passwords too long and complicated

[lindalou]

Does anyone know how I could pick my own password. The passwords assigned are way too long and take a magnifying glass and a lot more memory power than I have these days to remember it Are 15 numbers/letters really necessary. I can't find anyway for the site to "remember me".

[TXiceman]

Pick a saying (silly works well) that you can remember and use the first letters and add some numbers. Such as

 

My monkey likes to eat 8 bananas while at the sea shore.

 

Becomes

 

Mmlte8bwatss.

 

If you need more numbers add a previous house number and substitute $ for s.

 

Use

Mmlte8bwat$$0706

 

These examples are no where like the ones I us. If it is a rotating changing password like every 90 days, add a sequential number like 2nd quarter 2015 which would add 2Q015

 

Ken

[chirakawa]

Does anyone know how I could pick my own password. The passwords assigned are way too long and take a magnifying glass and a lot more memory power than I have these days to remember it Are 15 numbers/letters really necessary. I can't find anyway for the site to "remember me".

 

In the upper right hand corner click on your username, then click on "My Settings". Under "My Settings" you can change your password.

 

When you sign in, you can click a box which will allow you to stay logged in.

[k4rs]

You may want to look at a password manager. It greatly simplifies things and lets you easily use VERY complex (secure) passwords. I use Last Pass:

 

https://lastpass.com/

 

but these are also highly regarded:

 

http://keepass.info/

 

http://www.roboform.com/how-it-works

 

Safe Travels...

[budeneighe]

In most cases, the browser will save passwords but it does not always give you access to them when various sites put up an isolated popup frame to enter username and password. Not hyping a particular PW manager but it is worth the trouble to learn what they do and how for the following reasons:

 

1. If it contains a PW generator (like the good ones do) you don't have to run through complex schemas to come up with (and recall) a unique password. The PW Manager will generate it for you, generate a new one whenever you want and save it for future use whenever you need it.
2. There are a lot of times that one needs to recall a password for a particular site (or APP) but not while online. A good PW manager will also have an encrypted offline database of your PWs that is handily available.
3. Sometimes, there are pieces of information that you want to save but don't ever want it to be viewable by anyone else. A good PW manager can save and encrypt notes for your eyes only.
4. OK, so I have 1400+ logins and passwords. How do I find the one I need when I cannot get online and need security info (PW, pin, Phone#, Account#, etc. to tell the customer rep on the phone so I can get help? Yep, a good PW manager will let you store and find all of these kinds of info, too.
5. How do you backup your list of passwords and logins? Again, a good PW manager has multiple ways to back it up in places much safer than your RV or pocket and make them accessible (to you) from just about anywhere when you need them.
6. When it comes to multifactor authentication, most PW managers don't really have a clue but a few do it… sortof. A worse problem is that most of these multifactor implementations still depend on the user's memory to remember the answers since many of the questions are too ambiguous to be definitive down the road. Manually saving the multifactor Authentication page from the site along with all your answers is also something that a PW manager needs to be able to do, easily.
7. More sites are also splitting the Userid entry page from the password entry page. Very few of the PW managers handle this very well. As a solution, save each page with your data into the PW manager with an identifying name like Microsoft - ID and Microsoft - PW. A good PW manager will recognize the specific page that the data was saved from and recall that info when the page pops up.

Password managers are not just for a little convenience. They are the solution to a growing rigor in security that will eventually take the concept of passwords out of the users' hands. Until then, the only rational way to keep it all straight and safe is a good password manager.

 

Now, I will say that this whole topic is being actively worked on by the big names in Cyberland. Microsoft, Google, Facebook. and many others are providing their own solutions for the time being. Many sites are signing on to these more global solutions by providing an option to sign on with: G+, FB, MSN, etc. If a user will choose one of these then they will not need to remember any passwords for those individual sites. Instead, they just need to remember their Userid and PW for the site mentioned and under the covers, the site you are trying to sign into will get all the necessary security checks done through G+, FB, Microsoft, etc. This can greatly reduce the logistics of having a lot of sites and logons. When you want to change your PW, just change it for your main security site (G+, FB, Microsoft, etc.) and you have done it for all that secure your connection through them.

 

I have a preference for Roboform even though I have tried most of those that have come out over the last 15 years. I just keep coming back to it because it does everything for me including saving my personal info, personal Credit card numbers for filling online forms, etc. and I can put multiple people in it so individually, we each have full access to all the sites and info we share. I change the Master Password periodically and all my entries are re-encrypted and saved anew so I know only those that I just gave the new Master PW to can access any of this information after that point.

 

 

[2gypsies]

Wasn't there a recent security issue with Last Pass?

[justRich]

 

In the upper right hand corner click on your username, then click on "My Settings". Under "My Settings" you can change your password.

 

When you sign in, you can click a box which will allow you to stay logged in.

X2

Click on your username to see the drop-down box menu - choose Settings.

Then look at the left column - you will see a menu option to change email or password (among other options).

Change your password there.

[sandsys]

We use OnePassword. The one to get into it is a dilly but once there everything else is easy.

