Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Chatter > General Discussion


 
 
LinkBack Thread Tools
Old 01-21-2010, 09:43 AM   #1 (permalink)
Tilted Cat Head
 
Cynthetiq's Avatar
 
Administrator
Location: Manhattan, NY
Passwords: How easy are yours? How often do you change them?

Quote:
View: If Your Password Is 123456, Just Make It HackMe
Source: Nytimes
posted with the TFP thread generator

If Your Password Is 123456, Just Make It HackMe
January 21, 2010
If Your Password Is 123456, Just Make It HackMe
By ASHLEE VANCE

Back at the dawn of the Web, the most popular account password was “12345.”

Today, it’s one digit longer but hardly safer: “123456.”

Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug.

According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

“I guess it’s just a genetic flaw in humans,” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers. “We’ve been following the same patterns since the 1990s.”

Mr. Shulman and his company examined a list of 32 million passwords that an unknown hacker stole last month from RockYou, a company that makes software for users of social networking sites like Facebook and MySpace. The list was briefly posted on the Web, and hackers and security researchers downloaded it. (RockYou, which had already been widely criticized for lax privacy practices, has advised its customers to change their passwords, as the hacker gained information about their e-mail accounts as well.)

The trove provided an unusually detailed window into computer users’ password habits. Typically, only government agencies like the F.B.I. or the National Security Agency have had access to such a large password list.

“This was the mother lode,” said Matt Weir, a doctoral candidate in the e-crimes and investigation technology lab at Florida State University, where researchers are also examining the data.

Imperva found that nearly 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

More disturbing, said Mr. Shulman, was that about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.

That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.

“We tend to think of password guessing as a very time-consuming attack in which I take each account and try a large number of name-and-password combinations,” Mr. Shulman said. “The reality is that you can be very effective by choosing a small number of common passwords.”

Some Web sites try to thwart the attackers by freezing an account for a certain period of time if too many incorrect passwords are typed. But experts say that the hackers simply learn to trick the system, by making guesses at an acceptable rate, for instance.

To improve security, some Web sites are forcing users to mix letters, numbers and even symbols in their passwords. Others, like Twitter, prevent people from picking common passwords.

Still, researchers say, social networking and entertainment Web sites often try to make life simpler for their users and are reluctant to put too many controls in place.

Even commercial sites like eBay must weigh the consequences of freezing accounts, since a hacker could, say, try to win an auction by freezing the accounts of other bidders.

Overusing simple passwords is not a new phenomenon. A similar survey examined computer passwords used in the mid-1990s and found that the most popular ones at that time were “12345,” “abc123” and “password.”

Why do so many people continue to choose easy-to-guess passwords, despite so many warnings about the risks?

Security experts suggest that we are simply overwhelmed by the sheer number of things we have to remember in this digital age.

“Nowadays, we have to keep probably 10 times as many passwords in our head as we did 10 years ago,” said Jeff Moss, who founded a popular hacking conference and is now on the Homeland Security Advisory Council. “Voice mail passwords, A.T.M. PINs and Internet passwords — it’s so hard to keep track of.”

In the idealized world championed by security specialists, people would have different passwords for every Web site they visit and store them in their head or, if absolutely necessary, on a piece of paper.

But bowing to the reality of our overcrowded brains, the experts suggest that everyone choose at least two different passwords — a complex one for Web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.

Mr. Moss relies on passwords at least 12 characters long, figuring that those make him a more difficult target than the millions of people who choose five- and six-character passwords.

“It’s like the joke where the hikers run into a bear in the forest, and the hiker that survives is the one who outruns his buddy,” Mr. Moss said. “You just want to run that bit faster.”
My passwords are very well protected. I don't use the same one in all that same places, but really I look at it from a level of security. At TFP, I have a unique password that I don't use anywhere else. At other forums, I use a password that is generic to forums, blogs, newspapers, and other online media where security is in my opinion superficial.

For email, I use a very robust password since that is the nexus of someone being able to gain access to all your other accounts. It's long, has upper and lowercase, and has a number. I'm just missing the symbol and it would be the "perfect" password according to security folks.

Are you the person in the article with the easy to guess password? Why? Why not?
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not.
Cynthetiq is offline  
Old 01-21-2010, 10:00 AM   #2 (permalink)
Young Crumudgeon
 
Martian's Avatar
 
Location: Canada
The attack they're describing is a dictionary attack, and it's very common. A simple script, 20 minutes or so and if the website in question doesn't have specific measures in place to counteract it, an account can be cracked.

