since the encrypted passwords are held on only one machine, its
unlikely they will be hacked and cracked either

what happens if that machine dies, or gets stolen.



See above

This is the only way to ameliorate this habit of having totally
different password requirements on sites.

My system works I have a 'crib' sheet written in a particualar app which
has all my passwords stored crypitaclly.
so if yuo found out that

Ferritors monthly, users name dave, password "61"

how would you get to my Ferritors monthly subscription ?
what would you type for the password ?

but when I've forgotten my password I go to that document type in my
master password and I see the number 61, and then I remmeber.....
as a kid at school, me and my mates had codes.
And rather than say to my mates corrrr.. look at the arse on that...
I'd wink and say sixty-one and nod in a direction which actually means
look at her/that "sexybum".

sort of cockney slang.

of course you might not know that any passwrod I use for finacail stuff
such as buying/selling I always spell in reverse or I always add 01 to
the beginning or at the end or I use a "-" every 3 characters or it
always ends in uppercase.

If you have a reasonable memory and can set yourself rules then having
lots of passwords isn't as big a problem as it might seem.

Trusting in memory is like trusting in hardware.

To be honest, all of this discussion is moot anyway. Almost by definition
the self-selecting group posting here are well up the tree when it comes
to online risks. The chances of any uk.d-i-y poster being the victim of a
password-related fraud is far smaller than for the general population
anyway.

Dunno, I've already looted Dave's bank accounts, he just hasn't noticed yet.

yeah sure, what sort of arse hole would admit on-line to taking money from anothers account ?
yes the sort that's clueless.

On 11/02/2016 08:22, The Natural Philosopher wrote:
On 10/02/16 17:22, dennis@home wrote:
On 10/02/2016 16:20, The Natural Philosopher wrote:

The first root password to try is always gandalf.



You wouldn't get root access like that on the Unix machines I put in
System X. There is no root on them. You had to load an archive to get
root back and we never gave BT that.

Dear old Dennis.

If they didn't have root as an UID/GID they wouldn't run.

And you can always 'get root access' on Unix if you know what you are
doing.





you would be surprised what you can do when you have the source and
expert coders.
You obviously lacked one or both of them.

In article , David Lang
writes
I've used the same password for years, nobody has a hope in hell of
ever guessing it. I can remember it.

Recently some site insist on having numbers as well, so I've had to add one.

Now the bloody things want an upper case letter as well!

How the 'kinell does that make anything more secure?

Surely it's my choice, not some bell end running a web site?

This joke sums it up;

================================================= =======================
cabbage
Sorry, the password must be more than 8 characters.
boiled cabbage
Sorry, the password must contain 1 numerical character.
1 boiled cabbage
Sorry, the password cannot have blank spaces.
50frigginboiledcabbages
Sorry, the password must contain at least one upper case character.
50FRIGGINboiledcabbages
Sorry, the password cannot use more than one upper case character
consecutively.
50FrigginBoiledCabbagesShovedDownYourThroat,IfYou DontGiveMeAccessImmediately
Sorry, the password cannot contain punctuation.
NowIAmGettingReallyP*ssedOff50FrigginBoiledCabbag esShovedDownYourThroatI
fYouDontGiveMeAccessImmediately
Sorry, that password is already in use! -
================================================= =======================
===========



Didn't they ask you for your mobile phone number to send a confirmatory
text. They don't seem to be able to cope with the fact that land lines
can now receive texts.
--
bert

In article , "Dave Plowman (News)"
writes
In article ,
Jonno wrote:
Apparently Tesco are expecting online shoppers to remember parts of
their passwords, like the 1st, 4th, 5th and 8th letters/digits.
Brilliant, the person who told me had to write out the password and pick
out the digits they required. So much for security.

Barclays have used that for ages. A drop down menu. But perhaps they
expect most people with a bank account can spell.

So have Lloyds and TSB
--
bert

In article , Mike Barnes
writes
Jonno wrote:
Apparently Tesco are expecting online shoppers to remember parts of
their passwords, like the 1st, 4th, 5th and 8th letters/digits.
Brilliant, the person who told me had to write out the password and pick
out the digits they required. So much for security.

Those would be so much easier, if they presented a "fill in the blanks"
form rather than telling us the digit positions.

E.g. instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?

But that would require a level of user focus that seems to be lacking
in the current generation of software designers.

That immediately tells how long your password is.
--
bert

In article , T i m
writes
On Tue, 9 Feb 2016 22:40:20 +0000, David Lang
wrote:

I've used the same password for years, nobody has a hope in hell of ever
guessing it. I can remember it.

Recently some site insist on having numbers as well, so I've had to add one.

Now the bloody things want an upper case letter as well!

How the 'kinell does that make anything more secure?

snip not such a joke as fact ;-(

I had dealings with webmail where the IPS password rules we

"Passwords must satisfy the following criteria to ensure they are as
secure as possible:
Mixed case: Use a combination of uppercase and lowercase characters
Numbers: Use a mixture of numbers and letters
Special characters: Use at least one of the following special
characters : "!$%^&*()-_=+}{#@':;.,/|?
Length: Your password must be at least 8 characters long
Unique Characters: Your password must contain at least 4 unique
characters and no more than 2 of the same character in a row"

So, I went for something like ... £Ab1cd2&

Them: Not allowed, you can't have the £ symbol.

Me: Where does it say that?

Them: It's not included in the list of special characters.

Me: But it doesn't say it can't be used and I have done as you have
requested with your 'Use at least one of the following special
characters' with the & ?

Them: But the pound sign isn't one of the special characters.

Me: How was I supposed to guess you consider the £ as a 'special
character' and not use it when you do use all the others. All you have
stated is I *must* use one of the one you list and I have?

Them: The pound symbol isn't in the list.

Me: I know, but if it's not allowed shouldn't you state such?

Them: It's implied because it isn't in the list ...