 

Linda Sand

[Kirk W]

I use Password Safe and have for some time. I just use their password generator and then copy and paste them into the login page that I am visiting. No cost and it is an excellent program. Using a program like that means that you only need to remember one password and is the one for the safe.

[Jimalberta]

I just use 123456 for everything.

[TXiceman]

I just use 123456 for everything.

Thanks Jim. Now what bank do you use?

 

Ken

[wildmandmc]

ok folks. reason why passwords are long or should be, as the more different symbols used it make's it extremely hard for hackers to generate.

best thing to do is , create a txt file, (notepad). type site example ym = yahoo mail. then something like $65#th&9, then continue with your list. save it to your desktop. when u get to that site, copy an paste it . done. yrs back there were password generators, hack programs that could produce a correct password. but symbols like _-; can make it so much harder to re-create.

Also with so many sites being hacked, best to keep your own control of your pw. as your less likely to be hacked, compared to a big site/company.

[WeBeFulltimers]

How about using"Iforgotpassword" ?

[Alie&Jim's Carrilite]

Every time I enter a wrong password, my computer reminds me that the password is incorrect, therefore my non-financial passwords are passwordisincorrect...

[justRich]

I once used my home address for a simple passwords.

My home address is 3214 - easy to remember, right?

 

I used 3214 at a YMCA locker in Arizona once - the kind of locker where you set your own password.

All the lockers look alike. I came back from my work out, dialed in the password, opened the locker - it wasn't my stuff!

It was someone else's locker!

 

That someone had used 123 backward: 321 with a four added on: 3214

What are the chances of that happening? dunno'. . . but I'll NEVER use that password again for anything.

Lesson learned.

[chirakawa]

The OP asked how to boil an egg, and this thread has morphed into how to feed the world.

[budeneighe]

and thus the original point has been made... passwords are too complicated and inconsistent so we can't even simply boil an egg, anymore, without a password.

[Al F]

I have never understood why it is necessary to have passwords like S$12#*FxZy#&4894#DXYb, which are impossible to remember and very difficult to type in. I can't think of a website that I access which doesn't lock me out after 3-5 tries and requires me to go through a process to get a new password. Therefore a basic alpha numeric password made up of the first letters of a little saying with a number put in the middle would be sufficient to block a hacker from getting access. Something like My Dog Was Born 52009 In Chicago which would be: mdwb52009ic

 

If someone had info about passwords which would invalidate my thinking discribed above, please share it with us.

[budeneighe]

Again, if one's schema depends on how good one's memory stays and how few passwords one needs to keep track of, this much of this discussion is moot. Likewise, if all that one really has to protect is not worth anything to hackers then how useful are passwords except to keep out people that you know?

 

There are a growing number of sites that assign secure passwords and you don't get to pick them nor to change them to anything you want to use. Worse, the Federal government sites are now validating your information against the records in Social security and credit bureaus and if that data is currently wrong, even the right passwords won't get you in. And good luck trying to find out what is wrong and where it is because no one really knows or they cannot tell you.

 

Yes, simple passwords for people with nothing to hide or protect (but do you really know what to protect?). Unfortunately, all the public sites for finances, government data, military and health are getting tighter and tighter and becoming more and more complex to use. Eventually, everyone will have to have a good process for retaining userids and passwords or they will spend more time trying to get back into a site than they would spend actually using it.

 

There is the theory which says that the more complex the password the harder it will be to break but it is like trying to achieve the speed of light.... At what point is the value not worth the cost?

 

My aunt was paranoid enough in the 1960s that she shredded (in a commercial shredder) every piece of paper that passed through her hands. She would save it all up and once a week go down and personally shred it all. The processes today would have killed her or driven her mad.

[sandsys]

Before Dave decided we should move to One Password we made up passwords that had meaning for us then made a list of clues to those passwords. For instance one clue might be "best pet". How many of you would know what I consider to be the best pet? Do I mean of all the pets available or the best one I ever owned or the one I liked best among all my friend's pets or...? I still like that system best but Dave knows much more about computer security than I do so I followed his advice and switched systems. Now I'd have trouble accessing many accounts if One Password failed. Do I feel more secure? Nope.

 

Linda Sand

[skp51443]

Looking at this topic made me realize that I don't know any of my on-line passwords! I used to know them but I only had about five, four for money stuff and one for everything else. Then they started warning us about sites insecurely storing password information and how a break in one site would compromise your account at every other site they could find you at with the same password.

 

So I rolled out new passwords for every site... Pain in the neck but I'll worry less.

 

I decided to use good passwords, from a password generation program that let me set it to generate a password compatible with the rules of the site where it was going to be used. Since I use a wide variety of computers and operating systems I couldn't find a password manager that would work on all of them and that I trusted to keep my passwords secure. I ended up using an OpenOffice (now LibreOffice) spreadsheet and saved it in encrypted format. Pretty secure and only one password to remember, another plus I can print my password list for when I need to use it somewhere I can't or don'e want to bring the file. For all the non-money sites I let the browser store the passwords, reasonably secure, low effort and nothing of value at risk.