I do generally follow secure password policy. My only conceit is that I do reuse passwords to some extent. I have a list of them memorized and will select one more or less at random for a new account. One of the benefits of this system is that if I should forget what password goes with which account or website, I only have to guess a limited number of times before I hit on the right one. The monumental downside is that if someone were to somehow obtain a list of all my passwords they'd have access to basically everything.

The principles of a strong password have been understood for a long time. No words, mix of numbers and letters, mixed case, at least 8 characters. If more people followed these guidelines there'd be less cybercrime. It's as simple as that.
__________________
I wake up in the morning more tired than before I slept
I get through cryin' and I'm sadder than before I wept
I get through thinkin' now, and the thoughts have left my head
I get through speakin' and I can't remember, not a word that I said

- Ben Harper, Show Me A Little Shame
Martian is offline  
Old 01-21-2010, 10:02 AM   #3 (permalink)
Here
 
World's King's Avatar
 
Location: Denver City Denver
Mine aren't very hard to figure out.

I figure if you take the time to hack into anything of mine, you're an idiot and didn't do much homework/background work on me. I have no money, all my credit cards are maxed out, and I don't own anything.

So even if you managed to steal my identity or what have you... You can't do fuck all with it.
__________________
heavy is the head that wears the crown
World's King is offline  
Old 01-21-2010, 10:10 AM   #4 (permalink)
Upright
 
lovejoy777's Avatar
 
Location: A green and pleasant land
My solution is simple use an address which is familiar to you for example Tony Hancocks address in Hancocks half hour:

23 Railway cuttings

or

pick one from somewhere you have visited like a bed and breakfast place:

38 marine drive

They are not likely to pick that out of the blue
__________________
Say what you mean, don't prevaricate about the bush
lovejoy777 is offline  
Old 01-21-2010, 03:22 PM   #5 (permalink)
Banned
 
Zeraph's Avatar
 
Location: The Cosmos
The way I do it, so that they're easy to remember for me, but hard to figure out, is;

I have 3 bases which may or may not be real words.

Then I have three strings of numbers which have significance to me but not obvious (not even close to my birthday or license plate).

I then take those and mix them up for each new account I need secured. There are more common ones which I use for things in which I need less security. And rarer/longer password combos which might actually be cracked (like MMO accounts).

So if I forget, I first ask myself the security level, which narrows it down, then usually remember the letter string associated with the account, then its only 3 choices on the number string. So I almost never forget my passwords, yet I have 9 standard + ~3 bonus varying in complexity all the way up to 12 characters.

Yes, I'm quite pleased with myself

Last edited by Zeraph; 01-21-2010 at 03:25 PM..
Zeraph is offline  
Old 01-21-2010, 04:07 PM   #6 (permalink)
The Reforms
 
Jetée's Avatar
 
Location: Rarely, if ever, here or there, but always in transition
I used to use passwords, but now I don't anymore.

I either use the same standard (unconventional) letter+number+symbol string, that may or may not also be my favorite titlepiece, or I comes up with a random 21 character key that I promptly 'wand'. If it should ever break (it has happened once), I just use the original e-mail address I provided to obtain a new password.

Besides the above, I shift usernames (and specific throwaway e-mail addys) instead of passwords. No sense in letting one cracked accounted become the gateway to multiples.
__________________
As human beings, our greatness lies not so much in being able to remake the world (that is the myth of the Atomic Age) as in being able to remake ourselves.
Mohandas K. Gandhi
Jetée is offline  
Old 01-21-2010, 04:10 PM   #7 (permalink)
Getting it.
 
Charlatan's Avatar
 
Super Moderator
Location: Lion City
I have a long one with Caps and numbers.

I use different ones for different sites.

I can't believe people still use things like password or 123456.
__________________
"My hands are on fire. Hands are on fire. Ain't got no more time for all you charlatans and liars."
- Old Man Luedecke
Charlatan is offline  
Old 01-21-2010, 06:31 PM   #8 (permalink)
Delicious
 
Reese's Avatar
 
It doesn't matter if you have a 100 digit password, a keylogger with steal in an instant.

