Your passwords are probably a lot worse than you think

[RV_]

Password breaches have become commonplace. Here's how to check the status of your passwords and, more important, keep your identity safe.

This is a useful article but if you don't read articles just go here, and enter each of your email addresses and see if you are compromised: https://haveibeenpwned.com/

Then read the article:

https://www.cnet.com/how-to/find-out-if-your-passwords-been-hacked/?ftag=CAD3c77551&bhid=20640562413884385817807471581031

[Barbaraok]

Thanks for the links.  

[RV_]

YW!

I was pwned by two with my main personal email and none by RV@ AreV roadie. comma (Sp int.). I was shocked because my RV@ is public and the email is on the bottom of many of the pages on it.

You?

[Barbaraok]

Neither of mine, one of Dave's - his LinkedIn account.  

[Bill Joyce]

Wow, one of mine I did not expect.  I will fix it.  Two other passed.

[justRich]

There are several password testers that are fun to use just to see :

https://howsecureismypassword.net/

http://password-checker.online-domain-tools.com/

my2dogs(mutt&jeff)  - It would take about 4 trillion years to crack.

[avvidclif]

Throw in a couple of capital letters at random places and it would be harder.

[wtmtnhiker]

I use Lastpass to generate and store my passwords. They are usually long and complicated and different for each and every site.  I use 2 step verification on everything that's important like, bank accts, email, amazon, Lastpass etc.The only password that has to be one I remember is for the Lastpass. I change my passwords often which is easy to do with Lastpass maybe 3 to 4 times a year. Works well and I've been using it for 2 to 3 years now. There are other programs out there too like Keepass and others. 

[DJW]

Rv

Thanks.  Checked both DW's and mine and neither had been compromised.

Dennis

 

 

 

[Biker56]

This was on last nights CBS news.

http://www.cbsnews.com/news/bill-burr-passwords-guidance/

Out of 12 of my email addresses 2 had  breaches

Both were MS And I had changed password on both of them just a few weeks ago.
So I don't know if the breach happen before or after the change.

[Jim & Alice]

Thanks, Derek. Had a couple 'well known' hacks.

[Mark and Dale Bruss]

Since I have been using the same email address from about the beginning of the Internet, I have 4 hits on the survey.  But pay attention to the statement is that they were checking for the presence of the email address.  They have no way of determining whether the password is "cracked".

My passwords get changed every so often usually forced by Microsoft or the email provider.  Then I have to ripple thru all the places I use.

I use LastPass to manage my logins.  One it remembers them and Two I know where I need to change them if needed.

[frater jason]

2 hours ago, Mark and Dale Bruss said:

Since I have been using the same email address from about the beginning of the Internet, I have 4 hits on the survey.  But pay attention to the statement is that they were checking for the presence of the email address.  They have no way of determining whether the password is "cracked".

Well, there is no way for the user to know without seeing the dumpfiles (from darknet or similar).    The site knows because it's parsing the dumps.  

In some cases, like the 500k accounts exposed in an earlier Yahoo hack, the passwords were stored as plain text and so are directly accessible in the dumps.  In some they were unsalted hashes which makes it harder;  common passes would be identified at once from password and common language dictionaries.   Salted hashes usually make it impractical to crack for normal value targets.

 

 

[DuneElliot]

I also use LastPass after a recommendation from this site. I have a nice long complicated password for that but it's the only one I have to remember. There are a couple of moderate passwords I use on accounts I don't have any personal information but they are still numbers and letters and capitals...just not random.

[DJW]

Password Managers  Really?

What happened  to using your mind?  In the old days I could remember 25 or 30 phone numbers, now they are all on the contact list and I cannot remember my DW's cell number most of the time.  Passwords I have maybe 30 different accounts and they are all different and I remember them.  Why would you want to list all your passwords on someone else's storage device?  Or give them to someone else to manage?  My thoughts are that if you create a ball buster password in your mind and then make slight deviations to it that only your mind will know why, why do you need a manager?

Just thoughts

Dennis

 

 

[Mark and Dale Bruss]

Use to do when I was young.  Knew every part number of every time replaceable item on a Huey.  Use to.

Now I use LastPass.

[RV_]

I used to make a mental note for each password. Now they are still noted but I keep losing the notebook.

The breaches included passwords in several of them. They just used the emails as a unique identifier.

I'm not sure I'm comfortable testing my passwords on a website that could be set up to collect them under that as a ruse, then selling them along with my email or IP address.

Insofar as security, I have read and also use, familiar words grouped as a nonsense phrase with only two or three unrelated words.

Like "Jumboesthetics" Jumbo esthetics. Or Redtiresindigestion"Red tires indigestion.

Or make up a sentence that makes sense and use only the first letters and numbers. "I belong to 2 rv clubs that have tips and tricks" becomes "Ib22rcthtat" or "At 65 I'm getting 2 old for this spit" becomes "A65Ig2ofts" I make all to/too/two become "2" and use caps only on the first word.

 

[Barbaraok]

Use 3 for 'e', use 0 for 'o", @ for 'a', ! for 'l', $ for 'S', etc.  

I used the 'test password strength' for phrases similar to what I'm going to use - - turns out when you make it 10 characters long with a couple of symbols, couple of numbers, a capital or 2, the time to crack gets huge.

[DJW]

I agree Barb.  Give it some thought, make it hard to crack and I believe you are good to go.  RV store the notebook where you know no one would every think to look.

Dennis

 

[kudzu]

Why not use a password management program that makes it almost effortless to use an excruciatingly difficult and unique password for each website? I love RoboForm but there are a number of good ones, even free ones. A huge additional benefit of such a program is how easy it makes it to move from one computer to another.

[Jim & Alice]

28 minutes ago, kudzu said:

I love RoboForm

Agreed.   I have been using it for years... the money is well worth it.

 

[justRich]

Other strategies include using one password for all but with the inclusion of part of the site name.
This site for example:  my2dogs(mutt&jeff)rvnet
My password would be; my2dogs(mutt&jeff) plus rvnet 
For Vanguard: my2dogs(mutt&jeff)vangu  etc.  This is only an illustration and there are variations on this theme that are easy to remember but hard to crack.

 

 

[frater jason]

On 8/11/2017 at 0:48 AM, Barbaraok said:

Use 3 for 'e', use 0 for 'o", @ for 'a', ! for 'l', $ for 'S', etc.  

 

Caveat - avoid this combination:

• words that can be found in a dictionary / common phrases; and
• all characters replaced

There are dictionary attacks that translate words to "l33t speak" on the fly using mutation rules.