PDA

View Full Version : Passwords















Sebastiaan56
22nd April 2010, 10:20 AM
Ive just been trying to talk to Telstra. Now apparently a few years ago we had an residential account which we have since cancelled. I set up a business account for a while and of course they wanted gave me a password. Long frustrating phone calls and eventually I get to identify myself with everything but my shoe size. You guessed it they wanted the password they gave me years ago. As anyone who has written to these fools knows its a waste of time, they never receive written communication.

Ive toted it up, I use one password / login combination for forums but I have two sets with one bank and one set each for the other three, two for credit cards, one each for three telecoms providers, several different sets of each of the above for their respective web logins. Add to that a Facebook, an unused Twitter and MySpace, a seldom used Blog, my Accountants FTP and several other ftp's we deal with and I reckon I have over twenty sets of these things. Now I do run a business, and a personal super fund but its all a bit complicated sometimes. Time to downsize I think,

Am I the only one in this position?

jimbur
22nd April 2010, 10:34 AM
You've summed up all the frustrations of modern life in one sentence, "I've just been trying to talk to Telstra". :D
Cheers,
Jim

Ashore
22nd April 2010, 10:50 AM
add to that companies that require you to change your password each month :doh:

chrisb691
22nd April 2010, 11:30 AM
Get yourself 'Password Safe' from here. (http://passwordsafe.sourceforge.net/) Secure the safe with a strong password, and problem solved (provided you maintain the database). :)

RedShirtGuy
23rd April 2010, 01:25 AM
I've used Password Safe before in a web development business. We'd have to store hundreds of logins for various client sites and this made it pretty easy. Although I didn't particularly like the idea of a central repository of details being stored in-house, it got the job done and could be useful for a home user...provided their machine doesn't get compromised (the biggest personal information threat) or completely fall over and fail.

At work it was pretty scary to see how many people and companies, big and small, used simple and easy to guess passwords like "blahblah", "<name>123", "passw0rd".



I guess I have a good memory for passwords as most of mine are pretty complicated to look at but the technique I use to create them helps to remember them.

- Take a memorable sentence from a movie, TV show, book etc. Eg: "I have made it with a woman. Inform the men". (Zapp Brannigan - Futurama)
- Chop it down to the first letter of each word: "ihmiwawitm"
- To secure it up a little more, mix up the capitalisation and swap a few letters for similar looking numbers or special character: "IhM1w@wI7m"

Even that can become guessable but you'd have to know me pretty well both in terms of where the original phrases could come from and my typing/mix up technique. But it's a heck of a lot better than my dog's name :)

The only reason I'd write down logins and passwords is for in the event of my demise...which is a whole other kettle of fish.

jow104
23rd April 2010, 05:17 PM
Before computers you only had one password, your signature.
Time will come that business people will have to have a personal assistant in charge of all their passwords. :roll:

AlexS
23rd April 2010, 07:32 PM
Time will come that business people will have to have a personal assistant in charge of all their passwords. :roll:
You mean you haven't, yet?:D

kiwigeo
23rd April 2010, 07:35 PM
Passwords are like health and safety in the workplace.....thinks get to the point where they become so complicated and unwieldly that you start to go backwards....people start writing down passwords because there are too many to memorise and the workplace becomes more dangerous because people cant be bothered spending half an hour chasing after someone for a signature on a work permit so they dont bother with the permit.

rrich
24th April 2010, 03:36 PM
Of all the absurd requirements placed upon us by the "IT Security" gods, not one makes your password any safer than another. Yeah maybe somebody could guess a common word but then they would have to know you. Automated password hacking programs can use any character as easily as another.

What mystifies me is that, perhaps the best intrusion detection mechanism is never used. A login banner that says:

"Hello user, your last access was **DATE** <DATE>and **TIME**<TIME>."

kiwigeo
24th April 2010, 03:42 PM
So we go from having to memorise one password for each site to having to memorise the last time we logged into each site.....how is this different from having to change your password everytime you log in and memorise same for next time you log into that site?

