best tips for passwords?
best tips for passwords?
anyone have any good tips for creating safe passwords? what is most important?
1) length? 2) using non-letter characters? 3) changing them often? 4) does every website need a different password?
my guess is all of the above. however, is there a way to create passwords that dont need to be changed monthly and so I dont need to memorize 10+ passwords that are each 20+ characters long?
also are those password programs (like 1password) recommended/safe?
1) length? 2) using non-letter characters? 3) changing them often? 4) does every website need a different password?
my guess is all of the above. however, is there a way to create passwords that dont need to be changed monthly and so I dont need to memorize 10+ passwords that are each 20+ characters long?
also are those password programs (like 1password) recommended/safe?
- jupiter_man
- Posts: 69
- Joined: Fri May 03, 2013 8:02 pm
Re: best tips for passwords?
Length.
Use a long phrase at the end. e.g. BASE+SITE+Common-Phrase
BASE is same for all sites - this could be your fav complex key
SITE - this changes based on site - fidelity , vanguard etc
Common-Phrase - a long line e.g. ilikegoingtothegym or myfirstcarwasanissan
Use a long phrase at the end. e.g. BASE+SITE+Common-Phrase
BASE is same for all sites - this could be your fav complex key
SITE - this changes based on site - fidelity , vanguard etc
Common-Phrase - a long line e.g. ilikegoingtothegym or myfirstcarwasanissan
- Lacrocious
- Posts: 378
- Joined: Thu Mar 22, 2007 9:45 pm
- Location: Wisconsin
Re: best tips for passwords?
To be as safe as possible, go with random character passwords that are hard to remember and hard to type - as long as the site allows with as many different character types as you can (Upper case, lower case letters; numbers; symbols). Some sites restrict length or don't allow symbols, etc. I wouldn't recommend simple symbol substitution - hackers know people substitute a zero for the letter O, or a 3 for an E. Each site should have it's own password - don't share them. Lately - I have been using a two word pattern with numbers and symbols interjected. It makes it easier to remember and type them - but the unrelated words with the symbols and numbers make it hard to hack. Password managers usually can generate random passwords - so I use that on occasion as well for even stronger sites.
For password management, I use LastPass - it works well. I have used Roboform in the past - it works fine. There are others that I have not tried - just do your homework to understand what you are using and what protections it has. Don't lose your master password if you use a manager.
- L
For password management, I use LastPass - it works well. I have used Roboform in the past - it works fine. There are others that I have not tried - just do your homework to understand what you are using and what protections it has. Don't lose your master password if you use a manager.
- L
Re: best tips for passwords?
thanks for all the help everyone!
if you have a different password for every site AND they are long/complicated, how do you remember them all? or is that why you use lastpass? without it, it seems almost impossible to remember many different complicated passwords.Lacrocious wrote:To be as safe as possible, go with random character passwords that are hard to remember and hard to type - as long as the site allows with as many different character types as you can (Upper case, lower case letters; numbers; symbols). Some sites restrict length or don't allow symbols, etc. I wouldn't recommend simple symbol substitution - hackers know people substitute a zero for the letter O, or a 3 for an E. Each site should have it's own password - don't share them. Lately - I have been using a two word pattern with numbers and symbols interjected. It makes it easier to remember and type them - but the unrelated words with the symbols and numbers make it hard to hack. Password managers usually can generate random passwords - so I use that on occasion as well for even stronger sites.
For password management, I use LastPass - it works well. I have used Roboform in the past - it works fine. There are others that I have not tried - just do your homework to understand what you are using and what protections it has. Don't lose your master password if you use a manager.
- L
Re: best tips for passwords?
I recently started using LastPass after years of using just about the exact method jupiter_man outlined so well above. While that previous method successfully generated complex passwords that I could actually remember, I realized that someone who hacked, say, Adobe's list of customer passwords might make guesses that my Yahoo password might be similar. For example, if jupiter_man's "BASE" and "Common-Phrase" were identical for the two sites, with just the "SITE" part of the formula different, it might not be too hard to guess.
