Ok, so I consider myself a moderate when dealing with passwords. I don't use common names, dates and/or words, none of my security questions and answers are legit and I vary the level of password difficulty pending on what I'm safeguarding. However, I don't use 20 character passwords or have paranoia that people are always trying to hack me.
So, with that being said, I've been getting rather frustrated with the varying password policies from websites. I applaud their desire to protect our data, but their policies aren't uniform and are dumb, making me create and remember more and more passwords. The more unnecessary restrictions you have, the less possibilities there are.
Prime example. Same website made me create a password that had to be at least so many characters, but no special characters. Later, in the same website, I had to create another password that had to be EXACTLY 8 characters, using at least one number, one special character, but only SOME special characters. (I don't remember the exact policies, but they were something to that effect). Because my first password violated the second password policy, I had to create an entirely different (modified) password for the same site! And, no, this wasn't Healthcare.gov.
As I start to do more stuff online, I run into this more and more and has become more and more frustrating. What's the point of creating a policy that doesn't allow special characters?
What say ye?
- Forums
- Cross Site
- The Asylum
- P@$$w0rd S3cur!ty
P@$$w0rd S3cur!tyFollow
I just use KeePass to manage all my passwords.
Funny you mention healthcare.gov. I was going to sign up for that until they told me my USERNAME had to have numbers and/or special characters. Password security recommendations are fine. Arbitrary restrictions left up to the developers to determine are asinine.
Spoonless wrote:
I just use KeePass to manage all my passwords.
KeePass is great, unless you ever need to log in from a computer that doesn't have access to your password kdb file. I use DropBox to ensure that I have access to it from several computers, but **** all if I'm going to download my password db to a third party or public computer, let alone download or install KeePass to read it.
I have 3 different generic passwords I use commonly. Those are varied enough that I can almost always use one of them no matter the restrictions. Since most places give you 3 guesses on your password it works out well for the whole remembering part (which I suck at). After that important stuff has subtle variations of the above, something that easy enough for me to remember (i.e. somehow related), but changes the password fairly significantly, and has some part I can iterate on if I'm forced to change things up a bit, like the work password which changes every few months.
The questions are the bane of my existence though. Firstly I don't have a favorite teacher, or a favorite fruit, don't remember the model of my first girlfriend's car, split my childhood between a few different houses, can never seem to remember whether or not my first phone number should include the area code, and that theme continues for 90% of what they come up with. I'd make up fake answers for those (which I'm told is best to do anyway), but I get forced into using those questions so infrequently I can't seem to remember my fake answers.
I'll just stick with the herd thing and hope enough of the rest of you are feeble, injured, or somehow look more delicious so the predators will go after you first and leave me alone.
Edited, Oct 18th 2013 8:28am by someproteinguy
The questions are the bane of my existence though. Firstly I don't have a favorite teacher, or a favorite fruit, don't remember the model of my first girlfriend's car, split my childhood between a few different houses, can never seem to remember whether or not my first phone number should include the area code, and that theme continues for 90% of what they come up with. I'd make up fake answers for those (which I'm told is best to do anyway), but I get forced into using those questions so infrequently I can't seem to remember my fake answers.
I'll just stick with the herd thing and hope enough of the rest of you are feeble, injured, or somehow look more delicious so the predators will go after you first and leave me alone.
Edited, Oct 18th 2013 8:28am by someproteinguy
That monster in the mirror, he just might be you. -Grover
My passwords these days all follow a specific pattern, but each one is unique. I think of a keyword related to the site I'm trying to access (like bank, or game) and tack on a specific number combo and special character at the end. I almost always end up with nice, 8-10 character passwords that are unique to the service I'm trying to access. Even if someone keylogs me one place, it won't help them get anywhere else without brute forcing a bit.
I disappointed no one has come up with something easier and more secure for the home computer user than passwords. Retina-scans, odor-recognition or fingerprint passes, heck even a swipe card would work.
Alma wrote:
I lost my post
I may have one or two thoughts on the subjects of passwords...
https://everquest.allakhazam.com/forum.html?forum=25&mid=130025123118577481
https://everquest.allakhazam.com/forum.html?forum=25&mid=130025123118577481
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
I will not discuss my passwords here. TLW frequents this place.
