View Full Version : Trouble with passwords and logons


ADB1
05-03-08, 10:38 AM
Does anyone else here have trouble with logins and password.

As a geek I have loads of email addresses - indeed ebenezer-anything@mydomain.com lands to me. In theory I can have ebenezer-adhd ebenezer-bank ebenezer-ebay or whatever. But I get confused..... Some sites I am ebenezersmith or esmith or ewsmith or EbenezerWSmith. I forget which.

Then when it comes to passwords -
Theory


diff password for each site
change them regularly
don't write them down


Practice


same password for _most_ sites
if i change I get confused
add some numbers to sites that can do damage (ebay, paypal)
write them down (store in encrypted file) but forget where


Further dilemma - at work I manage lots of systems and I need to remember passwords. And change them. But I am no good at changing them (afraid I will not write down what I changed them too).

Part of the issues - I have standards I wish to live up to. Most colleagues are happy to have IceCream1, then 2 then 3 ....

Five
05-03-08, 10:59 AM
I have to go through a score of passwords sometimes to get the right one. I usually get to it.

Another problem I have is dialing a number. If I want to call my hubbie at work, I always dial our home number. I know the correct number, but my fingers work on autopilot.

Five
05-03-08, 11:03 AM
As far as high standards, keep them, just forgive yourself if they are hard to maintain. For me, Icecream1 is easier than the headache.

wifeandmom
05-03-08, 10:51 PM
I provide help to a lot of users where I work (I'm not at the help desk, I'm the call before the help desk). Here's the advice I give them:

Pick a phrase that's meaningful to you (from a song, poem, prayer, etc), like "There's No Business Like Show Business" Use the first letter from each word: TNBLSB

Pick a meaningful number, like the year you met your spouse or your high school jersey number and add that number to the end: TNBLSB80

Pick a character you like and throw that in: TNBLSB80$

If you have to periodically change your password, go up one digit in your number. If you can, change your password to this new one at the same time so they're all in sync.

It's not a totally hack-proof system, but it works for most of your day to day needs.

Andrew
05-03-08, 10:55 PM
Excellent advice.

wifeandmom
05-03-08, 11:11 PM
PS - I meant to say "If you can, change all your other passwords to this new one . . ."

(many, many teenagers running through the house tonight, which is a GOOD thing)

ADB1
05-21-08, 04:25 AM
Following my own posts, I am looking at whether OpenID might help me.
See http://en.wikipedia.org/wiki/Openid

The idea looks sound - you goto Live Journal and instead of having an account there you tgive (say) a Yahoo account name.

Fallen at the first hurdle


Live Journal only OpenID version 1
Yahoo only support version 2

Seems the technology isnt quite together yet. Maybe come back in a years time. Anyone have any expereinec of this

AnalogDog
11-03-08, 01:36 AM
here's my password trick. I have one super strong password along the lines of TNBLSB80$ and I use it for only the most important sites, my bank account is one. All my other sites which are not really all that much of a security breach, like ADDForums get a simple password, like "mudpuppy".

For websites, I then let Firefox keep them all for me.

Then I use FoxMarks to backup my bookmarks and passwords, and allow me to access them where ever I am.

gnbeg
01-30-09, 04:40 PM
I provide help to a lot of users where I work (I'm not at the help desk, I'm the call before the help desk). Here's the advice I give them:

Pick a phrase that's meaningful to you (from a song, poem, prayer, etc), like "There's No Business Like Show Business" Use the first letter from each word: TNBLSB

Pick a meaningful number, like the year you met your spouse or your high school jersey number and add that number to the end: TNBLSB80

Pick a character you like and throw that in: TNBLSB80$

If you have to periodically change your password, go up one digit in your number. If you can, change your password to this new one at the same time so they're all in sync.

It's not a totally hack-proof system, but it works for most of your day to day needs.


I've been using a similar process for a couple of years now. Sometimes I'll use a favorite movie. Or, I'll pick initials from a character or numbers from favorite movies.

For some passwords that require a capital letter, or special character or can only be numeric, then I usually end up writing it down somewhere.

2puzzledparents
05-11-09, 11:46 AM
I follow the AnalogDog Method as well... I nice strong password to places I feel I need the security (email, ect) and that I can modify (Uppercase instead of lower, one number off, ect) Sure, sometimes it takes me three or four tries to eventualy remember the right one.. but I suppose that is actually a good thing.

Then a shorter, quicker one for forums n such.

Usually new passwords for me come from things around me that I see everyday.... like my electronics.. a Radio, Television, computer ,ect have serial numbers that are impossible to guess, imposible for dictionary based hacks, Social engineering schemes(names of pets, loved ones, ect) and , depending on length could take days to crack through brute force (and no hacker going to go through that forjust personal account info ). And above all else, really simple to retrieve. Just keep a hint like My TV if it is the serial of your TV.