Now, with LastPass, I generate a complex, unique, and too difficult to remember password for most sites. There are a couple sites for which I wanted to retain my ability to login outside of LastPass, and for those very rare sites I did think up genuinely unique, complex passwords. But other than those few sites, I rely on LastPass and a CSV file I exported from LastPass and keep in a TrueCrypt-encrypted container, just in case LastPass ever starts yielding errors.
Now, with LastPass, I generate a complex, unique, and too difficult to remember password for most sites. There are a couple sites for which I wanted to retain my ability to login outside of LastPass, and for those very rare sites I did think up genuinely unique, complex passwords. But other than those few sites, I rely on LastPass and a CSV file I exported from LastPass and keep in a TrueCrypt-encrypted container, just in case LastPass ever starts yielding errors.
-
- Posts: 211
- Joined: Tue Feb 12, 2013 3:53 pm
Re: best tips for passwords?
I don't use Lastpass as a create-complex-password-then-forget tool because I like to know my passwords and know that I can use any device out there to get to my accounts. But this comic summarizes everything:
Except don't use "correcthorsebatterystaple" because that's probably easy-to-guess now.
Except don't use "correcthorsebatterystaple" because that's probably easy-to-guess now.
-
- Posts: 42
- Joined: Sun Jul 26, 2009 7:03 am
Re: best tips for passwords?
+1 for LastPass and TrueCrypt!
My investing "factors" formula: (1) Save More (2) Work Longer (3) Spend Less (4) Reduce Investment Cost
Re: best tips for passwords?
This works great, except if:winglessangel31 wrote:I don't use Lastpass as a create-complex-password-then-forget tool because I like to know my passwords and know that I can use any device out there to get to my accounts. But this comic summarizes everything:
Except don't use "correcthorsebatterystaple" because that's probably easy-to-guess now.
- Use this for all of your sites and one of them gets hacked
- Use this for all of your sites and one of them requires changing passwords every 90 days
- Use this for all of your sites, but one requires numbers, letters & special characters; Another requires numbers and letters, but doesn't work with special characters
- One of your sites doesn't allow repeating letters (example rr in correct)
Unfortunately, this is me. My work tries to be extra secure at their detriment. In fact, even my phone can't be accessed via bluetooth prior to entering a 6-digit random number with no repeating, ascending, or descending characters. By the time I enter my password to use hands free calling I have hit a guard rail.
I don't like using a password aggregator because IMHO it can even be more dangerous (and you personally don't know any of your passwords). It just seems like IT is transferring responsibility to the end user. It is getting to the point where most people now need to write or store their passwords somewhere...essentially taking on the liability themselves.
- Sunny Sarkar
- Posts: 2443
- Joined: Fri Mar 02, 2007 12:02 am
- Location: Flower Mound, TX
- Contact:
Re: best tips for passwords?
The "use Lastpass as a create-complex-password-then-forget tool" strategy accomplishes 2 very important things:winglessangel31 wrote:I don't use Lastpass as a create-complex-password-then-forget tool because I like to know my passwords and know that I can use any device out there to get to my accounts.
- 1. separate passwords for every account
2. passwords can't be guessed by social engineering
Once I gave up the control of my passwords to LastPass, I also found another use for it...
- 3. separate usernames for every account - why not?
"Buy-and-hold, long-term, all-market-index strategies, implemented at rock-bottom cost, are the surest of all routes to the accumulation of wealth" - John C. Bogle
Re: best tips for passwords?
M Secure is a password vault (manager) that uses 256 blowfish encryption and has never been cracked. If someone attempts to open it it will destroy all the data in it after 5 attempts or however you preset it. You can input your made up passwords in the vault lock it and then open the vault to get a password when you need it. I have been using it for 2 years and love it. Here is their website: (M Seven Software):
https://msevensoftware.com/home
https://msevensoftware.com/home
"Reality always wins, your only job is to get in touch with it." Wilfred Bion
Re: best tips for passwords?