Donate. One day it could be your family.
An invasion of armies can be resisted, but not an idea whose time has come. Victor Hugo
An invasion of armies can be resisted, but not an idea whose time has come. Victor Hugo
What's the point of creating a policy that doesn't allow special characters?
It makes users feel more secure. The reality is most password files are barely encrypted if not kept in plaintext and take an hour for a 12 year old to break. Forcing users to rule out "password" as a password seems like a good idea until dictionary attacks add "password_1" to lists.
It makes users feel more secure. The reality is most password files are barely encrypted if not kept in plaintext and take an hour for a 12 year old to break. Forcing users to rule out "password" as a password seems like a good idea until dictionary attacks add "password_1" to lists.
Disclaimer:
To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a *****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? Gay. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.
To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a *****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? Gay. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.
Quote:
Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.
Edited, Oct 18th 2013 12:05pm by someproteinguy
That monster in the mirror, he just might be you. -Grover
someproteinguy wrote:
I have 3 different generic passwords I use commonly. Those are varied enough that I can almost always use one of them no matter the restrictions. Since most places give you 3 guesses on your password it works out well for the whole remembering part (which I suck at). After that important stuff has subtle variations of the above, something that easy enough for me to remember (i.e. somehow related), but changes the password fairly significantly, and has some part I can iterate on if I'm forced to change things up a bit, like the work password which changes every few months.
Edited, Oct 18th 2013 8:28am by someproteinguy
Edited, Oct 18th 2013 8:28am by someproteinguy
That's how I am and that usually isn't an issue, but over time, I have come across ridiculous password policies that forces me to alter my passwords, creating new alterations.
SPG wrote:
The questions are the bane of my existence though. Firstly I don't have a favorite teacher, or a favorite fruit, don't remember the model of my first girlfriend's car, split my childhood between a few different houses, can never seem to remember whether or not my first phone number should include the area code, and that theme continues for 90% of what they come up with. I'd make up fake answers for those (which I'm told is best to do anyway), but I get forced into using those questions so infrequently I can't seem to remember my fake answers.
I'll just stick with the herd thing and hope enough of the rest of you are feeble, injured, or somehow look more delicious so the predators will go after you first and leave me alone.
I'll just stick with the herd thing and hope enough of the rest of you are feeble, injured, or somehow look more delicious so the predators will go after you first and leave me alone.
Easy solution. Think of one place: Gotham City, One name : Peter Parker, One Pet Name: Alpha5, one car name: Pento and use those for every question. NEVER USE anything real that someone can use facebook/ social engineering to get.
Name of best friend/ girlfriend/ teacher/etc. = Peter Parker.
Place of birth; honeymoon; first vacation, etc = Gotham City
Now, the key is to remember this if a person challenges you on the phone. You have to ask are these MY security questions or are you using your database? A few years ago, a woman asked me the name of my son. I responded "??? I don't have a son, do you know something that I don't know?". There was an awkward pause, until I realized that she was asking my security question and answered. We laughed.
Smasharoo wrote:
What's the point of creating a policy that doesn't allow special characters?
It makes users feel more secure. The reality is most password files are barely encrypted if not kept in plaintext and take an hour for a 12 year old to break. Forcing users to rule out "password" as a password seems like a good idea until dictionary attacks add "password_1" to lists.
It makes users feel more secure. The reality is most password files are barely encrypted if not kept in plaintext and take an hour for a 12 year old to break. Forcing users to rule out "password" as a password seems like a good idea until dictionary attacks add "password_1" to lists.
I think you misread what I wrote. I'm asking why create a policy that does NOT allow special characters.
idiggory, King of Bards wrote:
I've been arguing this concept for awhile. The more restrictions that you give, the less possibilities there are.
I use password protected computers on a private network to generate me a random password every week at noon, it then auto dumps to my PC and replaces the saved password information saved on my PC. I can access the same file on my phone but have to manually change passwords (Gay.)
I removed my self from the password making process and life has never been more blissful.
I removed my self from the password making process and life has never been more blissful.