For short passwords.. again I like using the electronics around me like but basing on Manufacturer and Model.

γ-quantum
05-21-09, 05:49 AM
dont know if this could work for others, but i use stuff from the past - like the street i lived in - and take e.g. the 1st, 2nd and last letter, then mix that up with the 4th and 5th number of my granny's phone number (i remember a lot of phone numbers from way back), and maybe throw in a random underscore to e.g. seperate one place from the other, so a password may look like:

bae78_fr030

i dont know, i find that rather easy to remember, because it contains mnemonics. chemical formulas also make good parts of a password puzzle, i think.

ToadysFroggy
12-15-09, 03:57 PM
I use roboform so i don't have to wonder what the password is. I input all of the logins and their respective passwords into its database. Once they are in there, I set a master password to access those logins...pick which one I want and it automatically logs me on... Keep your master password that you will easily remember.

wsmac
12-15-09, 04:28 PM
I use various permutations of the same thing... mostly centering around wsmac and my favorite number.

I recently added !'s, %'s, and _'s just to add an extra measure of security to things like my bank accounts and such.

I agree though that with places I do not worry about like addforums, wrongplanet, youtube and the like, I just use a simple name123 type password.

I also have a file on my computer that contains all these usernames and passwords. I label them with the initials or shortened names of the places they work at, so if someone accesses my computer and types in "Bank Of Destitute", they will not find the password for my account there. It may be bd or bod or maybe just $ that labels my password for that account.

It is not encrypted, nor is it buried too deeply in the bowels of my machine.
The title is simple, sort of like... unnamed3.
I use the same password to open my computer and bb storm phone.

The only realistic time someone would gain access to my computer for nefarious deeds would be if the had the thing in their possession.
In this case, I would notice my laptop missing and start calling my financial institutions to safeguard my info.
I do not have my SSN on my computer anywhere.

Here's something I do not understand or at least agree with... constantly changing passwords!

We now have to do this at the hospital where I work and I just cannot tolerate this.

My question is this... If I already have a secure password, how would a different password make things more secure? Statistically speaking, even if someone is attempting to figure out my current password they could just as easily figure out any new password I create, unless I add letters/numbers/symbols to it thereby increasing it's length.

If I have to change my password every 6 months, that's going to be trouble for me.
Luckily in our system, I just change my password... wait a bit... then go back and change it back to what it has been for the past 7, 8 or 9 years now.

What is the reason for changing passwords often?
Is it the feeling that some thief has already gone through so many password possibilities that they are now getting close to what yours is?
If so, then how would you know which password to create as a replacement that isn't already on the thief's list?

If my password is... rEg812%241$, and I keep this one for several years, how would it be safer for me to create this new one... Hu70&p1ee6! ...?

How do I know that the criminal element attempting to break my password hasn't already come up with Hu70&p1ee6! and now has it in their little blackbook ready to run it again down the line?

Who's to say that this criminal isn't even close to coming up with rEg812%241$ any time in the near future, but by changing my password I actually create one that their program figures out within minutes of my creating it?

CptNemo
12-15-09, 05:26 PM
For saving usernames and passwords,I just use Firefox for my browser,and they have that feature.
It is important to make sure you set it up with a master password.It has that ability,but not by default.

Then there is a free add-on,so you can automatically back them up everyweek with that back up system you're using.
:D

wsmac,if I got into your network/pc,and ran a quick search for 4120 **** **** ****,would I find some thing?

How about any 16 digit #?

That would be for credit cards.
Your bank routing number is 9 digits.
There are even better ways to filter out the good stuff.

If you can change your password at work,then change it back,your hospital needs a better IT Admin.

The admin needs to tweak those settings,and one setting is how far back in history to remember old passwords,and deny their use.

Mainly two reasons.

Turnover: The guy that got fired last month no longer knows certain passwords.

Password cracking.
If your password is found in a dictionary,it won't last 5 seconds.

If it is only six characters long,especially without special characters(^%&*),it won't last much past 2 months with a mildly sophisticated program.

To do this,all they need is 5 minutes worth of access time,download a few key files,then go home and run the software 24/7 until it cracks it.

I would guess that your Admin isn't protecting those special files,either,like he should be.

Tough to say what the NSA can do to a non-govt password,in a short time.

The govt uses encryption methods that are secret,for themselves.

whorton
12-20-09, 10:28 PM
I have an application I personally use to keep my user id's and passwords in. Its is call password safe. Its an application that was approved by my company's Globally Security group. It runs from a thumb drive and the Best part its free.