OK, in hindsight I can see what they meant to say but am I wrong in
suggesting they didn't actually say it ... and considering you would
think they might like to make things easier for everyone, how
difficult would it have been for them to specifically list any
characters that were excluded? They could have stated:

"Special characters: Use at least one of the following special
characters (and no other special characters not shown) :
"!$%^&*()-_=+}{#@':;.,/|?

So that's not £ or [ or ] or ~ at least?

Oh, and they even contacted me because 'Some of the passwords would be
easy to guess' ... like L10nKing$ Like why? The owner of that account
wasn't into Disney, lions, kings or even had kids!


Cheers, T i m
It says use numbers and letters and at least one of the list of special
characters. £ fits neither criteria
--
bert

In article , bert
wrote:
In article , "Dave Plowman (News)"
writes
In article , Jonno
wrote:
Apparently Tesco are expecting online shoppers to remember parts of
their passwords, like the 1st, 4th, 5th and 8th letters/digits.
Brilliant, the person who told me had to write out the password and
pick out the digits they required. So much for security.

Barclays have used that for ages. A drop down menu. But perhaps they
expect most people with a bank account can spell.

So have Lloyds and TSB

and Bank of Scotland and CAF Bank, both of which I use. Lloyds business is
a bit more complex involving a code reader.

Assuming you can remember the password, just count the letters against
your fingers. You don't even have to say the word out loud. But it does
assume you can count.

--
from KT24 in Surrey, England

wrote:
Blanco wrote:


wrote in message ...
Mike Barnes wrote:
wrote:
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.

But it's not extra security. It's extra convenience.

Really?

Its both. Much more convenient to put your finger on
the sensor than to fart around with a passwords and
much more secure too when using it to pay with your
phone etc.

Ah, I was forgetting the pervasiveness of smartphones. I have
virtually nothing on my smartphone that involves any sort of security.
Thus my smartphone is virtually unsecured, no PIN at turn on or
whatever, but the only thing anyone could steal (apart from the phone
itself) is five or ten pounds worth of top-up.

Before the fingerprint reader I too used to have an iPhone without a
PIN, because there was nothing worth protecting.

Now I find that the fingerprint reader is even quicker and more
convenient than the usual swipe method. I just press the home button and
I'm in. *Therefore* it's no problem to have a PIN as well, which means
that everything on the phone including my meagre call credit is
protected without the inconvenience that routine PIN entry would entail.

--
Mike Barnes
Cheshire, England

On 11/02/16 14:06, dennis@home wrote:
On 11/02/2016 08:22, The Natural Philosopher wrote:
On 10/02/16 17:22, dennis@home wrote:
On 10/02/2016 16:20, The Natural Philosopher wrote:

The first root password to try is always gandalf.



You wouldn't get root access like that on the Unix machines I put in
System X. There is no root on them. You had to load an archive to get
root back and we never gave BT that.

Dear old Dennis.

If they didn't have root as an UID/GID they wouldn't run.

And you can always 'get root access' on Unix if you know what you are
doing.





you would be surprised what you can do when you have the source and
expert coders.
You obviously lacked one or both of them.



I wrote the source and I was the expert coder, however we will let that
pass, my point was you really don't understand what you are saying half
the time. No make that 3/4 of the time.

Unix has to have an identity for top level processes. In order to do top
level things. If its not root UID=0 its something equivalent.

And if the total machine is in someones possession, trust me they can
get to act as UID=0 and screw with anything they want.

You may have made it a wee bit harder so even - hang on, no even about
it - so that you wouldn't know how to do it, but you hadn't got rid of
root or the ability to become it. Just made it harder

(I say you, but patently it couldn't have been you personally , it must
have been a halfway competent linux coder)


--
"I am inclined to tell the truth and dislike people who lie consistently.
This makes me unfit for the company of people of a Left persuasion, and
all women"

On 11/02/2016 15:26, The Natural Philosopher wrote:
On 11/02/16 14:06, dennis@home wrote:
On 11/02/2016 08:22, The Natural Philosopher wrote:
On 10/02/16 17:22, dennis@home wrote:
On 10/02/2016 16:20, The Natural Philosopher wrote:

The first root password to try is always gandalf.



You wouldn't get root access like that on the Unix machines I put in
System X. There is no root on them. You had to load an archive to get
root back and we never gave BT that.

Dear old Dennis.

If they didn't have root as an UID/GID they wouldn't run.

And you can always 'get root access' on Unix if you know what you are
doing.





you would be surprised what you can do when you have the source and
expert coders.
You obviously lacked one or both of them.



I wrote the source and I was the expert coder, however we will let that
pass, my point was you really don't understand what you are saying half
the time. No make that 3/4 of the time.

Unix has to have an identity for top level processes. In order to do top
level things. If its not root UID=0 its something equivalent.

And if the total machine is in someones possession, trust me they can
get to act as UID=0 and screw with anything they want.

You may have made it a wee bit harder so even - hang on, no even about
it - so that you wouldn't know how to do it, but you hadn't got rid of
root or the ability to become it. Just made it harder

(I say you, but patently it couldn't have been you personally , it must
have been a halfway competent linux coder)



I said Unix not linux, there is a significant difference despite what
you think.

bert wrote:
In article , Mike Barnes
writes
Jonno wrote:
Apparently Tesco are expecting online shoppers to remember parts of
their passwords, like the 1st, 4th, 5th and 8th letters/digits.
Brilliant, the person who told me had to write out the password and pick
out the digits they required. So much for security.

Those would be so much easier, if they presented a "fill in the blanks"
form rather than telling us the digit positions.

E.g. instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?

But that would require a level of user focus that seems to be lacking
in the current generation of software designers.

That immediately tells how long your password is.

No it doesn't. But to avoid confusion I'll change that to:

Enter the requested characters: ? - - ? ? - - ?
Your password might be longer than that.