Haven't you just made the problem even worse?

hughie
26th April 2010, 11:21 PM
I just use a simple system of passwords of varying security ie I have one password for every forum that I belong to. The second level is a simple alpha numeric of common letters and numbers for me. The third is complex alpha numeric of my service number and a password.
Never had any problems to date and I have been on the net since the 90's

kiwigeo
26th April 2010, 11:25 PM
I just use a simple system of passwords of varying security ie I have one password for every forum that I belong to. The second level is a simple alpha numeric of common letters and numbers for me. The third is complex alpha numeric of my service number and a password.
Never had any problems to date and I have been on the net since the 90's

Um.....do you think it wise to be posting up this sort of info on a forum?

hughie
27th April 2010, 11:26 PM
...do you think it wise to be posting up this sort of info on a forum?

Lets look at it.

A forum password who wants one? everybody can join and get one.
Besides what collection of letters is it?

alpha numeric: what composition of letters and numbers? How do I define simple?Upper and lower case? letters and numbers sequence? quantity of numbers and letters? etc

Service number and letters: Which service and which country did serve I in and the letters?

Most passwords are numeric or alpha or combination of both, I am actually admitting to using what everybody else does. :U
As I don't stand out on the net or have a high profile in life,this makes me a very small target add to this I run some several layers of security at home on my desktop just because I can.:U

In another life I was involved with IT both hardware and software, with a lot of security thrown in for good measure. So I mess around with a bit still if the shed is a bit cold.:)

kiwigeo
28th April 2010, 09:39 AM
You missed my point......I'm suggesting that maybe it's not wise publicising how you generate your passwords. I wouldn't have a clue how to crack your passwords but there are others who make a profession out of it and even some who would take your comments as a challenge to crack some of your security measures. eg your service number wouldn't be that hard to find out...I assume you belong to the RSL? Which country dod you serve in? Again your mates down at the RSL should be able to help out here.

Your comments bring us back to one of the original subjects of the thread....having so many passwords that they need to be recorded somewhere. I would hazard an educated guess and say that you write at least some of your passwords down.

Cheers Martin

RossM
28th April 2010, 12:25 PM
Of all the absurd requirements placed upon us by the "IT Security" gods, not one makes your password any safer than another. Yeah maybe somebody could guess a common word but then they would have to know you. Automated password hacking programs can use any character as easily as another.

This is not an accurate summation. A very common hacking technique makes use of hash tables (so called rainbow tables), where dictionary words (english & other languages) and common permutations & combinations of these (such as replacing letter o with zero, i with ! etc) have been used to pre-calculate the encrypted password. This allows a hacker to very quickly uncover the actual password from a compromised system or from intercepted data transmissions. Similar tables are also used in brute force login attacks.

Thus certain types of pasword are very certainly much less secure than another, even with the same apparent complexity.

The best defence against this is to avoid dictionary words & common names, even with mixed up characters, use long pass phrases along with some non-alpha characters, or use apparently random passwords as described by redshirtguy.

If using a password management repositroy like Password Safe it is best to keep the data file on removable media like a thumb drive (and back it up!!) in case your PC is compromised (virus, trojan or other malware). Only insert the drive when you need to access the info.

hughie
28th April 2010, 10:34 PM
\
.I assume you belong to the RSL? Which country dod you serve in? Again your mates down at the RSL should be able to help out here.


Nope on all accounts,and do not speak of it, except with family and at that on very rare occasions . But I take your point.

rrich
30th April 2010, 04:00 PM
how is this different from having to change your password every time you log in and memories same for next time you log into that site?

Haven't you just made the problem even worse?

Not really... It is just a waving flag. You know that you were last here a week ago. But your login says that you were here three hours ago. The waving flag just turned red. AND you know that you need to take some sort of action.

If you were just here, you think, a week and a day ago. The login says it has been a week. Is that a problem? Probably not. You just didn't remember correctly.

It is not a hard rule kind of thing. It is just something to make you think about security, that's all.