Length of password is the single most important determinant of security. Ideally you would pick twenty random characters, but that's unrealistic to remember unless you use 1Password, LastPass, etc... I use Diceware to generate my passwords, simple, transparent, easy to remember and free (unless you have to buy the dice). See this for a discussion and instructions: http://world.std.com/~reinhold/diceware.html
Re: best tips for passwords?
Use lastpass and let their software create passwordsschmitz wrote:anyone have any good tips for creating safe passwords? what is most important?
1) length? 2) using non-letter characters? 3) changing them often? 4) does every website need a different password?
my guess is all of the above. however, is there a way to create passwords that dont need to be changed monthly and so I dont need to memorize 10+ passwords that are each 20+ characters long?
also are those password programs (like 1password) recommended/safe?
https://lastpass.com
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
Re: best tips for passwords?
The only piece of the password that would change from site to site is the name of the site used in the password. The rest of the password is the same.schmitz wrote:thanks for all the help everyone!
if you have a different password for every site AND they are long/complicated, how do you remember them all? or is that why you use lastpass? without it, it seems almost impossible to remember many different complicated passwords.Lacrocious wrote:To be as safe as possible, go with random character passwords that are hard to remember and hard to type - as long as the site allows with as many different character types as you can (Upper case, lower case letters; numbers; symbols). Some sites restrict length or don't allow symbols, etc. I wouldn't recommend simple symbol substitution - hackers know people substitute a zero for the letter O, or a 3 for an E. Each site should have it's own password - don't share them. Lately - I have been using a two word pattern with numbers and symbols interjected. It makes it easier to remember and type them - but the unrelated words with the symbols and numbers make it hard to hack. Password managers usually can generate random passwords - so I use that on occasion as well for even stronger sites.
For password management, I use LastPass - it works well. I have used Roboform in the past - it works fine. There are others that I have not tried - just do your homework to understand what you are using and what protections it has. Don't lose your master password if you use a manager.
- L
Re: best tips for passwords?
I have password keeper on my iPhone. I have roughly a dozen different passwords for work and of course all the personal passwords. Many are similar, I don't know anyone that actually has a completely random different password for everything. I would spend all day looking up pass codes.
Yesterday I was on the phone with a hotel/casino resetting a password for a rewards card. It required an upper case, lower case, number and special character. I commented that I thought that was ridiculous for something tied to a casino rewards card to have such a complicated password. It's really annoying that we now have to have not just a password for everything we do, but a complicated password.
Oh no! Someone hacked into my hard rock account and made room reservations ! What if they pretend to be me and get a two for one buffet!!! It could be the end of the world as we know it.
Yesterday I was on the phone with a hotel/casino resetting a password for a rewards card. It required an upper case, lower case, number and special character. I commented that I thought that was ridiculous for something tied to a casino rewards card to have such a complicated password. It's really annoying that we now have to have not just a password for everything we do, but a complicated password.
Oh no! Someone hacked into my hard rock account and made room reservations ! What if they pretend to be me and get a two for one buffet!!! It could be the end of the world as we know it.
I’d trade it all for a little more |
-C Montgomery Burns
Re: best tips for passwords?
Sharing your password with your spouse or anyone else violates our responsibilities under Vanguard's fraud reimbursement guarantee. If you need shared account access use Agent Authorization.
Re: best tips for passwords?
1. Not length, entropy.schmitz wrote:anyone have any good tips for creating safe passwords? what is most important?
1) length? 2) using non-letter characters? 3) changing them often? 4) does every website need a different password?
my guess is all of the above. however, is there a way to create passwords that dont need to be changed monthly and so I dont need to memorize 10+ passwords that are each 20+ characters long?
also are those password programs (like 1password) recommended/safe?
2. The larger the character set the shorter the password needed for the same entropy.
3. Changing them often probably a waste of time unless the account contains data aggregated from multiple users where ongoing access would be useful.
