advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
Passwords, don't do what I did
Posted by: davemchine
Date: March 30, 2021 09:27PM
For years I've re-used about 4 passwords for every account I've created. I know it's not the right way to do it but alot of these accounts didn't seem terribly important at the time. Now I'm getting messages left and right saying my passwords have been part of a data breach and I need to update them. This is an incredible amount of work. Don't do what I did!
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: jdc
Date: March 30, 2021 09:38PM




----


Edited 999 time(s). Last edit at 12:08PM by jdc.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: cbelt3
Date: March 30, 2021 10:05PM
I use a similar approach to the xkcd one above
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: wurm
Date: March 30, 2021 10:19PM
And sadly, I use a similar method to davemchine's. Thankfully, many of them are with long gone email addresses and/or long gone companies.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: freeradical
Date: March 30, 2021 10:34PM
A lot of sites require things such as special characters, numbers, and mixed case for valid passwords.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Sarcany
Date: March 30, 2021 10:40PM
Quote
cbelt3
I use a similar approach to the xkcd one above

Don't use a selection of words unless they are random and have at least two additional types of complexity -- adding a random letter in caps and a random special character for example.

Otherwise dictionary crackers will have you.

Most people assume that any four words they pick will add sufficient complexity, but people tend to pick familiar and common words when left to their own devices and this is surprisingly predictable even if you think your advanced college degree in literature gives you an edge. Use an online tool for random word-generation or an app like 1Password to randomly generate the words.



Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Dennis S
Date: March 30, 2021 10:41PM
This site is helpful to me for picking passwords:

[www.uic.edu]
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: testcase
Date: March 30, 2021 10:42PM
I expected you to report that you put ALL of your passwords into a "Password Vault" app and then forgot the "Master" password thereby locking you completely out of your "digital life". facepalm
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Dennis S
Date: March 30, 2021 10:50PM
Quote
testcase
I expected you to report that you put ALL of your passwords into a "Password Vault" app and then forgot the "Master" password thereby locking you completely out of your "digital life". facepalm

I will never use that.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: RgrF
Date: March 30, 2021 11:03PM
I have a sticky note that, at last glance, contained over 50 passwords. I assume since it's a sticky anyone who hacks into my Mac will have them but then anyone capable of doing that will already know more about me than I know myself.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Diana
Date: March 30, 2021 11:32PM
Quote
testcase
I expected you to report that you put ALL of your passwords into a "Password Vault" app and then forgot the "Master" password thereby locking you completely out of your "digital life". facepalm

No, that would be my mom. I know her master password, and as long as it doesn’t get changed, she won’t be completely locked out. With her memory issues, though, it may only be a matter of time.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Sam3
Date: March 31, 2021 04:21AM
xkcd's password fails UIC's checker.





The arts are not luxuries but assets that give way more than they cost.
--Ronald Tucker on YouTube

A mind is like a parachute. It doesn't work if it is not open.
--Frank Zappa
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Blankity Blank
Date: March 31, 2021 07:35AM
Quote
Dennis S
This site is helpful to me for picking passwords:

[www.uic.edu]

The sample password I fed it scored “exceptional” with 152 bonus points and 27 deduction points. Works for me.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Acer
Date: March 31, 2021 09:30AM
The OP password wasn't compromised because it was simple. It was compromised because it was hacked where it was stored. It could have been a mile-long string of random characters. The complicating factor was using it on multiple sites. XKCD's method would be fine, but you'd still need a different one for each site.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: rz
Date: March 31, 2021 09:39AM
My MIL can't even remember her admin password. We've bought her three computers over the last 15 years or so, and EVERY time I tell her to make sure she remembers it, or writes it down somewhere. And then I'll get the call saying she can't remember it.

One of my favorite password tricks is to use a phrase or song lyrics, and just use the first or last letter of each word. The password looks like gibberish, but it's easy to remember.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: datbeme
Date: March 31, 2021 10:27AM
Quote
Sam3
xkcd's password fails UIC's checker.

It's still deemed to be strong. It only fails because it doesn't meet the extra requirements of at least one number and one alternate case. Those requirements are worthwhile because they greatly increase the complexity, but the xkcd method is pretty darn good, especially for something less important that you might need to remember or type in manually on occasion (like Netflix).
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: rgG
Date: March 31, 2021 10:28AM
Here is what Eric Snowdon had to say about creating a good PW.
So what should people do for their passwords? While Oliver’s suggestion of “limpbiscuit4eva” was a flop, Snowden had some helpful advice: Forget about passwords and go with “passphrases,” or phrases that are long, unique, and thus easy to remember. Like “margaretthatcheris110%SEXY”.

A computer would never get it, and you’d never forget it.