HEY GOOGLE. **** OFF YOU. **** YOUR ******** SEARCH ENGINE IN ITS ******* ****** BINARY ***. ALL DAY LONG.
rdmcandie wrote:
I use password protected computers on a private network to generate me a random password every week at noon, it then auto dumps to my PC and replaces the saved password information saved on my PC. I can access the same file on my phone but have to manually change passwords (Gay.)
I removed my self from the password making process and life has never been more blissful.
I removed my self from the password making process and life has never been more blissful.
Different strokes for different folks. That's too much automation involved with sensitive information. I like to have some interaction. Besides, how exactly are your passwords automatically dumped onto your PC if the generator is on a private network? Sounds like spillage.
Well its not really that sensitive. Online Games/online game forums/associated emails/freeporn/news papers.
Why anyone would put sensitive stuff on the net is beyond me.
Edited, Oct 18th 2013 9:12pm by rdmcandie
Why anyone would put sensitive stuff on the net is beyond me.
Edited, Oct 18th 2013 9:12pm by rdmcandie
HEY GOOGLE. **** OFF YOU. **** YOUR ******** SEARCH ENGINE IN ITS ******* ****** BINARY ***. ALL DAY LONG.
rdmcandie wrote:
Well its not really that sensitive. Online Games/online game forums/associated emails/freeporn/news papers.
Why anyone would put sensitive stuff on the net is beyond me.
Edited, Oct 18th 2013 9:12pm by rdmcandie
Why anyone would put sensitive stuff on the net is beyond me.
Edited, Oct 18th 2013 9:12pm by rdmcandie
You don't do online banking? I would imagine that anyone who has a program to create and update their passwords would also be a proponent of auto-pay. Not having to ever worry about paying bills is a great feeling.
Uglysasquatch wrote:
I will not discuss my passwords here. TLW frequents this place.
It's like you don't trust me.
Just as Planned.
Almalieque wrote:
rdmcandie wrote:
Well its not really that sensitive. Online Games/online game forums/associated emails/freeporn/news papers.
Why anyone would put sensitive stuff on the net is beyond me.
Edited, Oct 18th 2013 9:12pm by rdmcandie
Why anyone would put sensitive stuff on the net is beyond me.
Edited, Oct 18th 2013 9:12pm by rdmcandie
You don't do online banking? I would imagine that anyone who has a program to create and update their passwords would also be a proponent of auto-pay. Not having to ever worry about paying bills is a great feeling.
Oh I have autopay, I just don't use online banking, I also have direct deposit but I don't need to do anything with it at all, I already go to the bank twice a month to talk about my investments with my representative, and if I have any actual pressing banking matters I can clean them up while I am there anyway.
I think maybe the most sensitive information I have on the internet might be my pay pal account, which Is tied to my credit card, but that is just a pay as you go credit card unaffiliated with my bank used solely to top up pay pal so I can play and buy games. Everything else is pretty much on my debit card, and statements from banking machines IF I need cash, which only happens if I go to the bar, or need to buy some more weed.
Lets see. Ya I don't think Ive ever visited the bank website outside of my bank and making my first password. Now I could...I just haven't.
Actually that is not true the Government made me put my birthdate and my sin number into an online form a few years back when I was applying to colleges and college loans.
Edited, Oct 18th 2013 11:10pm by rdmcandie
Edited, Oct 18th 2013 11:11pm by rdmcandie
HEY GOOGLE. **** OFF YOU. **** YOUR ******** SEARCH ENGINE IN ITS ******* ****** BINARY ***. ALL DAY LONG.
RDD wrote:
Oh I have autopay, I just don't use online banking, I also have direct deposit but I don't need to do anything with it at all, I already go to the bank twice a month to talk about my investments with my representative, and if I have any actual pressing banking matters I can clean them up while I am there anyway.
I think maybe the most sensitive information I have on the internet might be my pay pal account, which Is tied to my credit card, but that is just a pay as you go credit card unaffiliated with my bank used solely to top up pay pal so I can play and buy games. Everything else is pretty much on my debit card, and statements from banking machines IF I need cash, which only happens if I go to the bar, or need to buy some more weed.
