How safe are your passwords?
- Thread starter SpencerPJ
- Start date
The friendliest place on the web for anyone with an RV or an interest in RVing!
If you have answers, please help by responding to the unanswered posts.
If you have answers, please help by responding to the unanswered posts.
xrated
Well-known member
I'm at the 3qd years mark....upper case, lower case, numbers, and symbols.......16 characters long. I implemented a new password manager system last year and I allowed it to generate the new passwords, then went to each and every site that I use (well over 200 of them) and changed the existing passwords to the new ones. Bank/finance site, as well as other more sensitive sites also have 2FA now. I'm in the process of switching any site that has passkeys available, over to that also.
One of the most important thing that you can do is to NEVER, EVER reuse that same password on any acct....and if you have a lot of accts that you can log into, the obvious best way to keep track of that is with a great password/passkey manager, and protect that with a password/passkey that is even harder to hack. Mine is over 30 characters long.
One of the most important thing that you can do is to NEVER, EVER reuse that same password on any acct....and if you have a lot of accts that you can log into, the obvious best way to keep track of that is with a great password/passkey manager, and protect that with a password/passkey that is even harder to hack. Mine is over 30 characters long.
Mark_K5LXP
Well-known member
I wonder though how "AI" might pare that time down some. Brute force is banging away at all possibilities in some sequence which I guess would be something you'd end up doing for randomly generated passwords, but how many of us use actual words, or 'clever' sequences of acronyms or substitutions that are easy to remember? I have a method of creating passwords that are easy to remember and when they're put into a password engine they come up as ' very strong' but if you (or AI) ever figured out my generation method you could probably break every password I have in a much shorter time than brute force.
Yes, there are password vaults that do this automagically but I'm not always online or at the computer that has the vault so I keep them on a physical thumb drive, in a locked spreadsheet. At last count I have something like 80 or so unique passwords I'm supposed to remember. So no wonder folks resort to Password1 or whatever, it's becoming a giant PITA to manage a secure life anymore. Then some 14 year old kid figures out if he puts 1025 exclamation points and ampersands into some random field at a website he gets root access, and all of this folly is for naught anyway.
Mark B.
Albuquerque, NM
Yes, there are password vaults that do this automagically but I'm not always online or at the computer that has the vault so I keep them on a physical thumb drive, in a locked spreadsheet. At last count I have something like 80 or so unique passwords I'm supposed to remember. So no wonder folks resort to Password1 or whatever, it's becoming a giant PITA to manage a secure life anymore. Then some 14 year old kid figures out if he puts 1025 exclamation points and ampersands into some random field at a website he gets root access, and all of this folly is for naught anyway.
Mark B.
Albuquerque, NM
SMR
Well-known member
We use Roboform, it generates the passwords and we are change them every 6 months. We are in the green per the chart.
Skookum
Well-known member
- Joined
- Dec 19, 2018
- Posts
- 3,693
Yep... Use unique usernames where possible, and always unique, "strong" passwords. Change passwords a couple times per year to keep them fresh.
Your passwords are less likely to be guessed or hammered (inputing text until a match is found), but rather, stolen. Keeping unique passwords for each site limits the liability of a reusable credential, and changing them often means any credentials stolen will be rendered obsolete when the password is changed.
Set up 2FA (2-factor authentication) when possible. Never give your password to anyone or anything other than the site for which it is intended. That should be the only place it is ever needed.
Where PINs are used, don't reuse those either. If your garage door code is also your ATM pin, which also unlocks your phone, which is the same as the last 4 of your SSN... strongly reconsider....lol
Your passwords are less likely to be guessed or hammered (inputing text until a match is found), but rather, stolen. Keeping unique passwords for each site limits the liability of a reusable credential, and changing them often means any credentials stolen will be rendered obsolete when the password is changed.
Set up 2FA (2-factor authentication) when possible. Never give your password to anyone or anything other than the site for which it is intended. That should be the only place it is ever needed.
Where PINs are used, don't reuse those either. If your garage door code is also your ATM pin, which also unlocks your phone, which is the same as the last 4 of your SSN... strongly reconsider....lol
jlhog
Well-known member
I use a password generator for my important things. Is there a need for a really secure password for forums and such?