--
Mike Barnes
Cheshire, England

wrote in message ...
Blanco wrote:


wrote in message ...
Mike Barnes wrote:
wrote:
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.

But it's not extra security. It's extra convenience.

Really?

Its both. Much more convenient to put your finger on
the sensor than to fart around with a passwords and
much more secure too when using it to pay with your
phone etc.

Ah, I was forgetting the pervasiveness of smartphones. I have
virtually nothing on my smartphone that involves any sort of security.
Thus my smartphone is virtually unsecured, no PIN at turn on or
whatever, but the only thing anyone could steal (apart from the phone
itself) is five or ten pounds worth of top-up.

But a well implemented phone is vastly more secure than
any card or cash can ever be. Completely trivial to have it
wipe itself once it decides that it isnt the owner who has
it in its hands, it can send video of who is holding it and
send a full log of where the phone is physically etc.

And with transactions done with a card, its vastly
more secure to use a fingerprint than a PIN etc too.

The worst that might happen is that the phone decides
that its not the owner when it still is the owner, or the
owner forgets to turn that auto wipe off before handing
the phone to someone who can't currently use their own
phone or doesnt have one and has asked to borrow it.
All that means is that can't be used again until you get
the system reloaded after you have authorised that.
Just a nuisance in that unlikely situation.

On 11/02/16 16:45, dennis@home wrote:
On 11/02/2016 15:26, The Natural Philosopher wrote:
On 11/02/16 14:06, dennis@home wrote:
On 11/02/2016 08:22, The Natural Philosopher wrote:
On 10/02/16 17:22, dennis@home wrote:
On 10/02/2016 16:20, The Natural Philosopher wrote:

The first root password to try is always gandalf.



You wouldn't get root access like that on the Unix machines I put in
System X. There is no root on them. You had to load an archive to get
root back and we never gave BT that.

Dear old Dennis.

If they didn't have root as an UID/GID they wouldn't run.

And you can always 'get root access' on Unix if you know what you are
doing.





you would be surprised what you can do when you have the source and
expert coders.
You obviously lacked one or both of them.



I wrote the source and I was the expert coder, however we will let that
pass, my point was you really don't understand what you are saying half
the time. No make that 3/4 of the time.

*Unix* has to have an identity for top level processes. In order to do top
level things. If its not root UID=0 its something equivalent.

And if the total machine is in someones possession, trust me they can
get to act as UID=0 and screw with anything they want.

You may have made it a wee bit harder so even - hang on, no even about
it - so that you wouldn't know how to do it, but you hadn't got rid of
root or the ability to become it. Just made it harder

(I say you, but patently it couldn't have been you personally , it must
have been a halfway competent linux coder)



I said Unix not linux, there is a significant difference despite what
you think.

So did I silly. I just slipped in the last one because the coder will
these days be working on Linux


--
The biggest threat to humanity comes from socialism, which has utterly
diverted our attention away from what really matters to our existential
survival, to indulging in navel gazing and faux moral investigations
into what the world ought to be, whilst we fail utterly to deal with
what it actually is.

"whisky-dave" wrote in message
...
On Wednesday, 10 February 2016 17:01:42 UTC, Rod Speed wrote:
"whisky-dave" wrote in message
...
On Wednesday, 10 February 2016 08:24:14 UTC, The Natural Philosopher
wrote:
On 10/02/16 01:40, F Murtz wrote:

I end up with extremely rude vulgar passwords in the end because of
this practice.
It is self defeating because everyone is writing their passwords
down
and carrying them with them because it id becoming impossible to
remember them.


The point about a password manager is this:

If any one of your passwords that you use online is nicked, it doesn't
compromise any others.

unless it's the one used for the password manager.

Only a fool would do that.

There's plenty out there, those that give passwords over
the phoine on buses or shops, they give all sorts of details
out because they don't believe anyone is listening.

None of those that do that with their password manager master
password. They don't even know that password managers exist.

Only those that aren't good at remmebering
and asiging passwords use password managers.

Even sillier than you usually manage. I've always
been very good at doing both and use a password
manager anyway, essentially because it makes sense
to use a different password every time one is required
so you don't even have to fart around at all if one
does escape when some operation is so stupid
that it keeps them in plain text on their system.

Since you never use the master password except to unlock the
password manager, it is unlikely that anyone will get to know it.,

unless they nick the device you use for whatever.

Useless when they don't have the master password which is only in your
head.

Most people that use password managers tend to write down their
passwords and use managers because they can't remmeber passwords.

Wrong, as always.

Soem are better at it than others.

No one can remember hundreds of passwords, particularly
with the systems that force you to keep changing them so you
can't even use some system that includes the site name etc.

Since the encrypted passwords are held on only one
machine, its unlikely they will be hacked and cracked either

what happens if that machine dies, or gets stolen.

You get the encrypted passwords from the backup.

and we all know how many have such backups don't we,

Trivially easy to automate that to the net now with something that small.

but if the computers been stolen what's stopping someone from using it ?

The requirement to enter the master password to the password manager,
stupid.

Ferritors monthly, users name dave, password "61"

how would you get to my Ferritors monthly subscription ?
what would you type for the password ?

Makes a lot more sense to use a proper password manager
and have your passwords available on any device you use.

Not to me it doesn't

More fool you.

I only do my banking on one device,

More fool you.

I certainmly would to it on internet cafe machines,
I don't even do it on my work computer.

I do it on two, so I can do it when not at home.

but when I've forgotten my password I go to that document type in
my master password and I see the number 61, and then I remmeber.....
as a kid at school, me and my mates had codes.
And rather than say to my mates corrrr.. look at the arse on that...
I'd wink and say sixty-one and nod in a direction which actually
means look at her/that "sexybum".

sort of cockney slang.

Doesn't work for passwords.

it does.

Nope.

of course you might not know that any passwrod I use for finacail
stuff such as buying/selling I always spell in reverse or I always add
01 to the beginning or at the end or I use a "-" every 3 characters
or it always ends in uppercase.

