Steve Saunders Goldwing Forums banner

1 - 14 of 14 Posts

·
Junior Member
Joined
·
103 Posts
Hey since talking passwords .



I would like to hear from folks two things .



1. without giving away in such a way that we could guess your password
I am curious how folks come to make their passwords?



2. Does anyone use a password manager?



**************************************************************
I am getting older and I must say , I think it might be time for me to get a password manager.

I keep forgetting passwords LOL.



****************************************************************
Back in the day , I struggled to explain to computer users they need to stop using the same passwords for all their stuff. Then I came up with a silly idea , here is how it goes.



a password of say: Mydogspot, would be to easy to guess in a rainbow tables or dictionary type attack.



But if you go up and to the right on your keyboard.



Mydogspot = K7r0ye-06


If you are following me here ....my dog spot is easy to remember, and going up and to the right

that is easy to remember. But typing it often leads to peck peck peck lol on keyboard.


What is even crazier is the experts say that this My-dog-spot is much harder password now, for bad guys, than that the gibberish I just posted above K7r0ye-06

I higher bit of entropy , as they say.
 

·
Administrator
Joined
·
57,638 Posts
I have been using LastPass for almost 30 years, tried a couple of the other favorites, but always stayed with LastPass as it is very reliable.


To make up a password, I usually use a keyword containing my favorite place to stay, or eat at, that is a state or two away..... then I throw in $$$ or other !!! character, and then I add a string of things that make sense to me.....


so, I have 3 character patterns that I use over the years for things, and try not to use the same patterns with finance places period, nor use that pattern in any casual website like the forums we visit. so, that means pattern1, pattern2, pattern3 and jumble them up.



forums, I stick with short and simple, what's to loose anyway, and who gives a damn about a user's password on a forum. I am still pissed at VerticalScope for just up and arbitrarily deleting everyone's forum password and having them to create a new one, that is only accessed from the stored email address...


roughly 25% of our users have new email addresses and could not remember what they signed up with 15 years ago... that was just plain stupid, and the dumbest thing I ever heard of. gave us no warning, just deleted them all in one fell swoop.... everyone, even the moderators.... and I could not get back into my own account.


they got a bloody earful over that stupid fiasco.
 

·
Magic Moderator
Joined
·
4,258 Posts
Discussion Starter #5
I store them in a composition book the ones I seldom use and the common ones are stored in the browser as well as the book and then there are banking ones that are stored in my head and the composition book.
 

·
Registered
Joined
·
101 Posts
The wife and I have many joint accounts for about everything we do on the web and keep a password protected XL file on our laptops and mobiles. I do most of the password updating as some places require a 90 day password change so I make the changes as needed then put the new XL file on each device. I've never thought of using an app for this. Most of the stuff on each of our mobiles and/or laptops are fingerprint login so what doesn't have to be changed is a swipe of the finger and we're on.

Sent from my SM-G950U using Tapatalk
 

·
Administrator
Joined
·
57,638 Posts
I use Evernote Free which is an encrypted file that is cloud based.
you can access it via the web on any PC. Love it, used it 20+ years.

LastPass is also webbased, and can be linked to any PC, provided you use the same credentials on all of the PCs. I have it installed on 2 desktops, 5 laptops.

If you and your wife would just use LastPass, and log into it with the same credential, there would be no need for the XL file... although, in truth, I keep the important financial website passwords in Evernote as a backup......

and with LastPass, you better store 15 copies ( joke ) of the Master Password for it, or you will loose access LastPass:
they do not offer a back door, period. they make that abundantly clear, but some folks gloss right over it, because Google will let you in if you can remember something about your old password. Not LastPass, you must enter the exact credential or you can't login.
 

·
Administrator
Joined
·
57,638 Posts
Security issue with email reminders:


Do NOT, ever follow a link thru email.


Log into the Master Website link for your banks and credit cards, and log in with your credentials only.


too many folks have found out the hard way, that email links are open to the public, and your login info goes onto the local newspaper ( a joke, but nearly true )
 

·
Registered
Joined
·
227 Posts
The wife and I have many joint accounts for about everything we do on the web and keep a password protected XL file on our laptops and mobiles.
Please consider a secure and encrypted local file alternative like KeePass. The passwords on Excel files are so easily cracked they're not even considered passwords anymore, they're more like "momentary inconveniences". Google "excel password crack".

I use Evernote Free which is an encrypted file that is cloud based.
you can access it via the web on any PC. Love it, used it 20+ years.
Evernote's encryption improved considerably when they moved their back end to Google Cloud, but the platform is still considered one of the least secure note-taking applications, and all of your data is stored in plain text while being indexed, and may (still) be accessible to Evernote employees.

I don't store medical, financial, or personal data in Evernote's cloud - but I do keep them in "local" Evernote notebooks (so they remain searchable) that I back up and synchronize separately using Resilio Sync, the same application that syncs my KeePass file between servers, laptops, and mobile devices. Resilio is a non-cloud sync tool, so I don't have to worry about Dropbox, OneDrive, or Google Drive having access to my private data.

I also use LastPass in the cloud, for everything but my bank and brokerage account credentials, but I don't like having everything in one basket like that.

Passwords need to go away as a primary form of identification...!
 

·
Administrator
Joined
·
57,638 Posts
Passwords need to go away as a primary form of identification...!

and just what would you propose to use instead?
I do not like a chain of serial questions, pisses me off to no end.


and I do NOT like depending on a USB FOB, not all of my PCs have extra USB connectors, as is the case with this one I am using now. it has one only, the other two quit years ago.
 

·
Registered
Joined
·
227 Posts
One alternative is "continuous authentication".

I was at a CISO conference in San Diego last year - the CISO of Aetna was presenting on their new technology to authenticate their users without bothering them with passwords and PINs.

When you're using their website, they are tracking about 30 different elements about you. Typing speed, mouse movements, IP address, location, time of day, pages visited... When you're using their mobile app, it's no less than 60 elements. The angle you hold the phone, biometrics, other apps installed,...

They know it's you without you having to do anything different.

Other technologies in play are FIDO2 and WebAuthn, coming to an Android near you. https://www.wired.com/story/android-passwordless-login-fido2/
 

·
Junior Member
Joined
·
103 Posts
I think I will go with lastpass I have heard about it for years , just never took the plunge.

Has anyone heard of SQRL by Steve Gibson of GRC.com ?

Some day it will revolutionize how we log into websites . It is basically a QR code like when they scan a grocery item from a store.

Personally I can't wait till SQRl takes off . But I suspect websites that want to track you will be the hold outs.

One of the key features besides its brilliant security is ..... we all have wanted to make a post on a website but did not really want to go through the sign up process of being a member.
With SQRL it is possible to become an instant member of a website. The trick of course is getting all the websites to buy in.

https://www.grc.com/sqrl/sqrl.htm
 

·
Junior Member
Joined
·
103 Posts
One alternative is "continuous authentication".

I was at a CISO conference in San Diego last year - the CISO of Aetna was presenting on their new technology to authenticate their users without bothering them with passwords and PINs.

When you're using their website, they are tracking about 30 different elements about you. Typing speed, mouse movements, IP address, location, time of day, pages visited... When you're using their mobile app, it's no less than 60 elements. The angle you hold the phone, biometrics, other apps installed,...

They know it's you without you having to do anything different.

Other technologies in play are FIDO2 and WebAuthn, coming to an Android near you. https://www.wired.com/story/android-passwordless-login-fido2/

WOw Thanks for the Info
 
1 - 14 of 14 Posts
Top