Chef Duane
Well-known member
^ This. Theft is much more prevalent than rote computing muscle. And keeping different passwords of different sites is highly recommended.
Mr Lars
Well-known member
I don’t worry too much about it. As all I have is just this iPhone for internet, I don’t have any financial stuff, or access to any of that on my phone. I predominantly use my phone, as a phone.
LarsMac
Well-known member
I don't even discuss password theory online, much less how I come up with them, or what method I use.
It's a secret.
It's a secret.
Skookum
Well-known member
- Joined
- Dec 19, 2018
- Posts
- 3,693
If your Windows password also allows cloud/Onedrive access and or secures payment information in any Microsoft App Store, then it should also be a strong and unique password. Assuming you are the computer "administrator" then the password also allows administrative access to the PC...another good reason to use a strong and unique password.
Password theory? These are just good cybersecurity practices which criminals are already aware of and make it harder for them to pick low hanging fruit.
Laura & Charles
Well-known member
“PassWord” and “12345678” are not any good?
xrated
Well-known member
LOL.....They are perfect..........for the hackers!
Ray-IN
Well-known member
Oddly enough, some government websites limit passwords to 8 spaces and limited special characters.
I hate it when I must "dumb-down" my passwords; plus, my password manager sends me a warning message about a weak password.
I hate it when I must "dumb-down" my passwords; plus, my password manager sends me a warning message about a weak password.
xrated
Well-known member
I agree, it's really irresponsible of them to NOT update to a much more modern system for online protection.
garyb1st
Well-known member
Most of the passwords I use for non-financial stuff are very similar and I don't see any issue with that. Example are RV sites, like this one. Not sure how much damage could be done if a hacker managed to get my password for the RVForum. However, for my important financial accounts, they're protected by 2 factor ID. Others have some limited financial risks but nothing that keeps me awake at night.
More and more, we purchase STUFF through Amazon and other retailers. That requires a credit card and is an area I haven't given much thought to. While I consider it a low risk, if someone managed to get the password to one of my credit cards, that could cost me a few bucks. Actually happened several years ago but the card company absorbed the loss. That said, I'm sure the credit card companies are looking for any way to make the card holder responsible.
More and more, we purchase STUFF through Amazon and other retailers. That requires a credit card and is an area I haven't given much thought to. While I consider it a low risk, if someone managed to get the password to one of my credit cards, that could cost me a few bucks. Actually happened several years ago but the card company absorbed the loss. That said, I'm sure the credit card companies are looking for any way to make the card holder responsible.
Skookum
Well-known member
- Joined
- Dec 19, 2018
- Posts
- 3,693
Card issuers have gotten pretty good with fraud detection. And they don't want to hold you responsible if they can prove it wasn't you. You bring them more money over the long run as a customer.
My cards have been popped a few times. Once or twice where I had no idea and the bank issued me a new card. Once where I saw weirdo charges and called it in. They could see it wasn't me but this was back in the day you still had to sign a paper affidavit and send it in. No big deal.
Ray-IN
Well-known member
I even get a message when I open the website in FireFox warning me it is an unsupported web browser, to instead use Chrome. That's a step backward IMO.
LarsMac
Well-known member
Who gives you that warning?
I've found FireFox to be as secure as Chrome and in some ways, even more so.
I am guessing that message comes from whatever website you are visiting. OR it's something to do with the OS you are using.
Lou Schneider
Site Team
- Joined
- Mar 14, 2005
- Posts
- 13,331
I use 3 credit cards. One for everyday in-person use, one for recurring monthly auto-pays and the third for online purchases. This way if one gets compromised it doesn't affect the others. The most inconvenient would be if the recurring auto-pay card was compromised, I'd have to notify everyone about the new card. But it also has the least exposure and I don't carry it in my wallet. I can swap the online and in person cards in a pinch, for example if a card gets compromised while I'm on the road. None of the cards have annual fees and I pay them in full every month so they're essentially free. In fact better than free because all 3 give a few percent cash back.