Makes a lot more sense to use a proper password manager

not for me.

Yes, you are that stupid. It makes a lot more sense to use a
well designed one where you click on a single entry in the
list and have that go to the right part of the site, pull up
the sign in part of the site, fill in what needs to be supplied,
everything done with just one click.

and have your passwords available on any device you use.
And to have it fill out any forms you ever need to fill out
with your data you only ever enter into the form filler once.

and anyone can log on a use my forms is that it.

Nope, no one can.

If you have a reasonable memory and can set yourself rules then
having lots of passwords isn't as big a problem as it might seem.

Makes a lot more sense to use a proper password manager
and have your passwords available on any device you use.
And to have it fill out any forms you ever need to fill out
with your data you only ever enter into the form filler once.

But I don;t need my password availbel on every computer in teh country .

It isnt every computer in the country, just those you choose to use or need
to use.

My email is differnt, thats handy to check anywhere.

And handy to be able to sign in anywhere too.

Blanco wrote:


wrote in message ...
Blanco wrote:


wrote in message ...
Mike Barnes wrote:
wrote:
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a password
though.

But it's not extra security. It's extra convenience.

Really?

Its both. Much more convenient to put your finger on
the sensor than to fart around with a passwords and
much more secure too when using it to pay with your
phone etc.

Ah, I was forgetting the pervasiveness of smartphones. I have
virtually nothing on my smartphone that involves any sort of security.
Thus my smartphone is virtually unsecured, no PIN at turn on or
whatever, but the only thing anyone could steal (apart from the phone
itself) is five or ten pounds worth of top-up.

But a well implemented phone is vastly more secure than
any card or cash can ever be. Completely trivial to have it
wipe itself once it decides that it isnt the owner who has
it in its hands, it can send video of who is holding it and
send a full log of where the phone is physically etc.

It's also full of apps from all sorts of questionable sources, even if
I don't add any of my own. What those apps do with the data you put
in your phone is anybody's guess.

--
Chris Green
·

In article ,
says...

That is actually a secure form of challenge and with practice you can
memorise a password to recall individual characters without writing it
down.


I have (roughly) a dozen "important" passwords[1] & they are all
reasonably "strong".

You aren't really suggesting that I can hold all of them in memory & do
the necessary juggling each & every time I need access?


[1] I haven't attempted to count the other passwords, but it's well over
30.

On 11/02/2016 14:42, Mike Barnes wrote:

Now I find that the fingerprint reader is even quicker and more
convenient than the usual swipe method. I just press the home button and
I'm in. *Therefore* it's no problem to have a PIN as well, which means
that everything on the phone including my meagre call credit is
protected without the inconvenience that routine PIN entry would entail.


You press the scanner so that leaves a finger print on the button.
All you need now is to be able to lift that print and put it on a skin
analogue and you can get in.
There was a mythbusters episode where they were breaking finger print
readers if you want to look for it.

wrote in message news
Blanco wrote:


wrote in message ...
Blanco wrote:


wrote in message ...
Mike Barnes wrote:
wrote:
Blanco wrote:

Much more convenient to use for the master access
to the password manager or for your net banking
and tap payment systems than a PIN or master
password, particularly if there is a fallback to a master
password if the fingerprint sensor stops working.

Rather spoils the extra security if it has a fallback to a
password
though.

But it's not extra security. It's extra convenience.

Really?

Its both. Much more convenient to put your finger on
the sensor than to fart around with a passwords and
much more secure too when using it to pay with your
phone etc.

Ah, I was forgetting the pervasiveness of smartphones. I have
virtually nothing on my smartphone that involves any sort of security.
Thus my smartphone is virtually unsecured, no PIN at turn on or
whatever, but the only thing anyone could steal (apart from the phone
itself) is five or ten pounds worth of top-up.

But a well implemented phone is vastly more secure than
any card or cash can ever be. Completely trivial to have it
wipe itself once it decides that it isnt the owner who has
it in its hands, it can send video of who is holding it and
send a full log of where the phone is physically etc.

It's also full of apps from all sorts of questionable sources,
even if I don't add any of my own. What those apps do
with the data you put in your phone is anybody's guess.

Not with an iphone. The sandbox system means that none of
them have any access to anything you dont allow them access to.

"dennis@home" wrote in message
web.com...
On 11/02/2016 14:42, Mike Barnes wrote:

Now I find that the fingerprint reader is even quicker and more
convenient than the usual swipe method. I just press the home button and
I'm in. *Therefore* it's no problem to have a PIN as well, which means
that everything on the phone including my meagre call credit is
protected without the inconvenience that routine PIN entry would entail.


You press the scanner so that leaves a finger print on the button.
All you need now is to be able to lift that print and put it on a skin
analogue and you can get in.

And its completely trivial for the sensor to check if its a live finger.

There was a mythbusters episode where they were breaking finger print
readers if you want to look for it.

Blanco wrote:

It's also full of apps from all sorts of questionable sources,
even if I don't add any of my own. What those apps do
with the data you put in your phone is anybody's guess.

Not with an iphone. The sandbox system means that none of
them have any access to anything you dont allow them access to.

.... and when you install them they ask for access to all sorts of
things and you have to say yes or they don't work.

--
Chris Green
·

On Thursday, 11 February 2016 19:53:55 UTC, Rod Speed wrote:
"whisky-dave" wrote in message

There's plenty out there, those that give passwords over
the phoine on buses or shops, they give all sorts of details
out because they don't believe anyone is listening.

None of those that do that with their password manager master
password.

They don't need to password managers can't AFAIK be used over the phone.


They don't even know that password managers exist.

all you have to do is say you've forgotten your password they wonlt ask if you use a password manager, they'll then ask you a list of questions that most give out over the phone such as mothers madian name, address, and varioius others bit's on info like account number.



Only those that aren't good at remmebering
and asiging passwords use password managers.