 

Using simpler passwords and hoping the site will lock your account if someone is trying to break in is fine. That is fine against folks that are trying to guess passwords however I don't think there are many of them out there. I'd guess a few private detectives, forensic investigators, your kids and the like who are trying common things like birthdays and pet names are using guessing. Most professionals don't guess passwords, they recover the password somewhere (key logger or spyware as examples) and just put it in, no issue with multiple tries. Against them the issue isn't the difficulty of your password but how securely you store it. If you share a password on more than one site then their security also becomes an issue.

 

So for web accounts and computers that can't be accessed from the Internet a simpler password is probably adequate, for ones subject to outside attack you need a serious password or better, other means of authentication that don't rely on a simple password that isn't that hard for a professional to collect. Another very important issue for that class of systems is how securely your password information is stored on the destination computer, sloppy methods there are an open door to the professional or even the serious cracking hobbyist wiling to risk bending a few rules.

 

 

How difficult guessing yours will be is easily checked here, just to be paranoid make up a fake password similar to your real one.

My simple password I use on my test systems here, one with eight lowercase letters and numbers in it looks good enough for me.

 

https://www.grc.com/haystack.htm

 

Online Attack Scenario:
(Assuming one thousand guesses per second) 92.27 years

 

 

If you use something like a dictionary word or a common number your odds fall fast, look up Rainbow Tables if you want to see why and how this fails so quickly.

 

Edit: made up a clone of my Amazon password, 11 long, lower case, punctuation and numbers.

 

Online Attack Scenario:
(Assuming one thousand guesses per second) 54.46 million centuries

 

Good enough for me, and why most professionals don't guess aside from obvious choices.

[k4rs]

Stan,

 

Just for fun, open a terminal and enter:

 

date | md5sum >> foo.txt

 

and run the output through the GRC site.

 

Safe Travels...

[skp51443]

Quick but it doesn't get you a lot of entropy from the character set, tossing in some punctuation and some caps adds a lot.

 

I like this one, under Linux. I have a set of icons for the common password rules so I don't have to remember the command flags. If you like a pointy-clicky version try KPassGen that is pretty slick too.

stan@t310:~> pwgen -c -n -y -C 10 98
ewee^Z*a1y ohb9Ezai/b iNgoo1ov<i OJ2uKa/imu uiw&eeCee6 bie3AaC{ud aiTh@oh8ik
Ohm{oo6zug kei#nah1Eu uuB`u9phoh yoyu-eHee7 Saep7Quah= uk{oB4Ooch Uuh)ohr2te
le>u*L0jae ash/ooTu3s cei"Yoh3Ri aa8jeiC]ii ooz7Leig*e quei7Ti;po iiBi4jah_y
woo1uWe#ne aid1Jah~za ahFoh?phe8 main6Iac/o ieSh+eep5g AhD7eCae>f fai!t4aZee
oo1Queip=a shu,ul8Eo1 od{ah9aHoh yooTh2Ahn' IeShu_eJ4O Moa3ga~She su{johf4Ko
Iek8quaix. hie,Gh9aSi ia^Thoo1ki Io,sohgoo5 moh:W0iequ thae+d2oH4 kit}aeDah7
ahru{oS5ai doh2yoh[S6 ook3sahT+i keX@eec2ae iN3phu<iTi Aich0kaC<o Oor*ei2She
ohY6pah.zo zoh^She7yo Faek&iew2o ieX%eegh3e Gu\a7ohp9y ahJoor[ie1 Koom9iec/a
Wei9ao?xoo qui7li_d3I cee1Oku(ox Aiqu'i*m3r aNiNg<o4bi aeboh.R9oH bahk^e3Ohd
RaeP/a9owa VeeH{ei?k4 fi~ye/i8uC IeVei!z7ye ci*m3eemuT oiG{a0iey2 ahQu;oh2qu
Ohgh:oo1ah eiToo=z9th ahT&ug0eiH Pu_o8at0za goo[ng0Iez athuu[duB3 ul*eeN5Aph
vohb8Kai)d Iejae7ke;W Vai!Pho9oo fuv3Yai(ti PhieF6hae` uJ3eej~aFo uqu&i5Iexa
teeth:i0Sh OhL5ohwae' yoo@yuN4qu biY\eihoo6 gi5ce7EiK} Wee6ierei! ooP+ee3ge8
aiQu|ohx2c aeShie9ul` Lais!u$ch5 Iel2aiVei\ eiXae!w9ah aezaeTe@a1 yieGh9ipu^

Edit: Silly colors above are done by the forum, not the program!

[Jim & Alice]

Well... for what it's worth...

 

I have been using the Password Manager, 'roboform' for many years. I have hundreds of logon ids, impossible to remember the passwords, hence this product. It is First Class - generates random passwords, auto fills such, has cloud storage that serves multiple computers, usage notes, selective Master Password requirement, secure Forms fill, multiple forms...

 

For the $30 a year, and piece of mind, I think it is a bargain.

Jim

[lindalou]

Thanks for all the help on passwords. Got the site to "remember me". And generated a password I can remember.