4. YES!!!
Password keeper software is really the best way to implement this.
-
- Posts: 312
- Joined: Fri Oct 26, 2007 12:01 pm
Re: best tips for passwords?
I had a long post on the subject typed out only to have my login session time out and lose it (oh, the irony).
In summary:
In summary:
- Use a password manager (KeePass is good) to store both your passwords and "security" questions/answers
- Use a password generator for both your passwords and "security" answers
- Protect your primary email account (using 2 factor authentication when available)
- BACKUP YOUR DATA! Or at least your encrypted password database, 'cause it's really important now.
- Generate a password that you can remember for your master password (good password generators have a variety of schemes to do this well)
- Write down your master password and keep it somewhere safe with your other important documents (losing your master password is the same thing as losing all copies of your password database, i.e., BAD NEWS)
- Changing your passwords is somewhat important, mainly when changing your master password and stored account passwords together (limits the time an attacker would have to guess your master password). Good password managers will let you set a password change interval and remind you when it's time to change them.
"Ah ha! Once again, the conservative, sandwich-heavy portfolio pays off for the hungry investor!" - Dr. Zoidberg
-
- Posts: 211
- Joined: Tue Feb 12, 2013 3:53 pm
Re: best tips for passwords?
I never suggested using the same password everywhere.yatesd wrote:This works great, except if:winglessangel31 wrote:I don't use Lastpass as a create-complex-password-then-forget tool because I like to know my passwords and know that I can use any device out there to get to my accounts. But this comic summarizes everything:
Except don't use "correcthorsebatterystaple" because that's probably easy-to-guess now.
- Use this for all of your sites and one of them gets hacked
- Use this for all of your sites and one of them requires changing passwords every 90 days
- Use this for all of your sites, but one requires numbers, letters & special characters; Another requires numbers and letters, but doesn't work with special characters
- One of your sites doesn't allow repeating letters (example rr in correct)
Unfortunately, this is me. My work tries to be extra secure at their detriment. In fact, even my phone can't be accessed via bluetooth prior to entering a 6-digit random number with no repeating, ascending, or descending characters. By the time I enter my password to use hands free calling I have hit a guard rail.
I don't like using a password aggregator because IMHO it can even be more dangerous (and you personally don't know any of your passwords). It just seems like IT is transferring responsibility to the end user. It is getting to the point where most people now need to write or store their passwords somewhere...essentially taking on the liability themselves.
Re: best tips for passwords?
I have several ways to do passwords.
1. My Marine Corps ID (from 58 years ago) in reverse order preceded by ! with Sir added to the end.
2. 2 or 3 of my grandkids middle names (girls UPPER CASE/boys lower case) in reverse order with the oldest preceded by ! the second oldest preceded by @ the third oldest preceded by # etc.
3. My maternal great grandmothers maiden name translated into French and reversed. Vowels lower case -- consonants UPPER CASE. Any 2 consecutive letters preceded by *
4. same as 2 but with different grandkids.
5. Something I haven't created yet.
1. My Marine Corps ID (from 58 years ago) in reverse order preceded by ! with Sir added to the end.
2. 2 or 3 of my grandkids middle names (girls UPPER CASE/boys lower case) in reverse order with the oldest preceded by ! the second oldest preceded by @ the third oldest preceded by # etc.
3. My maternal great grandmothers maiden name translated into French and reversed. Vowels lower case -- consonants UPPER CASE. Any 2 consecutive letters preceded by *
4. same as 2 but with different grandkids.
5. Something I haven't created yet.
Contrary to the belief of many, profit is not a four letter word!
-
- Posts: 211
- Joined: Tue Feb 12, 2013 3:53 pm
Re: best tips for passwords?
Before this escalates and more people do it, it's always a risk that in a thread asking for password tips people start posting real examples of what they do. Your online identities are not that hard to reconcile.
Re: best tips for passwords?