Even sillier than you usually manage.

why would you need to get sonething to manage your passwords ?
because yuo can;t do it yourself obviously.


I've always
been very good at doing both

what do you mean by being good at using a password manager is it realyl that difficult do you need to practice or doa certain excersise or stand on one foot while brinking a beer ?

and use a password
manager anyway, essentially because it makes sense
to use a different password every time one is required.

I managaed that without a password manager.



Soem are better at it than others.

No one can remember hundreds of passwords,

I"m better there are such peole those that can remmebr pi to X number of digits.

particularly
with the systems that force you to keep changing them so you
can't even use some system that includes the site name etc.

Depends on you're methods. supose you have a paswrod for IBM it could be HAL
you know that connection surely don't you ?




Since the encrypted passwords are held on only one
machine, its unlikely they will be hacked and cracked either

what happens if that machine dies, or gets stolen.

You get the encrypted passwords from the backup.

and we all know how many have such backups don't we,

Trivially easy to automate that to the net now with something that small.

only to those that know how to, but there;s plenty of apps avaiable for keeping passwords.


but if the computers been stolen what's stopping someone from using it ?

The requirement to enter the master password to the password manager,
stupid.

Which gets repeatdley typed as it's the only password you use.
It'll be 'secure' of course that yuo can remmebr it and type it in regulaly and quickly.


but when I've forgotten my password I go to that document type in
my master password and I see the number 61, and then I remmeber.....
as a kid at school, me and my mates had codes.
And rather than say to my mates corrrr.. look at the arse on that...
I'd wink and say sixty-one and nod in a direction which actually
means look at her/that "sexybum".

sort of cockney slang.

Doesn't work for passwords.

it does.

Nope.

Yep.

If I get an RS account.
http://uk.rs-online.com/web/

RS = Rod Speed
so my password might be sh33Pshagg3R where all e's are actually 3s
and I only use upper case for the last character of every word.

So when I need to logon to RS for me it's easy same intials as you and
how I see you is a sheep shagger.
So there you are I:"ve created a password that I'm unlikely to forget.
Of course I already have two accounts with RS so don't need to use the above, but if I wanted a 3rd account......



Makes a lot more sense to use a proper password manager

not for me.

Yes, you are that stupid. It makes a lot more sense to use a
well designed one where you click on a single entry in the
list and have that go to the right part of the site, pull up
the sign in part of the site, fill in what needs to be supplied,
everything done with just one click.

on how many computers ?




If you have a reasonable memory and can set yourself rules then
having lots of passwords isn't as big a problem as it might seem.

Makes a lot more sense to use a proper password manager
and have your passwords available on any device you use.
And to have it fill out any forms you ever need to fill out
with your data you only ever enter into the form filler once.

But I don;t need my password availbel on every computer in teh country ..

It isnt every computer in the country, just those you choose to use or need
to use.

You mean the one at home, or the one at work or when I'm on a friends computer .

I know my amazon password too, so I can order from anywhere, I don;t have to wait until I'm sitting at my home computer.


My email is differnt, thats handy to check anywhere.

And handy to be able to sign in anywhere too.

which I can because I can remmeber both my username and password.
Which I can do anywhrer in teh world unlike someone that relies on their passwo
rd manager to check emails.

On Friday, 12 February 2016 10:48:04 UTC, wrote:
Blanco wrote:

It's also full of apps from all sorts of questionable sources,
even if I don't add any of my own. What those apps do
with the data you put in your phone is anybody's guess.

Not with an iphone. The sandbox system means that none of
them have any access to anything you don't allow them access to.

... and when you install them they ask for access to all sorts of
things and you have to say yes or they don't work.

Some things will work but woith reduced functinality, such as maps.
if you don;t allow it to access yuour GPS it might not know where you are and will therefor not be able to direct you. But you can still use the map function just like one would with the old style A-Z.

wrote in message ...
Blanco wrote:

It's also full of apps from all sorts of questionable sources,
even if I don't add any of my own. What those apps do
with the data you put in your phone is anybody's guess.

Not with an iphone. The sandbox system means that none of
them have any access to anything you dont allow them access to.

... and when you install them they ask for access to all sorts of things

Very few ask for access to much at all and it is normally
what that app needs to have access to to do what its
there for, like the photos or your location. And you
know what it is allowed to have access to and that isnt
stuff like your password manager's encrypted database.

and you have to say yes or they don't work.

That is just plain wrong. With quite a bit of stuff like you
location, if you dont want to have your photos stamped
with your location when you took them, they will still
work fine for example.

And they have no access to any stuff you dont want them
to have access to like the files other apps produce if you
dont want the app to have access to those files.

whisky-dave wrote
Rod Speed wrote
whisky-dave wrote

Only those that aren't good at remmebering
and asiging passwords use password managers.

Even sillier than you usually manage.

why would you need to get sonething to manage your passwords ?

Because you have enough of a clue to have a different one
for each place that uses one, so if one site is compromised,
that is a complete yawn, stupid.

because yuo can;t do it yourself obviously.

Nothing to do with your original terminal stupidity about remembering.

I've always been very good at doing both

all your terminally silly **** flushed where it belongs

and use a password manager anyway, essentially
because it makes sense to use a different password
every time one is required.

I managaed that without a password manager.

Nowhere near as conveniently as when using the best
of the password managers that not only manages your
passwords, it also minimises what you need to do to
get to the site that uses the password, does what is
required to log on for you, and what you tell it to do
after you have logged on, and fills in any form that
ever needs to be filled in with your personal details,
with just a click or two any time you need to use it.

Soem are better at it than others.

No one can remember hundreds of passwords,

I"m better there are such peole those that can remmebr pi to X number of
digits.

Pity about the passwords that keep changing because
the site requires a monthly change with no reuse, ever etc.

particularly with the systems that force you to keep changing them
so you can't even use some system that includes the site name etc.

Depends on you're methods.

