xrated
Well-known member
Well, I can't picture it ruining you financially or anything, but I guess they could log in as you and start posting spam, porn, etc, etc. and get you a permanent ban from the forum.
How safe are your passwords?
- Thread starter SpencerPJ
- Start date
The friendliest place on the web for anyone with an RV or an interest in RVing!
If you have answers, please help by responding to the unanswered posts.
If you have answers, please help by responding to the unanswered posts.
Ray-IN
Well-known member
It pops up on the DoD website when I open their main page. I agree, FF is the safer of the two IMO.
LarsMac
Well-known member
Ah! That's a whole separate kettle of Fish, there.
Ray-IN
Well-known member
We're little fish, the serious hackers go after corporations. just got a letter today that a large brain and spine surgery company has been hacked and patients personal information compromised, including SSN's.
Keep your all credit information locked on the big 3 credit bureau's JIC. This greatly reduces the odds of being ruined financially.
Two of my credit card companies (Discover, Capitol One) actually monitor the credit bureaus and report any account activity. I opened a Lowes credit card (had to get the 15% off a kitchen cabinet order, lol) anyways, I must have gotten 5 emails reporting that a new account was opened.
UTTransplant
Well-known member
My main email account and an old password is on the dark web. I am enrolled in an identify protection program because my data was part of the Office of Personnel Management data breach quite a few years ago. I still get occasional notices that someone tried to sign in to accounts that have secondary authentication. I am quite zealous at using long autogenerated passwords on anything important and updating them regularly.
Tulecreeper
Well-known member
One of the problems is that many/most websites have different password rules - how many letters, how many numbers, upper case, lower case, special characters, etc. It has gotten to the point that I have to keep a list of them because there is no possible way I could remember them all. I keep it on a thumb drive, stashed away from my PC, and they're all in my own code kind of like the Enigma Machine.
It has become so convoluted trying to keep up with the extra "security" that these companies are trying to create just to cover their own butts that they have made it less secure by making me keep a list. You know, like we have all been told since the internet was created..."Don't write them down!"
And, there is one DoD site that has some God-awful rule like, "16 -32 characters, a minimum of 3 upper case and 3 lower case letters, 2 numbers, 1 special character (but the password cannot end in a special character), and the password needs to be changed at least once ever 50 days, but no more often than once every 30 days". I just let that one expire as I wasn't using it much anyway.
It has become so convoluted trying to keep up with the extra "security" that these companies are trying to create just to cover their own butts that they have made it less secure by making me keep a list. You know, like we have all been told since the internet was created..."Don't write them down!"
And, there is one DoD site that has some God-awful rule like, "16 -32 characters, a minimum of 3 upper case and 3 lower case letters, 2 numbers, 1 special character (but the password cannot end in a special character), and the password needs to be changed at least once ever 50 days, but no more often than once every 30 days". I just let that one expire as I wasn't using it much anyway.
Alaskansnowbirds
Site Team
Why are people reluctant to use a password manager? There are lots of them out there. Read the spec. for each one and pick the one that meets your spec.
I have no idea how many passwords I have. All of them 20 characters long (if allowed), upper, lower, numbers, special characters (ULNS). The ONLY password I need to remember is my master password for the manager. Only 8 ULNS characters puts me at 7 years to crack it according to the chart. With most of the managers you can backup your passwords. I have mine backed up on an encrypted thumb drive. (The password for the thumb drive isn't the same as my manager master password.)
I have no idea how many passwords I have. All of them 20 characters long (if allowed), upper, lower, numbers, special characters (ULNS). The ONLY password I need to remember is my master password for the manager. Only 8 ULNS characters puts me at 7 years to crack it according to the chart. With most of the managers you can backup your passwords. I have mine backed up on an encrypted thumb drive. (The password for the thumb drive isn't the same as my manager master password.)
xrated
Well-known member
Something that hasn't been discussed very much here, but is definitely the future for online security, is Passkeys. More and more companies, corporations, businesses, etc are implementing Passkey login and it actually puts passwords to shame. If you don't know what passkeys are, you should probably do a google search and start reading about them. Google now has passkeys available, as does Microsoft, Amazon, Best Buy, Target, Home Depot, paypal, CVS pharmacy and others.