I just try to keep my passwords long enough and random enough to avoid dictionary and brute force attacks. I change my passwords fairly often even though I probably have far less to lose than other people. I think the only thing connected to my email is my World of Warcraft account and a ton of newsletters which I didn't subscribe to. I don't log into my email and stuff from any computer other than my own because I don't know if they're secure. If I do have to log into one of my accounts from another computer, I change my password when I get home.. It just bugs me if I don't change it.
__________________
“It is better to be rich and healthy than poor and sick” - Dave Barry
Reese is offline  
Old 01-21-2010, 07:38 PM   #9 (permalink)
MSD
The sky calls to us ...
 
MSD's Avatar
 
Super Moderator
Location: CT
Type a word you're familiar wit and can touch type

password

As anyone can tell you, that's a terrible password. Move your hands over one row of keys to the right

[sddeptf

Now add a number to the end to make brute forcing a bit harder

[sddeptf0

Now double it

[sddeptf0[sddeptf0

Good luck guessing that. Mix it up, only move your right hand over and leave your left in place; move your right hand up a row, move your left hand over to the left so "a" becomes capslock and makes it even more difficult to brute force.

0AAQ9ES

In a way it's like an old Caesar cypher, but without knowing the 12 letter phrase I use and what permutation of hand position, it makes encryption a lot stronger.
MSD is offline  
Old 01-21-2010, 07:53 PM   #10 (permalink)
I read your emails.
 
canuckguy's Avatar
 
Location: earth
My passwords for important items are usually a variation very tight, for stupid online things i always make it one generic word/number that would be easily guessable if you really wanted to post as me on some online places...go nuts.

What shocks me is the a lot of those people who keep those same strong password, then write them down near there computer. We did a consulting job once found a top level access guy had a freaking Rolex on his desk of all his passwords...even personal bank stuff...he worked for a major company. brutal.
canuckguy is offline  
Old 01-21-2010, 07:56 PM   #11 (permalink)
Forming
 
Punk.of.Ages's Avatar
 
Location: ....a state of pure inebriation.
My password's very, very easy. So easy I can't get away with on it on most sites these days...

I don't really care. I don't store private info on the intrawebz.
__________________
"The fact is that censorship always defeats its own purpose, for it creates, in the end, the kind of society that is incapable of exercising real discretion..." - Henry Steel Commager

"Punk rock music is great music played by really bad, drunk musicians." -Fat Mike
Punk.of.Ages is offline  
Old 01-21-2010, 10:20 PM   #12 (permalink)
Junkie
 
I used to use v1o9l6k4s which comes from

v o l k s
1 9 6 4

I used lbc for a hint, which stands for the "little blue car" that I learned how to drive in.
LBC hint changes the case of the letters in the password.

I don't use that pw any more. Obviously works with any five letter word and four digit number.

Lindy
Lindy is offline  
Old 01-22-2010, 05:33 AM   #13 (permalink)
Paladin of the Palate
 
LordEden's Avatar
 
Location: Redneckville, NC
I have aset of passwords that I change depending on the site i"m on, I need to change all of them again as I have a similar password on a lot of sites now. I should think about that today.

My boss sets all the admin passwords for his servers he sets up as 1Password. It's sad.
__________________
Quote:
Originally Posted by Baraka_Guru View Post
In my own personal experience---this is just anecdotal, mind you---I have found that there is always room to be found between boobs.
Vice-President of the CinnamonGirl Fan Club - The Meat of the Zombiesquirrel and CinnamonGirl Sandwich
LordEden is offline  
Old 01-22-2010, 06:05 AM   #14 (permalink)
I Confess a Shiver
 
Plan9's Avatar
 
I use the measurements of former lovers, myself.
Plan9 is offline  
Old 01-22-2010, 06:44 AM   #15 (permalink)
More Than You Expect
 
Manic_Skafe's Avatar
 
Location: Queens
Quote:
Originally Posted by Jetée View Post
Besides the above, I shift usernames (and specific throwaway e-mail addys) instead of passwords. No sense in letting one cracked accounted become the gateway to multiples.
+1

I don't worry so much about forums or social networking sites but I've got one email account that I guard pretty rigorously and several disposable accounts that forward everything sent and received back into that one account. All the passwords are different and so nothing is really lost in the event that one becomes compromised.