[time.com]

Say what you will about him, but I think he should know a thing or two about creating a good PW. grinning smiley





Roswell, GA (Atlanta suburb)



Edited 1 time(s). Last edit at 03/31/2021 10:29AM by rgG.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: S. Pupp
Date: March 31, 2021 10:39AM
So SpuppIsAwesome is not adequate, since it is so blatantly obviously the case and easily deduced.
Plus, it is my user name and email on multiple forums.
Plus, I just revealed it here.

Going to have to change my password to something no one would ever guess.
SpuppIsNotAwesome. Yeah, that's the ticket.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: sekker
Date: March 31, 2021 11:09AM
My older sister is very tech savvy in some ways, but she HATES moving to new iPhones due to her having to type in all of her passwords.

She has kept her passwords in a 'black book' for years. Until she lost that book on a trip.

I really do not know what the best way it is, but we keep ours in an encrypted ledger with a complex password (via 1Password) that is shared amongst family members; this could be done via iCloud, too, if everyone is on Family Sharing plan and on Catalina or above Macs (or similar recent iOS devices).

If someone has a better way, please share!
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: wowzer
Date: March 31, 2021 02:08PM
My password is, ifOnlyComputerPasswordsAllowMoreThan8Characters,ThenICanUseThisPassword.



All I ever really needed to know, I learned from watching Star Trek.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: C(-)ris
Date: March 31, 2021 06:07PM
I'm trying to figure out why banks and credit cards have such lax requirements for passwords. Some of them don't even require a symbol. There is a major credit card company that requires nothing more than 8 digits with a letter and a number. password1 passes their test.



C(-)ris
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Throwback Thursday Signature:
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Blankity Blank
Date: March 31, 2021 06:49PM
Quote
rgG
Here is what Eric Snowdon had to say about creating a good PW.
So what should people do for their passwords? While Oliver’s suggestion of “limpbiscuit4eva” was a flop, Snowden had some helpful advice: Forget about passwords and go with “passphrases,” or phrases that are long, unique, and thus easy to remember. Like “margaretthatcheris110%SEXY”.

A computer would never get it, and you’d never forget it.


[time.com]

Say what you will about him, but I think he should know a thing or two about creating a good PW. grinning smiley

But for that to remain ‘simple’ to use, you’d have to use the same password on every site; creating passphrases like that for each site would make memorization impossible. You could try finding a site specific suffix or prefix to add on, but that steers you back to predictability.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Ken Sp.
Date: March 31, 2021 07:00PM
I use this method as do most of my clients.
I use the same basic password everywhere ie: fluffy1 This will be used everywhere.
If you add a 3 character prefix to it that is based on the website you are at: Xxxfluffy1 assuming Fluffy is the name of your cat.
Amazon would be Amafluffy1
Pizza Hut would be Pizfluffy1
For further security at important websites, add a special character or two
Wells Fargo would be Welfluffy1!
Apple/iCloud etc Appfluffy1!

I developed this protocol so passwords would be easy to enter on the iPhone, and you will never need to write them down, since, you know your main password, and the prefix is whatever site you are at.
Always start with an upper-case letter-then the phone shifts to lower case.....Then "flip" to the number screen and enter 1-3 numbers....then, in the same screen you can easily use $!? as one or more special characters. (you should stay consistent on everything).
Admittedly, this is not the most super secure way, but it is much more secure than writing passwords down.

When writing down passwords, always underline upper-case letters and write the current date after the password, so you know which one is the current one. Do not use the date inside the actual password.

FYI-Notes App on Mac and iOS, now has the ability to password protect individual notes-put passwords there. I recommend using the unlock code for your iPhone to unlock your note. Always use Apple Keychain.

Here is a presentation on passwords, I recently gave to our 1400 member Apple User Group.
https://www.youtube.com/watch?v=0RQyp2k9nmc

PS: Bonus tip. When you enter your credit cards in Safari autofill, name the card with the expedition date and 3-4 digit security code in the name of that card, so when it autofills in Safari, you will see the expiration and security code without having to go get your card. Again-your decision on Security vs Convenience is your call.



Edited 1 time(s). Last edit at 03/31/2021 07:03PM by Ken Sp..
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: mattkime
Date: March 31, 2021 07:52PM
Randomize your passwords. Better yet, randomize your username as well.



Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: pdq
Date: April 01, 2021 09:40AM
Quote
sekker
My older sister is very tech savvy in some ways, but she HATES moving to new iPhones due to her having to type in all of her passwords.

If someone has a better way, please share!

I’m not sure what I’m doing differently, but all of my passwords are maintained by Apple and appear on whatever new device I get.

