dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
19

alanhdsl
Premium Member
join:1999-10-09
Phoenix, AZ

alanhdsl to David

Premium Member

to David

Re: Stupid User Tricks: Password Selection - "WORD1"

Those may be good passwords, but now you're inviting a yellow sticky note with "3REfrure" written on it.

The challenge is that good passwords are hard to remember, so people either pick simple ones and/or write them down. I'm not sure there's a good solution.

PolarBear03
The bear formerly known as aaron8301
Premium Member
join:2005-01-03

PolarBear03

Premium Member

But it's VERY hard for a MySpace phishing bot to get the password from the yellow sticky note on the side of your monitor. Or any hacker, for that matter. All you have to worry about is the FBI raiding your house, and your evil little sister...

AB57
Premium Member
join:2006-04-04
equatorial

1 edit

AB57 to alanhdsl

Premium Member

to alanhdsl
said by alanhdsl:

Those may be good passwords, but now you're inviting a yellow sticky note with "3REfrure" written on it.

The challenge is that good passwords are hard to remember, so people either pick simple ones and/or write them down. I'm not sure there's a good solution.
Actually, the only challenge is to use something that's complicated, unique, and easy to remember-- or to discover if forgotten.
Sound tough? Not so! (Provided long passwords are allowed, at any rate.)

An example: #MoM:(555)893-12743215#

This is my mother's phone number (obviously not really) followed by her street address number.
All I have to remember, besides the phone number and street address, is that I use a lower case 'o' (or upper case 'm's) at the beginning along with a colon, and surround it with 'pound' signs.
Or I could put 'MoM' at the end instead of the beginning if I wanted to.
And of course my mother's phone number & street address are things that I'm likely to have memorized anyway. As well as that they are easily recovered should I forget them.

The point is that this is a very complicated password that's also not very difficult to remember, therefore negating any need to write it down.
All of my important passwords are structured similarly, and are written down nowhere-- certainly not as passwords, at any rate.
I've always found this to be a quite workable solution.

For stuff like logging into newspaper sites, it's 123 or whatever, because who cares?

Now, getting someone to actually spend the 5 or 10 minutes it takes to come up with a decent password is an issue of it's own.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

The problem with long passwords, and especially all those numbers, is that you can't see what you are typing. Way too easy to transpose numbers. I'd probably type that a dozen times and never get it right and some sites only allow three attempts. I only use complex passwords for banking sites and didn't do it for them until recently.

There is no reason to x out passwords on the screen if the user isn't somewhere that others look over his shoulder or take photos from a distance. I always have wondered why that is done. That should be something that a user turns on if they need it otherwise what you are typing should show up on the screen. I'm always mistyping a password, even one that is not complicated and that I have typed many times, and it irritates me that I can't tell what I am typing.

caffeinator
Coming soon to a cup near you..
Premium Member
join:2005-01-16
00000

caffeinator

Premium Member

I use "normal" length and complexity passwords on the average sites, althought I don't use anything less than 8 chars and mixedcase with numbers.

I have a textfile for the really long ones like banking and Paypal.

Those ones are mixed-case alphanumeric with symbols and over 12 chars long. (one is over 32chars)

I Copy/Paste 'em, so no worries.

-CaFF

nwrickert
Mod
join:2004-09-04
Geneva, IL

nwrickert to Mele20

Mod

to Mele20
The problem with long passwords, and especially all those numbers, is that you can't see what you are typing.
My most important passwords are, I hope, hard to guess but easy enough for me to remember. There are very few of these.

For the rest, the passwords are in an encrypted file (actually an encrypted email to myself). I can decrypt, then cut and paste, to be sure I type it in correctly. The encryption pass phrase is one of those "most important passwords."
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

Gee, mine are all in two different folders. One for banking and another for all other passwords. All passwords for the past more than 8 years are there...lots and lots of them. It is quite irritating to have to go look up a password every time I have login somewhere. The one for here is the only one I remember. I wish a fingerprint thingy worked with Fx...I think those still work only with IE.

I never have understood why I can't turn offthe hiding of the password I type. There is no one here to see it so why can't I turn that off? I should be able to do that. It should be turned off by default for home users seems to me.

Owlbet
Ignite the Ice
Premium Member
join:2002-09-24
Palmer, AK

Owlbet to PolarBear03

Premium Member

to PolarBear03
said by PolarBear03:

But it's VERY hard for a MySpace phishing bot to get the password from the yellow sticky note on the side of your monitor.
Silly move on my part but done out of convenience for another adult member of my household: I wrote the user name and password for our router on the top of the router.

I recently had DTV installed. The first thing I did after the installer left was change the password on the router and black out the information I had previously written on it.

