How safe are your passwords

[sawdust1]

Hi all, had my yahoo email account hacked last week from Ubekistan were ever that is. Probably my fault as my password was simply that, a word so now i have beefed up all my passwords to super secure. They sent everyone in my contacts list an email from me regarding a moneymaking scam.Annoying as i had to go through my contacts list and tell everone that if they received an email regarding a money making scam it was not from me.

 

[dm65]

password for a password - oh dear

Always go for min 8 characters and I personally like to misspell and use numbers instead of vowels, plus chuck in a non-standard character - sausages would be $0sag3zz for example

 

[Mr_P]

I'm a big fan of 2 small but unconnected words followed by a 3 digit number

eg. logmat326

Plus I know its a pain but use a different password for everthing.

 

[Alex H]

Probably my fault as my password was simply that, a word so now i have beefed up all my passwords to super secure. They sent everyone in my contacts list an email from me regarding a moneymaking scam.

This can be done without knowing your password Simply send an email to you with a spurious link / image containing the code to get the addresses from your contacts list and send the emails when you click / view the image.

It happened to me a long, long time ago - always delete messages you are unsure of

 

[henton49er]

always delete messages you are unsure of

+1 for that. Also, if you know how to view the email headers, you can see the return path for any reply. If you don't recognise the return path, delete without any further thought.

 

[Phil Pascoe]

password for a password - oh dear

Always go for min 8 characters and I personally like to misspell and use numbers instead of vowels, plus chuck in a non-standard character - sausages would be $0sag3zz for example

#-o .......Then thirty seconds later, you forget it?....I would.

 

[John51]

What I use is the model number of something I'm not likely to forget that has letters and numbers.

 

[Gary Morris]

+1 Phil.p, lol

 

[dm65]

#-o .......Then thirty seconds later, you forget it?....I would.

Everyones policy is different to suit them

The point is that they should be memorable, but not guessable or whole words (to stop dictionary attacks)

Here's a handy link - https://passfault.appspot.com/password_ ... .html#menu

What works for you might not work for me but I've never been hacked (omg what have I just said - someone pass me some wood to touch)

 

[Gary Morris]

The trouble is, so many sites require a P/W and ID number / name, I have a little diary with all the ID's and P/W's - 46 so far, but I agree each should be unique. (scratched my head for you DM )

 

[dm65]

The trouble is, so many sites require a P/W and ID number / name, I have a little diary with all the ID's and P/W's - 46 so far, but I agree each should be unique. (scratched my head for you DM )

Cool - feeling luckier already

The other thing you shouldn't do - "I have a little diary with all the ID's and P/W's - 46 so far" - is write them down

There is a limit to the security issue and I think it should depend on what the password protects

And NEVER save credentials in your browser, that's how most people get hacked, cracked, whatever you want to call it

To put this into context though, I went on a security course once where part of the perceived risk was a) someone peeking from that wheelie bin over there and b) screens facing windows where someone could be in the treeline with binoculars - what a fun week that was

 

[Baldhead]

I always used to use the wife's maiden name, until a friend pointed out she was still called Sharon after we married!
Ok I'll get my coat

BH

 

[sawdust1]

Had a good one yesterday, from paypal suspect activity on your paypal account , if it was not you please follow this link. Did return path and it was nothing to do with paypal . Also they started of with dear customer where paypal will always say dear your name. We get scam emails most weeks its great spotting them.

 

[Flynnwood]

Old car registration numbers (that you've owned) can be easy to remember using upper and lower case for the former or latter letters. And easy to remember plus put an alternative character at the end. 12 chars min imo

Example: kx53BUKbu856XPC@

 

[dm65]

Old car registration numbers (that you've owned) can be easy to remember using upper and lower case for the former or latter letters. And easy to remember plus put an alternative character at the end. 12 chars min imo

Example: kx53BUKbu856XPC@

I like old favourite registrations as well

Honestly, in my experience, you can have the best password regime in the world, but if you're gullible, you'll get stung

I know of 3 people who fell for the scam where they get a phone call saying errors have been detected in their eventlogs - you have probably heard of this - they hadn't and each one paid up !

One woman took a call from one of these guys just after I arrived at her house to do a job - thought it was related to what I was doing, but luckily asked me first

 

[Graham Orm]

I use the names of old school friends or a car I used to have and keep a word document with hints in that no one would have a chance of deciphering;

Chisel sharpening forum UK..............Hint: Red car including cc.........Actual password: Triumph2000

Pole dancers & flute polishers forum..........Hint: Blond kid that had fit sister............Actual password: SteveWalker

This way you can have as many passwords as you like, write down hints for them all and no one will ever get them

 

[JakeS]

And NEVER save credentials in your browser, that's how most people get hacked, cracked, whatever you want to call it

I think actually most people still get 'hacked' by willingly giving their password to people who ask for it. It's far easier to set up a fake bank login page and send out scam emails than it is to hurriedly write code to exploit a particular browser security hole before it gets automatically patched on most people's machines, enough people still fall for it, and criminals are by definition lazy people. If they weren't lazy, they'd get a real job!

Saving your credentials to your browser is as safe as most other things on your computer, really - keep your security patches up to date and you probably don't have to worry. Much like securing your house, you don't have to make your computer impregnable, you just have to make it harder than average to break into, then nobody will bother unless they think there's something in there that makes it worth the extra hassle. Careless or stupid people's money works just as well, after all. (If you want to make your computer impregnable, it's easy: sever all network connections, turn the Wi-Fi and Bluetooth off, and never insert any kind of removable media or USB devices.)



I got one of those scammers on the telephone a little while back, when I was working from home one day (I'm sure it's complete coincidence that they only call during normal office/school hours when the people most likely to be computer savvy are presumed away from the home). Almost worthy of Fonejacker: "We've detected that there's something wrong with your computer." "Which computer?" "Your computer, the one in your house." ... yeeeeessss.

 

[henton49er]

I have a regular range of complex passwords and use http://www.passwordmeter.com/ to confirm the strength of them. Anywhere that I use bank/card details have "very strong" or "exceptional" levels, but it does make it more difficult to remember them, particularly as the years pass!!

 

[AndyT]

As ever, XKCD gets it right:

 

[John51]

Best security I've seen was on the Bodog poker site. They had a reference number that your comp could remember. So to get into your account, they'd need to get the ref No. correct plus your password at the same try.

The way it is for most sites, the hackers only need to get one piece of data right.