I use nicknames, not real names. I also use birthdays of people outside my immediate family, if adult siblings count as outside my immediate family. I used to use my old girlfriend's birthday, but my wife didn't like it.wilpat wrote: 2. 2 or 3 of my grandkids middle names (girls UPPER CASE/boys lower case) in reverse order with the oldest preceded by ! the second oldest preceded by @ the third oldest preceded by # etc.
- Lacrocious
- Posts: 378
- Joined: Thu Mar 22, 2007 9:45 pm
- Location: Wisconsin
Re: best tips for passwords?
Yes - that is why I use a password manager. I first used Roboform, then switched to LastPass.schmitz wrote:thanks for all the help everyone!
...if you have a different password for every site AND they are long/complicated, how do you remember them all? or is that why you use lastpass? without it, it seems almost impossible to remember many different complicated passwords....
I love the xkcd comic that was posted. It is basically what I do. Using the "password" from the comic - I might change it to be something like "17Horse!Staple83" - adding mixed case, numbers and symbols rather than the just the 4 random words from the comic "correcthorsebatterystaple". Note - none of these are anything like my passwords.
As others have said - make sure you remember your master password. LastPass has some methods to generate one-time-use master passwords that can be recovery passwords - generate one, save just the pwd in a secure location - printed in a safe or safe deposit box? or hidden somewhere secure. Maybe split it into multiple pieces and hide separately. You can also save a csv file- but be sure to encrypt it and store it securely.
- L
Re: best tips for passwords?
winglessangel31,I never suggested using the same password everywhere.
I think you missed my point. I really like your comic and suggested technic. Actually thought about implementing it until I considered other challenges that I still need to face. Such as...
- changing passwords every 90 days
- Some sites having very challenging requirements while others don't allow passwords with the same complexity
- memory challenged
I'm not just looking for more challenging passwords...I also need to remember them.
Last edited by yatesd on Sun Feb 16, 2014 6:53 pm, edited 1 time in total.
- tennisplyr
- Posts: 3703
- Joined: Tue Jan 28, 2014 12:53 pm
- Location: Sarasota, FL
Re: best tips for passwords?
There are password protection programs that many use, see:
http://www.bogleheads.org/forum/viewtop ... d#p1880011
If you want to keep it simple, maybe the first four letters of the site and the year you graduated college, eg,
For Chase it would be: chas1982
http://www.bogleheads.org/forum/viewtop ... d#p1880011
If you want to keep it simple, maybe the first four letters of the site and the year you graduated college, eg,
For Chase it would be: chas1982
“Those who move forward with a happy spirit will find that things always work out.” -Retired 13 years 😀
Re: best tips for passwords?
I recommend completely random passwords. Modern cracking programs have become very sophisticated, so if you can remember a password it almost certainly follows one of the patterns that a cracking program will try. And when you have dozens of accounts with varying degrees of security, there's an excellent chance that at least one of them will be hacked, so you should use a different password for each account. And once you're reached this point, there's really no choice but to use some kind of password manager to keep track of them all. Fortunately there are lots of good ones to choose from.
On the other hand, changing passwords regularly buys you very little in the way of security and makes an annoying business even more annoying.
On the other hand, changing passwords regularly buys you very little in the way of security and makes an annoying business even more annoying.
-
- Posts: 904
- Joined: Sat Apr 06, 2013 7:11 pm
- Location: Springfield
Re: best tips for passwords?
This weekend Google bought an Israeli developer of security technology, SlickLogin.
"A site enabled with SlickLogin’s technology can use your computer’s speakers to generate a high-frequency sound that’s silent to human ears but which can be picked up by the microphone on a smartphone. The phone has to be close to the computer. Each audio signal is unique, and based on a unique numerical key that’s generated on the back end. The service can also be used to sign into banks, corporate VPNs and pretty much any other kind of service."
No one knows what internet security will look like in a few years, but it could be much more secure.