The only time I don’t let my Apple devices set unrememberable super-passwords is when I think I may have to log in to <wherever> on another computer at some point. But that’s a lot of the time. So in those cases I run a system like that described in the OP.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: freeradical
Date: April 01, 2021 12:58PM
Quote
C(-)ris
I'm trying to figure out why banks and credit cards have such lax requirements for passwords. Some of them don't even require a symbol. There is a major credit card company that requires nothing more than 8 digits with a letter and a number. password1 passes their test.

They probably lock you out after three failed attempts.

IMHO, this sort of administrative policy would make for better security than weird complicated passwords or phrases.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Michael
Date: April 01, 2021 05:04PM
Quote
Ken Sp.
I use this method as do most of my clients.
I use the same basic password everywhere ie: fluffy1 This will be used everywhere.
If you add a 3 character prefix to it that is based on the website you are at: Xxxfluffy1 assuming Fluffy is the name of your cat.
Amazon would be Amafluffy1
Pizza Hut would be Pizfluffy1
For further security at important websites, add a special character or two
Wells Fargo would be Welfluffy1!
Apple/iCloud etc Appfluffy1!

I developed this protocol so passwords would be easy to enter on the iPhone, and you will never need to write them down, since, you know your main password, and the prefix is whatever site you are at.
Always start with an upper-case letter-then the phone shifts to lower case.....Then "flip" to the number screen and enter 1-3 numbers....then, in the same screen you can easily use $!? as one or more special characters. (you should stay consistent on everything).
Admittedly, this is not the most super secure way, but it is much more secure than writing passwords down.

When writing down passwords, always underline upper-case letters and write the current date after the password, so you know which one is the current one. Do not use the date inside the actual password.

FYI-Notes App on Mac and iOS, now has the ability to password protect individual notes-put passwords there. I recommend using the unlock code for your iPhone to unlock your note. Always use Apple Keychain.

Here is a presentation on passwords, I recently gave to our 1400 member Apple User Group.
https://www.youtube.com/watch?v=0RQyp2k9nmc

PS: Bonus tip. When you enter your credit cards in Safari autofill, name the card with the expedition date and 3-4 digit security code in the name of that card, so when it autofills in Safari, you will see the expiration and security code without having to go get your card. Again-your decision on Security vs Convenience is your call.

I started doing something very similar years ago, except I put the site letters right before an end character. I have several hundred passwords and only a few are replicated.
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: Dennis S
Date: April 01, 2021 10:11PM
I have rules where I type out the name of the site and put symbols or numbers at certain points like after the first syllable or before the last letter. Then I have numbers that I can change every year like my age. Then I have a misspelled word.

Am@azo;n71quitar

E@ba;y71quitar
Options:  Reply • Quote
Re: Passwords, don't do what I did
Posted by: pinkoos
Date: April 04, 2021 08:40AM
This is what I've been doing for many years now after having used the exact same password on multiple sites prior to that

I posted a few months ago trying to figure out the best option for my kids as they start accumulating more and more passwords on more and more sites

I guess they can use this system but there's always some site that doesn't allow this or that character or requires a longer password that throws a wrench into it


Quote
Ken Sp.
I use this method as do most of my clients.
I use the same basic password everywhere ie: fluffy1 This will be used everywhere.
If you add a 3 character prefix to it that is based on the website you are at: Xxxfluffy1 assuming Fluffy is the name of your cat.
Amazon would be Amafluffy1
Pizza Hut would be Pizfluffy1
For further security at important websites, add a special character or two
Wells Fargo would be Welfluffy1!
Apple/iCloud etc Appfluffy1!

I developed this protocol so passwords would be easy to enter on the iPhone, and you will never need to write them down, since, you know your main password, and the prefix is whatever site you are at.
Always start with an upper-case letter-then the phone shifts to lower case.....Then "flip" to the number screen and enter 1-3 numbers....then, in the same screen you can easily use $!? as one or more special characters. (you should stay consistent on everything).
Admittedly, this is not the most super secure way, but it is much more secure than writing passwords down.

When writing down passwords, always underline upper-case letters and write the current date after the password, so you know which one is the current one. Do not use the date inside the actual password.

FYI-Notes App on Mac and iOS, now has the ability to password protect individual notes-put passwords there. I recommend using the unlock code for your iPhone to unlock your note. Always use Apple Keychain.

Here is a presentation on passwords, I recently gave to our 1400 member Apple User Group.
https://www.youtube.com/watch?v=0RQyp2k9nmc

PS: Bonus tip. When you enter your credit cards in Safari autofill, name the card with the expedition date and 3-4 digit security code in the name of that card, so when it autofills in Safari, you will see the expiration and security code without having to go get your card. Again-your decision on Security vs Convenience is your call.



My daily record blog: [www.auditorymusings.com]



The Garden of the Gods in Colorado Springs, Colorado
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 108
Record Number of Users: 186 on February 20, 2020
Record Number of Guests: 5122 on October 03, 2020