#1
|
||||
|
||||
OT - How secure is your password
Since we talk about scams often enough here.
Think it was on the news that I saw this. Adding numbers and special characters does make a big difference. At least according to this site. https://www.security.org/how-secure-is-my-password/ |
#2
|
|||
|
|||
I long gave up on making them up myself. Use a program to generate a super secure one and then obviously you have to use a program to store them, it's impossible to remember them all when you have hundreds and they're totally random.
|
#3
|
|||
|
|||
Hopefully pretty secure. I use Bitwarden with random 30 characters for all passwords unless other requirements.
|
#4
|
|||
|
|||
Then what happens if that program fails or you don't have access to it? I've been unwilling thus far to put all my faith in a password manager.
|
#5
|
|||
|
|||
There's generally a reset procedure on most things you would log into.
Let's put it this way, the chances of your self generated password that you probably share on multiple sites getting hacked is way higher than the frequency things like the Apple iCloud passwords or Google password manager have been hacked, those two have never failed IIRC. I use both of those two, so they'd both have to fail. The weakness there is there are two password managers that could be hacked and expose your passwords. The other weakness is I have to keep the two managers synced. But again, the frequency of "Site X" turning out to not encrypt your password properly in it's DB and then Site X gets hacked is WAY higher than the frequency of the password managers being hacked. Nobody hires a bunch of security neophytes to build security systems, but many "Site X" places have zero security experts on staff. "Site X got hacked and didn't secure their passwords properly" is almost a daily thing. Also passwords are going extinct anyway. I work in computer security. All of our important stuff is triple factor security. You need your RSA key, a password, AND a time based code from a security system. Of those 3 the password is the least useful, there is a lot of work going towards getting rid of passwords. The thing with using the encryption keys instead of passwords is the private parts of encryption keys are never transmitted over the network. The site you are logging into only gets the public part of the key. Someone stealing the public key does not gain the ability to impersonate you. Last edited by benb; 04-19-2024 at 10:13 AM. |
#6
|
|||
|
|||
A password manager is a required part of a digital life as far as I'm concerned. If you're not using one, your chances of a serious compromise is orders of magnitude higher.
I've been using one for over a decade. Never any issues. It's backed up, so it's hard to see how it could fail in a way that was not recoverable. And if it did, I would simply have to reset a lot of passwords. Irritating but not the end of the world. |
#7
|
||||
|
||||
Quote:
|
#8
|
|||
|
|||
Quote:
One option is to keep a second app that isnt web-based, like KeePass, which stores all your passwords on an encrypted database on your device. So if your regular web-based service goes down, youre not without your passwords. Only pain would be having to manually sync passwords that you add or change to KeePass, but im sure theres a way to sync it automatically... |
#9
|
|||
|
|||
I use a spreadsheet to keep up with my passwords.
__________________
Forgive me for posting dumb stuff. Chris Little Rock, AR |
#10
|
|||
|
|||
I work in Cybersecurity as well and what I tell friends/family/co-workers is:
- Use a password manager - Have it create and store the passwords for you (15 characters minimum but the more the better) - DO NOT use the same password for multiple accounts/services - Make sure ALL accounts/services are setup for multi-factor authentication - Your email password should be the STRONGEST password (because if hackers can into your email they can often reset passwords for all other accounts/services since most people do not use multi-factor authentication) - Your password manager should have your second strongest password - Write your eMail and Password Manger passwords on an index card (yes, I mean paper) and store them safely some place in your home. DO NOT save them anywhere else. Many commercial password managers can be (or have been) broken. Nothing is perfect. The safest method is to keep everything on paper, locked away at home, and never share with anyone. Multi-factor authentication is not perfect. Hackers have found interesting ways to get around it (i.e. they can clone your mobile number to receive the multi-factor code you need to authorize yourself to a system after entering the password they have been able to figure out or steal from you). The point is, most hackers are lazy so if you use a few different methods to protect yourself, hackers will move on and try to terrorize another person who may not have safeguards in place. Be careful out there. |
#11
|
||||
|
||||
Quote:
i.e. Poopystuffebay# for ebay sign-on, Poopystuffamaz# for Amazon sign-on... (examples only, although I actually like "Poopystuff" as a base.. ...and of course you can mix in numbers in the base...as most sites want a mix of alphas, numbers and special chars...
__________________
Colnagi Seven Moots Sampson HotTubes LtSpeed SpeshFat |
#12
|
|||
|
|||
+1 to password manager. Always amazed when people don't use one. Have it generate the passwords for you.
That said, I am totally fine to use a known-to-the-world throwaway password for services that I don't care about. |
#13
|
||||
|
||||
Quote:
|
#14
|
|||
|
|||
your data is cached locally in some (most?) password managers though you may need to configure that behavior.
https://support.1password.com/sync/ https://support.lastpass.com/s/docum...tml&_LANG=enus |
#15
|
||||
|
||||
Would appreciate you sharing your approach to this. Are you able to automate this when you change or add a password, or do you have to do it manually? Thanks
|
|
|