Nope.

supose you have a paswrod for IBM it could be
HAL you know that connection surely don't you ?

Not even possible for most of the hundreds of sites most use.

Since the encrypted passwords are held on only one
machine, its unlikely they will be hacked and cracked either

what happens if that machine dies, or gets stolen.

You get the encrypted password database from the backup.

and we all know how many have such backups don't we,

Trivially easy to automate that to the net now with something that small.

only to those that know how to,

Trivial to find that out.

but there;s plenty of apps avaiable for keeping passwords.

Which are useless if the device dies or is stolen etc.

but if the computers been stolen what's stopping someone from using it
?

The requirement to enter the master password to the password manager,
stupid.

Which gets repeatdley typed as it's the only password you use. It'll be
'secure'
of course that yuo can remmebr it and type it in regulaly and quickly.

Trivial with just one password. And it doesn't have to be a password,
it can be something trivially easy to use repeatedly like a fingerprint
or other biodata that no one else can provide.

but when I've forgotten my password I go to that document type in
my master password and I see the number 61, and then I remmeber.....
as a kid at school, me and my mates had codes.
And rather than say to my mates corrrr.. look at the arse on that...
I'd wink and say sixty-one and nod in a direction which actually
means look at her/that "sexybum".

sort of cockney slang.

Doesn't work for passwords.

it does.

Nope.

Yep.

If I get an RS account.
http://uk.rs-online.com/web/

RS = Rod Speed
so my password might be sh33Pshagg3R where all e's are actually
3s and I only use upper case for the last character of every word.

So when I need to logon to RS for me it's easy same
intials as you and how I see you is a sheep shagger.
So there you are I:"ve created a password that I'm unlikely to forget.

Not even possible with the absolute vast
bulk of the sites most have a password for.

And a hell of a lot simpler to use a proper password manager
that not only manages your passwords, it also minimises what
you need to do to get to the site that uses the password, does
what is required to log on for you, and what you tell it to do
after you have logged on, and fills in any form that ever needs
to be filled in with your personal details, with just a click or
two any time you need to use it.

Of course I already have two accounts with RS so don't
need to use the above, but if I wanted a 3rd account......

And you'd still have a problem working out
which account that silly stuff is used for.

Makes a lot more sense to use a proper password manager

not for me.

Yes, you are that stupid. It makes a lot more sense to use a
well designed one where you click on a single entry in the
list and have that go to the right part of the site, pull up
the sign in part of the site, fill in what needs to be supplied,
everything done with just one click.

on how many computers ?

How ever many you use that ever uses a password.

If you have a reasonable memory and can set yourself rules then
having lots of passwords isn't as big a problem as it might seem.

Makes a lot more sense to use a proper password manager
and have your passwords available on any device you use.
And to have it fill out any forms you ever need to fill out
with your data you only ever enter into the form filler once.

But I don;t need my password availbel on every computer in teh country .

It isnt every computer in the country, just
those you choose to use or need to use.

You mean the one at home, or the one at
work or when I'm on a friends computer .

Whatever you do. Most of us to all of those at some time or another.

I know my amazon password too, so I can order from anywhere,
I don;t have to wait until I'm sitting at my home computer.

Most of us who even have half of a clue find it handy to
be able to do anything we normally at home or at work on
any system we happen to use, even if that is just because
someone has asked us to fix a problem its currently having
and we need to use something to resolve the problem or
to order a part for them that will fix the problem or will
do what they want to do that they asked about etc.

My email is differnt, thats handy to check anywhere.

And handy to be able to sign in anywhere too.

which I can because I can remmeber both my username and password.

Pity about the hundreds of others.

On Saturday, 13 February 2016 02:22:21 UTC, Rod Speed wrote:
whisky-dave wrote
Rod Speed wrote
whisky-dave wrote

Only those that aren't good at remmebering
and asiging passwords use password managers.

Even sillier than you usually manage.

why would you need to get sonething to manage your passwords ?

Because you have enough of a clue to have a different one
for each place that uses one, so if one site is compromised,
that is a complete yawn, stupid.

Which is what I do anyway.
I do NOT need someone to manage my keys either.
I can manage myself.
I do realise some opeolpe need to run their life by lists.
Such as wake up, have a ****, have a shave leave for office.
Some even employ a secretary for such things.


because yuo can;t do it yourself obviously.

Nothing to do with your original terminal stupidity about remembering.

I can remmeber most passwords that are important to me.



and use a password manager anyway, essentially
because it makes sense to use a different password
every time one is required.

I managaed that without a password manager.

Nowhere near as conveniently as when using the best
of the password managers

and which is the best password manager would from your POV. ?

that not only manages your
passwords, it also minimises what you need to do to
get to the site that uses the password,

wow it's a short cut to a URL how ammazing. What will they think of next.

you know I've just done that for half a dozen sites so the studetns can link to them so they know where we order from can see teh delievery times etc.
all I need to do is train them how to read them.


does what is
required to log on for you, and what you tell it to do
after you have logged on, and fills in any form that
ever needs to be filled in with your personal details,
with just a click or two any time you need to use it.

great for the person that has access to your computer.


Soem are better at it than others.

No one can remember hundreds of passwords,

I"m better there are such peole those that can remmebr pi to X number of
digits.

Pity about the passwords that keep changing because
the site requires a monthly change with no reuse, ever etc.

the only one I know of is here at work, and do recycle passwords.
Also I don't want my work and home passwords mixed up.




supose you have a paswrod for IBM it could be
HAL you know that connection surely don't you ?

Not even possible for most of the hundreds of sites most use.

why is moving a character back one so impossible ....
I becomes H B becomes A M becomes L just move one character back
it even works in swedish !



but there;s plenty of apps avaiable for keeping passwords.

Which are useless if the device dies or is stolen etc.

exactly you've fallen in that trap.

How will you get access....
I can go to almost any device in the world adn type my know password into that.
As you say wothout your working password manager you're well ****ed.