But even then, it's not like I really need an archive of my emails.
__________________
"Porn is a zoo of exotic animals that becomes boring upon ownership." -Nersesian
Manic_Skafe is offline  
Old 01-22-2010, 02:34 PM   #16 (permalink)
Done freeloading here
 
freeload's Avatar
 
Location: on my ass :) - Norway
I have a "safe" password I use permutations of, and an easy one for all my nonimportant online activities. The safe password is in the form of 593epd (random numbers and letters), then I add the initials of the website and perhaps an "index" if I need to change my password frequently. If I was working for KFC and was required to change my password often it could be 593epdKFCg. Easy for me, but hard to bruteforce.

At high school I had a 26 character password built with parts of a long phrase translated to leet-speak. Needed a tough one as we tried to hack eachother all the time. I won by creating a program imitating the log on prompt, checking the username and then either steal the password or call the real password prompt if allready snatched. The user got a "Invalid password" message once, then every thing worked fine. Later I collected the hidden files containing usernames and passwords Good times!
__________________
The future ain't what it used to be.
freeload is offline  
Old 01-22-2010, 02:38 PM   #17 (permalink)
Junkie
 
Location: bedford, tx
I use incredibly complex passwords. One time, it got me fired. I was hired as the systems administrator for a very small 60 employee company. I changed the primary domain administrator account password to K@$m1rF@bric$@dm1n

They were not amused
__________________
"no amount of force can control a free man, a man whose mind is free. No, not the rack, not fission bombs, not anything. You cannot conquer a free man; the most you can do is kill him."
dksuddeth is offline  
Old 01-22-2010, 03:07 PM   #18 (permalink)
lightform
 
lostgirl's Avatar
 
Location: Edge of the deep green sea
"So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!"

Some of mine are easy, some are more difficult. It depends on what they are for.
__________________
We're about to go through the crucible, but we'll come out the other side.
We always arise from our own ashes. Everything returns later in its changed form. - Children of Dune
lostgirl is offline  
Old 01-22-2010, 05:11 PM   #19 (permalink)
fie
Upright
 
Quote:
Originally Posted by Jetée View Post
a random 21 character key that I promptly 'wand'.
The problem with that is physical security. If anyone has access to your computer, they can get your passwords.

And in the case of this article, it doesn't matter what your password was because they were storing them in plain text.
fie is offline  
Old 01-22-2010, 07:42 PM   #20 (permalink)
Addict
 
Pearl Trade's Avatar
 
Location: Houston, Texas
I have two different passwords that I use, but both are about the same. One has numbers, the other doesn't.

Is it possible the hack number is so high in the study because some people made an account with a simple, one time use password just to fool around or maybe for some other reason?
__________________
Our revenge will be the laughter of our children.
Give me convenience or give me death!
Pearl Trade is offline  
Old 02-23-2010, 09:15 AM   #21 (permalink)
Lennonite Priest
 
pan6467's Avatar
 
Location: Mansfield, Ohio USA
Quote:
Originally Posted by World's King View Post
Mine aren't very hard to figure out.

I figure if you take the time to hack into anything of mine, you're an idiot and didn't do much homework/background work on me. I have no money, all my credit cards are maxed out, and I don't own anything.

So even if you managed to steal my identity or what have you... You can't do fuck all with it.
It's the story of my life...lol WK, we must be twins.
__________________
I just love people who use the excuse "I use/do this because I LOVE the feeling/joy/happiness it brings me" and expect you to be ok with that as you watch them destroy their life blindly following. My response is, "I like to put forks in an eletrical socket, just LOVE that feeling, can't ever get enough of it, so will you let me put this copper fork in that electric socket?"
pan6467 is offline  
Old 02-23-2010, 10:09 AM   #22 (permalink)
Junkie
 
Location: My head.
Like the US state department of intelligence in the movies, I have a text file with all my passwords saved locally in a password protected .ZIP. I am Jason Bourne.
Xerxys is offline  
Old 02-23-2010, 12:23 PM   #23 (permalink)
Lover - Protector - Teacher
 
Jinn's Avatar
 
Location: Seattle, WA
My password is hunter2. I use it for everything. See how it's starred out so none of you can see it?
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel
Jinn is offline  
Old 02-23-2010, 12:36 PM   #24 (permalink)
Junkie
 