It will take time for the switchover to happen, and it certainly will take even longer for the smaller companies, as this requires systems changes within their infrastructure/software.
And the good news is that at least some of the Password Manager software programs that you can get, are able to store the private passkey part of the passkeys.
Edit/Update: I just came across this article that would be a great place to start reading about Passkeys for those of you that are seeking info on that topic....
It will take time for the switchover to happen, and it certainly will take even longer for the smaller companies, as this requires systems changes within their infrastructure/software.
And the good news is that at least some of the Password Manager software programs that you can get, are able to store the private passkey part of the passkeys.
Edit/Update: I just came across this article that would be a great place to start reading about Passkeys for those of you that are seeking info on that topic....
Last edited:
Tulecreeper
Well-known member
Because to use a password manager you need to rely on a 3rd party to encrypt and protect your information and pray that they don't get hacked, or just plain sell your personal information. Nope, 'don't trust anyone' is my motto. I can do a better job myself.
xrated
Well-known member
Here is a copy and paste from "1Password" brand of password managers...
Encryption
1Password security begins with your 1Password account password. It’s used to encrypt your data, so no one but you can read it. It’s also used to decrypt your data when you need it. Your password is never shared with anyone, even us at AgileBits, which means that you’re the only person who can unlock your 1Password vaults and access your information. Here’s how 1Password secures your data – and the password used to protect it – from all kinds of attacks:- End-to-end encryption. Everything in your 1Password account is always end-to-end encrypted. This makes it impossible for someone to learn anything by intercepting your data while it’s in transit or even obtaining it from AgileBits.
- 256-bit AES encryption. Your 1Password data is kept safe by AES-GCM-256 authenticated encryption. The data you entrust to 1Password is effectively impossible to decrypt.
- Secure random numbers. Encryption keys, initialization vectors, and nonces are all generated using cryptographically secure pseudorandom number generators.
- PBKDF2 key strengthening. 1Password uses PBKDF2-HMAC-SHA256 for key derivation which makes it harder for someone to repeatedly guess your 1Password account password. A strong password could take decades to crack. Learn more about how PBKDF2 strengthens your account password.
- A secret 1Password account password. Your account password is never stored alongside your 1Password data or transmitted over the network. Taking this precaution is a bit like making sure the key to a safe isn’t kept right next to it: Keeping the two separate makes everything more secure. The same principle applies here.
- Secret Key. The data in your 1Password account is protected by your 128-bit Secret Key, which is combined with your account password to encrypt your data. Learn more about your Secret Key.
I'm not sure that there would be any higher level of security anywhere, at least in the public sector. And...Any/all data is encrypted on your device before transmitting it to their storage....and of course the encrypted info is transmitted back to you when needed, still encrypted until YOUR machine decrypts it. That also means that THEY never see you master password to access the site and THEY don't store the "Secret Key". So even if a hacker did intercept the data being uploaded or downloaded between your machine and 1Password's site/servers, they couldn't do anything with it anyway.....They would have to have not only your password for the 1Password vault, but the Secret Key also.
I have the desktop software on my home computer, on my Win11 laptop, and on my Android phone. That way I can access data/passwords/passkeys just about anywhere I'm at.
Here is a link to read more about it if you are interested...
1Password Review and Test Results 2024 (Pros and Cons)
1Password is a fully-featured password manager to help you store, sync, and generate passwords. Read this 1Password review to learn more.
restoreprivacy.com
Disclaimer: I am not associated with or paid by 1Password or Agile Bits.....just a happy customer on this end.
Last edited:
Tulecreeper
Well-known member
So THEY say. As I said, "Don't trust anyone." I'm from the government, and I'm here to help.
John From Detroit
Well-known member
Well I don't know how safe my passwords are but someone got hit on one of my debit cards info. I had got an SMS message about a charge that was declined (Around 2 grand to Jet Blue) this Am and logged in I had about a dozen charges. over the last two days most marked "Pending" (They have been declined) and I think three that were approved but have been reversed.. I get a new card next week... again Other than the Jet blue they were all under 90 dollars. But I do keep an eye on the card. My other cards remain secure.