How do you access info without your password manager ?



Which gets repeatdley typed as it's the only password you use. It'll be
'secure'
of course that yuo can remmebr it and type it in regulaly and quickly.

Trivial with just one password.

that's the problem just the same password.


And it doesn't have to be a password,
it can be something trivially easy to use repeatedly like a fingerprint.

that's what I use on my ipad, I don;t need a seprate password manager.

or other biodata that no one else can provide.
Which don't use password managers.




If I get an RS account.
http://uk.rs-online.com/web/

RS = Rod Speed
so my password might be sh33Pshagg3R where all e's are actually
3s and I only use upper case for the last character of every word.

So when I need to logon to RS for me it's easy same
intials as you and how I see you is a sheep shagger.
So there you are I:"ve created a password that I'm unlikely to forget.

Not even possible with the absolute vast
bulk of the sites most have a password for.

Ive managed it for most I need day to day.


And a hell of a lot simpler to use a proper password manager
that not only manages your passwords, it also minimises what
you need to do to get to the site that uses the password,

so another security risk.

http://www.cbsnews.com/news/in-wake-...word-managers/

Such a nightmare scenario was brought to mind recently when popular password manager LastPass was hacked last week. In the wake of suspicious activity on its servers, LastPass said that email addresses, password reminders and other security information was exposed.


Most of us who even have half of a clue find it handy to
be able to do anything we normally at home or at work on
any system we happen to use, even if that is just because
someone has asked us to fix a problem its currently having
and we need to use something to resolve the problem or
to order a part for them that will fix the problem or will
do what they want to do that they asked about etc.

I still manage that without a password manager.


My email is differnt, thats handy to check anywhere.

And handy to be able to sign in anywhere too.

which I can because I can remmeber both my username and password.

Pity about the hundreds of others.

I don't need 100s of others.

whisky-dave wrote
Rod Speed wrote
whisky-dave wrote
Rod Speed wrote
whisky-dave wrote

Only those that aren't good at remmebering
and asiging passwords use password managers.

Even sillier than you usually manage.

why would you need to get sonething to manage your passwords ?

Because you have enough of a clue to have a different one
for each place that uses one, so if one site is compromised,
that is a complete yawn, stupid.

Which is what I do anyway.

But don't have anything like as many as quite a few have.

I do NOT need someone to manage my keys either.
I can manage myself.
I do realise some opeolpe need to run their life by lists.
Such as wake up, have a ****, have a shave leave for office.
Some even employ a secretary for such things.

And plenty have enough of a clue to use a well designed
password manager/form filler that not only looks after all
the passwords, makes the access to anything you have a
password for just a click or two, and which fills out any
form you ever need to fill out with just a single click too.

because yuo can;t do it yourself obviously.

Nothing to do with your original terminal stupidity about remembering.

I can remmeber most passwords that are important to me.

Makes a lot more sense to have a system go to where it
needs to be entered, enter it, and do whatever else you
always do just after you enter the password etc and do
all that with just a couple of clicks at most instead of
farting around entering the password and other stuff.

and use a password manager anyway, essentially
because it makes sense to use a different password
every time one is required.

I managaed that without a password manager.

Nowhere near as conveniently as when using the best
of the password managers

and which is the best password manager would from your POV. ?

I prefer Roboform, because its not only one of the best password
managers, it also fills out any form you tell it to with your details
that you only ever enter into the system the once.

that not only manages your
passwords, it also minimises what you need to do to
get to the site that uses the password,

wow it's a short cut to a URL how ammazing. What will they think of next.

you know I've just done that for half a dozen sites so the studetns
can link to them so they know where we order from can see teh
delievery times etc. all I need to do is train them how to read them.

Doesn't do it for all the stuff they have to supply a password to.

And doesn't list the most frequently used ones separately either.

And doesn't automatically keep track of what site you are
currently looking at so that the password for that site is
available with a single click in the toolbar whenever that
site asks for your passwords, etc etc etc.

does what is
required to log on for you, and what you tell it to do
after you have logged on, and fills in any form that
ever needs to be filled in with your personal details,
with just a click or two any time you need to use it.

great for the person that has access to your computer.

They don't get to do any of that because they
can't supply it with the master password.

Soem are better at it than others.

No one can remember hundreds of passwords,

I"m better there are such peole those that
can remmebr pi to X number of digits.

Pity about the passwords that keep changing because
the site requires a monthly change with no reuse, ever etc.

the only one I know of is here at work,

Then you need to get out more.

and do recycle passwords.

More fool you lot.

Also I don't want my work and home passwords mixed up.

Any decent password manage keeps
them separate completely automatically.

supose you have a paswrod for IBM it could be
HAL you know that connection surely don't you ?

Not even possible for most of the hundreds of sites most use.

why is moving a character back one so impossible ....
I becomes H B becomes A M becomes L just move
one character back it even works in swedish !

Lot more farting around that using a decent password manager.

but there;s plenty of apps avaiable for keeping passwords.

Which are useless if the device dies or is stolen etc.

exactly you've fallen in that trap.

Nope, the password manager works on all the devices
I have so it's a complete yawn if any device dies or is
stolen, you just replace it and carry on regardless with
complete certainty that the thief can never use it.

How will you get access....

Go to any device you like, can borrow or use and use
the password manager on that to do whatever you like.

I can go to almost any device in the world
adn type my know password into that.

Just as true of the password manager.

As you say wothout your working password manager

You are never without it.

you're well ****ed.

How do you access info without your password manager ?

You use the password manager which is available anywhere.

Which gets repeatdley typed as it's the only password you use.
It'll be 'secure' of course that yuo can remmebr it and type it in
regulaly and quickly.

Trivial with just one password.

that's the problem

Nope.

just the same password.

Nope.

And it doesn't have to be a password, it can be something
trivially easy to use repeatedly like a fingerprint.

that's what I use on my ipad, I don;t need a seprate password manager.