Location: My head.
^^ Yeah, mine is gigolo2sxy4ya ... it's also starred out so none o' y'all can see jack sh*t.
Xerxys is offline  
Old 02-23-2010, 12:37 PM   #25 (permalink)
Devoted
 
Redlemon's Avatar
 
Donor
Location: New England
My password is six asterisks. That way I can see it when I type it in.
__________________
I can't read your signature. Sorry.
Redlemon is offline  
Old 02-23-2010, 12:38 PM   #26 (permalink)
Lover - Protector - Teacher
 
Jinn's Avatar
 
Location: Seattle, WA
hunter2 reference was actually from QDB: Quote #244321, kinda one of those interweb memes. In other words, totally irrelevant to most people.
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel
Jinn is offline  
Old 02-23-2010, 12:46 PM   #27 (permalink)
Junkie
 
Location: My head.
^^ Oh, so we weren't coming up with convoluted ways of making up a password then?

Ahh, bummer.
Xerxys is offline  
Old 02-23-2010, 01:10 PM   #28 (permalink)
Eccentric insomniac
 
Slims's Avatar
 
Location: North Carolina
I paid attention to this thread because I got the "your password is 14,000+ days old" message and was curious what prompted the forced password change.

I have several standard passwords, one for things I don't have to keep protected (TFP) one for banking, and one for things I intend to keep really secure. The last two I rotate.
__________________
"Socialism is a philosophy of failure, the creed of ignorance, and the gospel of envy, its inherent virtue is the equal sharing of misery." - Winston Churchill

"All men dream: but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity: but the dreamers of the day are dangerous men, for they may act out their dream with open eyes, to make it possible." Seven Pillars of Wisdom, T.E. Lawrence
Slims is offline  
Old 02-23-2010, 01:14 PM   #29 (permalink)
... a sort of licensed troubleshooter.
 
Willravel's Avatar
 
Quote:
Originally Posted by Slims View Post
I paid attention to this thread because I got the "your password is 14,000+ days old" message and was curious what prompted the forced password change.
Same. I read message as "we assume you suck at picking or maintaining passwords, so we're forcing you to change yours." My password is fine. All of my passwords online are just fine. A 15+ digit, random, alpha-numeric password is basically as secure as you can get within reason.
Willravel is offline  
Old 02-23-2010, 01:46 PM   #30 (permalink)
still, wondering.
 
Ourcrazymodern?'s Avatar
 
Location: South Minneapolis, somewhere near the gorgeous gorge
Like World's King & pan, I am,
without the wherewithal to worry
nor any need for secrets.

I find changing passwords confusing & annoying.
__________________
BE JUST AND FEAR NOT
Ourcrazymodern? is offline  
Old 02-23-2010, 02:35 PM   #31 (permalink)
Done freeloading here
 
freeload's Avatar
 
Location: on my ass :) - Norway
>How often do you change it?
Got this message on TFP today: Your password is 14663 days old, and has therefore expired.
That's my oldest password so far. (It's 40.15 years old - older than me and most of the World Wide Web)
__________________
The future ain't what it used to be.
freeload is offline  
Old 02-23-2010, 02:54 PM   #32 (permalink)
Invisible
 
yournamehere's Avatar
 
Location: tentative, at best
It doesn't matter - The Mentalist or any CSI team can guess it just by looking around your room.
__________________
If you want to avoid 95% of internet spelling errors:
"If your ridiculous pants are too loose, you're definitely going to lose them. Tell your two loser friends over there that they're going to lose theirs, too."
It won't hurt your fashion sense, either.
yournamehere is offline  
Old 02-23-2010, 03:47 PM   #33 (permalink)
Alien Anthropologist
 
hunnychile's Avatar
 
Location: Between Boredom and Nirvana
Heheheh....I work with an IT major dweeb ( a friend who looks a lot like my favorite high school BF!) and this dude makes us change ours every 4 weeks, on the job. So my newest game is to continually devise the longest & most diversified PW ever. He thinks it's a game and hasn't "broKen it" yet.

Luckily we are very good buds. (I know his deepest darkest secrets!!!)