Lets see. Ya I don't think Ive ever visited the bank website outside of my bank and making my first password. Now I could...I just haven't.
Actually that is not true the Government made me put my birthdate and my sin number into an online form a few years back when I was applying to colleges and college loans.
I think maybe the most sensitive information I have on the internet might be my pay pal account, which Is tied to my credit card, but that is just a pay as you go credit card unaffiliated with my bank used solely to top up pay pal so I can play and buy games. Everything else is pretty much on my debit card, and statements from banking machines IF I need cash, which only happens if I go to the bar, or need to buy some more weed.
Lets see. Ya I don't think Ive ever visited the bank website outside of my bank and making my first password. Now I could...I just haven't.
Actually that is not true the Government made me put my birthdate and my sin number into an online form a few years back when I was applying to colleges and college loans.
Whatever floats your boat. It just seems odd to me for a person who doesn't do online banking or make online purchases with credit cards to have such an over complex system for password management as opposed to having simple, but "safe" passwords.
It sounds like you have an unreasonable level of paranoia. If your password management is about simplicity and not security (because you have nothing sensitive to protect), then you realize the simplicity of online banking as opposed to physically visiting your bank.
Edited, Oct 19th 2013 9:53am by Almalieque
I have a wireless password that follows more in line with the XKCD comic. I would love to see someone brute force it. I wonder how many decades it would take....
Twitter: http://www.twitter.com/pawkeshup
YouTube: http://www.youtube.com/pawkeshup
Twitch: http://www.twitch.tv/pawkeshup
Blog: http://pawkeshup.blogspot.com
YouTube: http://www.youtube.com/pawkeshup
Twitch: http://www.twitch.tv/pawkeshup
Blog: http://pawkeshup.blogspot.com
Olorinus the Ludicrous wrote:
The idea of old school is way more interesting than the reality
Are you just making an argument for the sake of arguing?
I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.
Now if for whatever reason I did use online banking I wouldn't have much issue using it, because I am confident that my PC and information is protected on my end just as much as it is their end. But that day has not come yet. I seem to be able to tackle all my banking needs when I visit my bank 2 times a month to discuss my investments.
Now do I need random passwords thrown at me from an old PC? Not really.
Why do it then if you don't need it? Why not.
Edited, Oct 19th 2013 10:35am by rdmcandie
I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.
Now if for whatever reason I did use online banking I wouldn't have much issue using it, because I am confident that my PC and information is protected on my end just as much as it is their end. But that day has not come yet. I seem to be able to tackle all my banking needs when I visit my bank 2 times a month to discuss my investments.
Now do I need random passwords thrown at me from an old PC? Not really.
Why do it then if you don't need it? Why not.
Edited, Oct 19th 2013 10:35am by rdmcandie
HEY GOOGLE. **** OFF YOU. **** YOUR ******** SEARCH ENGINE IN ITS ******* ****** BINARY ***. ALL DAY LONG.
Just use whatever, then forget it.
rdmcandie wrote:
I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.
Personally, it's the sort of thing that's just handy when I need it. If I want/need to know my balance or whether the sitter finally cashed that check or whatever, I can find out there and then. It's never saved a life or rescued a tree full of kittens but it's a nice quality-of-life thing.
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
Jophiel wrote:
rdmcandie wrote:
I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.
Personally, it's the sort of thing that's just handy when I need it. If I want/need to know my balance or whether the sitter finally cashed that check or whatever, I can find out there and then. It's never saved a life or rescued a tree full of kittens but it's a nice quality-of-life thing.
Thats what I assumed, just another tool that is nice to have available should you need it.
HEY GOOGLE. **** OFF YOU. **** YOUR ******** SEARCH ENGINE IN ITS ******* ****** BINARY ***. ALL DAY LONG.
Online banking is mostly a way for me to keep an eye on my money, especially with my bank's app. Since I almost ever have or use cash it's basically my wallet.
Recent Visitors: 325
All times are in CST
Anonymous Guests (325)
- Forums
- Cross Site
- The Asylum
- P@$$w0rd S3cur!ty
© 2024 Fanbyte LLC