But you cant use your fingerprint for everything.

or other biodata that no one else can provide.

Which don't use password managers.

So is useless when you have to supply a password.

If I get an RS account.
http://uk.rs-online.com/web/

RS = Rod Speed
so my password might be sh33Pshagg3R where all e's are actually
3s and I only use upper case for the last character of every word.

So when I need to logon to RS for me it's easy same
intials as you and how I see you is a sheep shagger.
So there you are I:"ve created a password that I'm unlikely to forget.

Not even possible with the absolute vast
bulk of the sites most have a password for.

Ive managed it for most I need day to day.

Only because you do **** all day to day.

And a hell of a lot simpler to use a proper password manager
that not only manages your passwords, it also minimises what
you need to do to get to the site that uses the password,

so another security risk.

Nope, perfectly possible to avoid any security risk.

http://www.cbsnews.com/news/in-wake-...word-managers/

Perfectly possible to use a password
manager that has no security risk whatever.

Such a nightmare scenario was brought to mind recently when
popular password manager LastPass was hacked last week.

Not even possible with a password manager that has no central database.

In the wake of suspicious activity on its servers, LastPass said that
email
addresses, password reminders and other security information was exposed.

Because it was always ****ed by design.

Most of us who even have half of a clue find it handy to
be able to do anything we normally at home or at work on
any system we happen to use, even if that is just because
someone has asked us to fix a problem its currently having
and we need to use something to resolve the problem or
to order a part for them that will fix the problem or will
do what they want to do that they asked about etc.

I still manage that without a password manager.

More fool you. Plenty dinosaur along without the net too.

My email is differnt, thats handy to check anywhere.

And handy to be able to sign in anywhere too.

which I can because I can remmeber both my username and password.

Pity about the hundreds of others.

I don't need 100s of others.

Yes, you're just another dinosaur.

On Monday, 15 February 2016 18:51:32 UTC, Rod Speed wrote:
whisky-dave wrote
Rod Speed wrote
whisky-dave wrote
Rod Speed wrote
whisky-dave wrote

Only those that aren't good at remmebering
and asiging passwords use password managers.

Even sillier than you usually manage.

why would you need to get sonething to manage your passwords ?

Because you have enough of a clue to have a different one
for each place that uses one, so if one site is compromised,
that is a complete yawn, stupid.

Which is what I do anyway.

But don't have anything like as many as quite a few have.

I have a list of ~45 at home, password for various things including computer passwords some nothing to do with being on-line.

I have about a dozen at work but at least two of us need to know the password so might as well use one we both know and can rememeber.


I do NOT need someone to manage my keys either.
I can manage myself.
I do realise some opeolpe need to run their life by lists.
Such as wake up, have a ****, have a shave leave for office.
Some even employ a secretary for such things.

And plenty have enough of a clue to use a well designed
password manager/form filler that not only looks after all
the passwords, makes the access to anything you have a
password for just a click or two, and which fills out any
form you ever need to fill out with just a single click too.

That can be done anyway not that I use that option.
I can remmeber where I live , and I seem to be able to remmebr where I worked and even my parents and friends address without havign to have a 'manager' do it for me.


because yuo can;t do it yourself obviously.

Nothing to do with your original terminal stupidity about remembering.

I can remmeber most passwords that are important to me.

Makes a lot more sense to have a system go to where it
needs to be entered,

Yes well that's what I have I can check my bank statement from work or an internet cafe if I really wanted too, haven;t felt the need yet though.

enter it, and do whatever else you
always do just after you enter the password etc and do
all that with just a couple of clicks at most instead of
farting around entering the password and other stuff.

No problem for me. I've never found it a problem if or when I do I'll change.
As with keys two serts are with other people, so if I lose my keys I don;t need to break into my own home. I could pay for a safety deposit box, or bury a set in teh garden but in the last 25 years I've only had to retrieve a key once.
I could have paid for a box for the past 25 years but I haven't.




and which is the best password manager would from your POV. ?

I prefer Roboform, because its not only one of the best password
managers, it also fills out any form you tell it to with your details
that you only ever enter into the system the once.

I'll stick to my version thanks

http://thehackernews.com/2014/07/cri...d-privacy.html

he vulnerability disclosed by Paul Moore in the security of RoboForm affects its Android and iOS app users, which could allow anyone to bypass RoboForm's PIN Protection in order to access users' sensitive data.

RoboForm mobile apps offer a PIN protection which only protects the app interface from unauthorized access, just like Android's popular 'AppLock' application.




And doesn't automatically keep track of what site you are
currently looking at so that the password for that site is
available with a single click in the toolbar whenever that
site asks for your passwords, etc etc etc.

I haven't found a need for that function.



Pity about the passwords that keep changing because
the site requires a monthly change with no reuse, ever etc.

the only one I know of is here at work,

Then you need to get out more.

My bank hasn't asked me to change passwords.


and do recycle passwords.

More fool you lot.

only for the system at work which requires a new password every month or so.


Also I don't want my work and home passwords mixed up.

Any decent password manage keeps
them separate completely automatically.

I too can do that.






that's what I use on my ipad, I don;t need a seprate password manager.

But you cant use your fingerprint for everything.

and you can't use a passwrod manager for everything.

When I wanted to transfer money to my solicitor I couldn't do it on-line
I had to go into a branch with my passport and two other forms of ID which included my home address.




And a hell of a lot simpler to use a proper password manager
that not only manages your passwords, it also minimises what
you need to do to get to the site that uses the password,

so another security risk.

Nope, perfectly possible to avoid any security risk.

http://www.cbsnews.com/news/in-wake-...word-managers/

Perfectly possible to use a password

yeah sure, dream on.




Such a nightmare scenario was brought to mind recently when
popular password manager LastPass was hacked last week.

Not even possible with a password manager that has no central database.

that was the theory of bitcoin wasn't it.