/Gottya create fun wherever you are!!/Yes!
__________________
"I need compassion, understanding and chocolate." - NJB
hunnychile is offline  
Old 02-23-2010, 05:20 PM   #34 (permalink)
Lover - Protector - Teacher
 
Jinn's Avatar
 
Location: Seattle, WA
Quote:
Originally Posted by Willravel View Post
Same. I read message as "we assume you suck at picking or maintaining passwords, so we're forcing you to change yours." My password is fine. All of my passwords online are just fine. A 15+ digit, random, alpha-numeric password is basically as secure as you can get within reason.
Until unsalted hashes of everyone's passwords on a given site are acquired and rapidly decrypted with a rainbow table. If password storage on the server side is poor, like stored in plain text (I've seen it), or stored unsalted, there is another attack vector independent of the brute-force strength of your password. From Cyn's post, I assume he had a concern about server-side password security, and forcing users to change passwords is a great way to assuage that concern. It's part of the reason (good) sysdbas and network administrators enforce password complexity as well as forced obsolescence.
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel
Jinn is offline  
Old 02-23-2010, 07:44 PM   #35 (permalink)
... a sort of licensed troubleshooter.
 
Willravel's Avatar
 
My point is that it's as secure as it can be within reason on my end. I can't control how it's kept safe otherwise, which is why I never use the same password in two places anymore.

Anyway, this is a forum so the worst thing that could happen if someone did access my TFP is maybe some trolling or something, maybe deleting some of my old posts or changing settings. I'd be more worried about my online banking and shopping, but those are generally pretty damned secure.
Willravel is offline  
Old 02-23-2010, 07:58 PM   #36 (permalink)
immoral minority
 
ASU2003's Avatar
 
Location: Back in Ohio
The difficulty of my password goes down the more often I have to change it. And I would trade convenience over security (If LifeLock can monitor stuff, so can my bank without charging me. I think it is a scam), like I get full credit card statements in the mail that has no security, but I have to log in and jump through a bunch of hoops because I use random networks to access my account. My e-mail is far more secure at least for the basic statement.

It would be impossible for me to create new passwords for every bank, credit card, e-mail account, forum, paypal, on-line retailer, and computer every few months and keep them all straight.
ASU2003 is offline  
Old 02-23-2010, 08:42 PM   #37 (permalink)
Who You Crappin?
 
Derwood's Avatar
 
Location: Everywhere and Nowhere
i have a couple of passwords I use interchangeably on different sites, but neither are real words and are completely nonsensical to anyone but me.
__________________
"You can't shoot a country until it becomes a democracy." - Willravel
Derwood is offline  
Old 02-23-2010, 08:51 PM   #38 (permalink)
Lover - Protector - Teacher
 
Jinn's Avatar
 
Location: Seattle, WA
Quote:
Originally Posted by ASU2003 View Post
... like I get full credit card statements in the mail that has no security, but I have to log in and jump through a bunch of hoops because I use random networks to access my account. My e-mail is far more secure at least for the basic statement.
This analogy would hold if your mail went through about 60,000,000 hands (in other countries) before it go to you. You're looking at about a dozen hops per packet between you and the bank's website. As it is, postal mail usually goes through 3-4 hands and a few machines in secure buildings the US between you and the sender. In directed attacks specifically on you, they're roughly the same security.. wait outside your mailbox / firewall. But in random sniffing attacks like phishers, postal mail seems like maximum security compared to the Internet.
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel

Last edited by Jinn; 02-23-2010 at 08:53 PM..
Jinn is offline  
Old 02-24-2010, 02:33 AM   #39 (permalink)
Husband of Seamaiden
 
Lucifer's Avatar
 
Location: Nova Scotia
How often do I change my password? Apparently, not often enough:

Capture.JPG
__________________
I am a brother to dragons, and a companion to owls.
- Job 30:29

1123, 6536, 5321
Lucifer is offline  
Old 02-24-2010, 05:35 AM   #40 (permalink)
Asshole
 
The_Jazz's Avatar
 
Administrator
Location: Chicago
And the horse is now dead. And rotted. And the corpse has been hauled off to the dog food factory.

Can we put a stop to the jokes about the password change requirement? There was a very good reason that we asked everyone to do that (one I'm not about to discuss in a google-crawled area of the board). Yes, it was a pain in the ass. Yes, the message looked a little silly to some of you. The same joke being told in 2 different threads wore thin a while ago though.
__________________
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - B. Franklin
"There ought to be limits to freedom." - George W. Bush
"We have met the enemy and he is us." - Pogo
The_Jazz is offline  
 

Tags
change, easy, passwords


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 04:21 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360