Ray-IN
Well-known member
DW bought a new cell-phone. I helped her set it up but she wanted a secure lock. We drove to the Verizon store where a man helped her setup the passkey with her fingerprint, with a security code for backup. Her fingerprint worked at the Verizon store but has never worked since.
I called the Verizon store and asked how to erase the fingerprint unlock. The guy said every Verizon store employee has the code to bypass the fingerprint and security code requirement to unlock a Verizon phone.
How secure is that?
xrated
Well-known member
I doubt that what he told you is true. You didn't state whether the new phone was Android or IOS, and I have zero experience with IOS (Apple phones), but I doubt that they are less secure than Android.
So, if the phone is an Android, it's pretty straight forward to get into the settings on the phone and change the fingerprint to a different finger or delete it entirely. The same is true with the security code "backup".
First, unlock the phone with either the fingerprint or the security code so that the phone is open and ready to use. Then, go to settings and scroll down to "Security and Privacy" and tap that. When the Security and Privacy page opens, scroll down to "Device Unlock"....and tap that. You will now see a page that has "Screen Lock (PIN)" and the other section that is called "Fingerprint & Face Unlock." At that point, you can change either one of them or both......the PIN....and/or the Fingerprint & Face Unlock.
If you want to change the PIN, you will have to enter the existing PIN, in order to access the area for changing it. Once you do that, your options are None, Swipe, Pattern, PIN, or Password. Once you've finished there by selecting something different or keeping what you have, you will have to confirm any changes made and then it should go back to the "Device Unlock" page.
Once the device unlock page is open, you can now select the "Fingerprint & Face Unlock" section to change or delete the existing fingerprint section. There is also a method to use facial recognition (I use fingerprint myself), so I've never tried that or used that. So tapping on the fingerprint section will open a page that shows the existing fingerprint or fingerprint(s) that are in use and they can be deleted individually if there is more than one (which is always a good idea to have more than one......think about an injury to that hand/finger and not usable for a while). There is also a + sign to add another fingerprint. At this point in time, I would make sure that the PIN number that she uses works correctly and as expected, then go in to the fingerprint section and DELETE it (or delete all fingerprints if there is more than one) This procedure is basically starting over on the fingerprint sign in method. Have her wash her hands with soap and water to remove any oils/dirt/grime/whatever, and then go through the fingerprint setup again, until you get one that actually works.
And last but not least, some Android phones will have a setting that can be turned on that will make the fingerprint sensor more "sensitive" IF you are using a screen protector on the phone display. If she isn't using a screen protector, you might still want to experiment with this setting. So again, go to Settings, then scroll down to "Display", then scroll down until you see "Screen Protector Mode". When you find that (if your phone has it), toggle the slider to ON and the touch screen of the phone will be more sensitive to not only the screen itself, but also for the fingerprint reader part of it. Having said all that, not all fingerprint sensors are on the phone screen and they have their own separate sensor somewhere on the body of the phone. I've had a couple of phones like that, but my current phone, a Google Pixel 7, the fingerprint reader is on the phone screen itself.
xrated
Well-known member
One more thing I will add here, in regard to my post above (#35). Even IF.....the Verizon guy/gal could bypass the screen lock part of the phone and actually open it without doing a Master Reset and putting the phone back to OEM status (wipes out all your data, files, info, apps, etc), they still could not access an App like 1Password. That app requires that the secret key (encrypted data) be present in the phone AND that the user either input the master password for the app or use the fingerprint sensor to authorize access to 1Password. There are settings within the 1Password app that will only allow it to open with the master password for the app, and not use the fingerprint sensor on the phone.
John From Detroit
Well-known member
More secure than you think.. It may well reset the phone to "New in the box" status.
Had to do that with one of my Droids once and that was what happened. Then I had to log all the way back in the hard way and confirm on a different device and then the phone "reloaded" from backup.
xrated
Well-known member
Well, it looks like computer giant Microsoft just added the ability to use passkeys a couple of days ago. I've now added that passkey to my ever growing migration away from passwords.