The other adult member now carries a laminated business card in his wallet with the router information on it.

angussf
Premium Member
join:2002-01-11
Tucson, AZ

angussf to caffeinator

Premium Member

to caffeinator
said by caffeinator:

I have a textfile for the really long ones like banking and Paypal.
IIWY I would get some sort of encrypted password store instead of a text file. I use a Palm device, so I use YAPS with the YAPSviewer program on my desktop that allows me to cut-and-paste from the datastore. There are other packages, including OSS ones like KeePass Password Safe
»keepass.info/ so cost shouldn't be a concern here. That way you memorize ONE long complex password (to the password database) and look up all the rest, yet if someone steals your computer / laptop / PIM device, you haven't lost anything.

caffeinator
Coming soon to a cup near you..
Premium Member
join:2005-01-16
00000

caffeinator

Premium Member

said by angussf:

IIWY I would get some sort of encrypted password store instead of a text file. I use a Palm device, so I use YAPS with the YAPSviewer program on my desktop that allows me to cut-and-paste from the datastore. There are other packages, including OSS ones like KeePass Password Safe
»keepass.info/ so cost shouldn't be a concern here. That way you memorize ONE long complex password (to the password database) and look up all the rest, yet if someone steals your computer / laptop / PIM device, you haven't lost anything.
Yeah, that's true..I should try that at some time.

In my situation, it's not much of a risk, as nobody else is ever here, and it's only a couple passwords. Also, they're not easily identified as such, just a couple lines amongst 100's of lines of other text.

I know what line it is, but others wouldn't.

Most all of my website passwords are kept in Opera's Wand.

(yeah, I know it's only MD5 hashed and can be recovered easy enough, but the chance of anyone getting to my computer three flights up in a locked security building is slim.)

Could my system be penetrated?
Maybe, but it hasn't happened yet in 15 years.

Besides, I have no money in the bank to take, no CC's, no credit, Nada. GL with stealing my identity..it'd be of no use to anyone. The only time I ever worried was when I got my wallet stolen awhile ago...much more bothersome than worrying over computer passwords IMO.

Simply put, I don't live like "normal" folks, so a lot of those rules aren't needed for me.

Thanks for mentioning it though.

-CaFF

AB57
Premium Member
join:2006-04-04
equatorial

AB57 to Mele20

Premium Member

to Mele20
said by Mele20:

The problem with long passwords, and especially all those numbers, is that you can't see what you are typing. Way too easy to transpose numbers. I'd probably type that a dozen times and never get it right and some sites only allow three attempts. I only use complex passwords for banking sites and didn't do it for them until recently.

There is no reason to x out passwords on the screen if the user isn't somewhere that others look over his shoulder or take photos from a distance. I always have wondered why that is done. That should be something that a user turns on if they need it otherwise what you are typing should show up on the screen. I'm always mistyping a password, even one that is not complicated and that I have typed many times, and it irritates me that I can't tell what I am typing.
Sounds like a PEBKAC issue.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

What's "PBEKAC"?

AB57
Premium Member
join:2006-04-04
equatorial

1 recommendation

AB57

Premium Member

said by Mele20:

What's "PBEKAC"?
Is that what I said? I thought I said "PEBKAC".

Google is your friend (well, my friend anyway.)

»en.wikipedia.org/wiki/PEBKAC
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

I transposed the letters as quite a few folks do all the time..I don't do it often thank goodness. I do it with numbers a great deal though.

If you are into playing games instead of answering my question...obviously it is irrelevant what it is. If I had wanted to use Scroogle to figure it out, I would have done so instead of politely asking you what you meant when the correct thing would have been for you to state what you meant in the first place. I asked for a fix for the stupid xxxx that one sees when typing a password. You gave me an acronym instead of a fix. Telling folks here who ask for help to use Google ...gee, why do we have these forums then? Everyone should just use a search engine if they need help.
Expand your moderator at work

Grail Knight

Premium Member
join:2003-05-31
Valhalla

1 edit

Grail Knight to Mele20

Premium Member

to Mele20

Re: Stupid User Tricks: Password Selection - "WORD1"

Searching for an answer before asking a question is the norm as many times the question has already been asked and answered.

PEBKAC: »/nsear ··· KAC&cat=

Here is one tool that will reveal passwords which I found through a search engine. There are many others if you look for them. This one is freeware and no I have not used it as the asterisks are a security measure no matter where you are inputting the password. Just because a person is inside their home does not mean that someone is not peaking over your shoulder.

AsterWin

Thug21
Just Chillin'
Premium Member
join:2005-08-21

3 edits

Thug21 to alanhdsl

Premium Member

to alanhdsl
For medium security, I come up with a long phrase that is easy to remember and then use the first letter of each word. It might not be totally random but it's better than a lot of things.

pog4
Premium Member
join:2004-06-03
Kihei, HI

1 edit

pog4

Premium Member

I often just use old street names and dead phone numbers from my relatives' pasts.

For eg, sesame18085551212 ...long, no trouble remembering, very easy to type into a masked field. I can also write these down in part (ie, just the person's name) without risking much if someone "bad" finds the list...

My bank password is similarly structured using my grandmother's info from 1972.