dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
510
TherapyChick
join:2003-09-19
Fayetteville, NC

TherapyChick

Member

What kind of password rules do you use?

Do you use a browser/app password manager such as LastPass, KeePass, others?
Do you use the same password across multiple sites?
Do you have super complex passwords such as "aslSAD#$912LJ"
or do you use multiple dictionary words such as "correcthorsebatterystaple"?
Do you change your password on a regular basis,
or do you at least change it when a major security breach has occurred?
Do you use two-factor authentication?

If you're NOT using two-factor authentication, you NEED to be doing this now. Here's a good article to get you started if you're not familiar with it or not sure what to do:

»lifehacker.com/5938565/h ··· ight-now

I started an earlier topic about a math problem to figure out the complexity of passwords based on length and types of characters, and it kind of turned into a password discussion.

timcuth
Braves Fan
Premium Member
join:2000-09-18
Pelham, AL
Technicolor ET2251

timcuth

Premium Member

I use KeepassX. It works on Linux (my main OS), Mac OSX (my sons use), and even on my iPad. When I say it works, I mean I can even copy the same database file to the various hosts and use it, unmodified.

I use complex passwords with upper and lower case letters, numbers, and special symbols. I use a different password for every site. And I use KepassX's random generator to devise the passwords.

If I'm doing something stupid, it's not because I'm not trying.

Tim
TherapyChick
join:2003-09-19
Fayetteville, NC

TherapyChick

Member

Not stupid at all, that's better than most people.

The only upgrade I would suggest is to check out the two-factor authentication thing. 2FA is virtually "impossible" to crack, I put it in quotes because I'm sure somebody may dispute that, but honestly it's better than anything else.

If anyone thinks I'm wrong, I would seriously love to hear something better or a reason it's not as good as I think.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy to TherapyChick

MVM

to TherapyChick
LastPass with Yubikey for two factor authentication.

Some older sites with little or no security value may share a password. As I reconnect to them the password is updated.

For password generation I use random 16 character passwords containing upper and lower case, number, and symbols avoiding ambiguous characters and requiring every character type. Provided the site requiring it will allow a password of that strength. If the site does not allow my standard password generation I modify it to meet the site restrictions.

I change my passwords when they become, or may have become, compromised or hacking methods are updated to make my passwords not as secure, normally as processing times increase the passwords are lengthened.

Majestik
World Traveler
Premium Member
join:2001-05-11
Tulsa, OK

2 edits

Majestik to TherapyChick

Premium Member

to TherapyChick
Now that I've read what a two factor password is. For about three years only my credit union ,401k,and I think SSA use this process. Also an option to enroll my personal computer or smartphone. It's not Google. Only thing I use that's Google is Google Earth and search.
I use the super complex passwords with a combination of words in other languages,about 30-40 characters with a partial character rotating process. Different password for each account.
Have to change passwords every 3-6 months and rejected if new password is similar for two accounts.
Dedicated computer. Apps for portable devices.
Don't use password managers.

timcuth
Braves Fan
Premium Member
join:2000-09-18
Pelham, AL
Technicolor ET2251

timcuth to TherapyChick

Premium Member

to TherapyChick
said by TherapyChick:

The only upgrade I would suggest is to check out the two-factor authentication thing.

I do use that for Google and maybe another account or two, but it is a pain to use - mainly because I don't have my cell phone with me every minute of every day.

Tim

nwrickert
Mod
join:2004-09-04
Geneva, IL

nwrickert to TherapyChick

Mod

to TherapyChick
said by TherapyChick:

Do you use a browser/app password manager such as LastPass, KeePass, others?

The built-in firefox password manager, with a master key set.

Do you have super complex passwords such as "aslSAD#$912LJ"

I use a random password generator, and I then store a copy in an encrypted file.

Do you use the same password across multiple sites?

Mostly no, except for a few very old accounts.

Do you change your password on a regular basis

Only when there is a reason to suspect that it may have been compromised.

Do you use two-factor authentication?

On some sites, but not on most.

TheTechGuru
join:2004-03-25
TEXAS

1 recommendation

TheTechGuru to TherapyChick

Member

to TherapyChick
»www.grc.com/passwords.htm

:-p