FT: http://www.ft.com/intl/cms/s/0/ab00362c ... ab7de.html
recode: http://recode.net/2014/02/16/google-acq ... licklogin/
"A site enabled with SlickLogin’s technology can use your computer’s speakers to generate a high-frequency sound that’s silent to human ears but which can be picked up by the microphone on a smartphone. The phone has to be close to the computer. Each audio signal is unique, and based on a unique numerical key that’s generated on the back end. The service can also be used to sign into banks, corporate VPNs and pretty much any other kind of service."
No one knows what internet security will look like in a few years, but it could be much more secure.
FT: http://www.ft.com/intl/cms/s/0/ab00362c ... ab7de.html
recode: http://recode.net/2014/02/16/google-acq ... licklogin/
Re: best tips for passwords?
As others have suggested, try a password manager.
I use keepass and would recommend it. I've heard lastpass is great, though I've never tried it.
Because of keepass, I honestly don't even know most of my passwords. They're almost all 25 characters (or more), alphanumeric, contain special characters, and so garbled I just can't be bothered to know any of them.
Another benefit of this approach.... if one website gets hacked i can just change that one password and not worry about changing all of my passwords. They're all different after all.
-g$$
I use keepass and would recommend it. I've heard lastpass is great, though I've never tried it.
Because of keepass, I honestly don't even know most of my passwords. They're almost all 25 characters (or more), alphanumeric, contain special characters, and so garbled I just can't be bothered to know any of them.
Another benefit of this approach.... if one website gets hacked i can just change that one password and not worry about changing all of my passwords. They're all different after all.
-g$$
Re: best tips for passwords?
i wish lastpass and the like were practical for me.
i do much of my internetting at work, behind a massive company firewall/filter that won't let me download or use any outside software. makes using lastpass or other similar password generating software impossible.
anyone have any ideas to circumvent this scenario? i'd love to be able to use this technology.
i do much of my internetting at work, behind a massive company firewall/filter that won't let me download or use any outside software. makes using lastpass or other similar password generating software impossible.
anyone have any ideas to circumvent this scenario? i'd love to be able to use this technology.
Re: best tips for passwords?
Keepass has a smartphone app. I use Keepass on my laptops with the db file stored in Dropbox. With Dropbox and Keepass on my phone I can access the password database anywhere -- even without an internet connection.Beezthree wrote:i wish lastpass and the like were practical for me.
i do much of my internetting at work, behind a massive company firewall/filter that won't let me download or use any outside software. makes using lastpass or other similar password generating software impossible.
anyone have any ideas to circumvent this scenario? i'd love to be able to use this technology.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
-
- Posts: 211
- Joined: Tue Feb 12, 2013 3:53 pm
Re: best tips for passwords?
Don't. No matter how frustrating, you want to stay on your company's and their IT's good side.Beezthree wrote:i wish lastpass and the like were practical for me.
i do much of my internetting at work, behind a massive company firewall/filter that won't let me download or use any outside software. makes using lastpass or other similar password generating software impossible.
anyone have any ideas to circumvent this scenario? i'd love to be able to use this technology.
Just create memorable passwords that are hard to crack. libertyGoofballAteMunchkins.
-
- Posts: 211
- Joined: Tue Feb 12, 2013 3:53 pm
Re: best tips for passwords?
Ah if memory is a huge challenge, then really nothing can help... but having to change password every 90 days and complexity requirements aren't really arguments I'd buy For example, since someone else brought up Chase, and because it's convenient, here are seeds:yatesd wrote:winglessangel31,I never suggested using the same password everywhere.
I think you missed my point. I really like your comic and suggested technic. Actually thought about implementing it until I considered other challenges that I still need to face. Such as...
- changing passwords every 90 days
- Some sites having very challenging requirements while others don't allow passwords with the same complexity
- memory challenged
I'm not just looking for more challenging passwords...I also need to remember them.
- ChaseGirlScoutBearCookieMonsters
- ChaseScoutBearQ3Mawnstahzzz
- CsbQ3MzzzOm&nom
- ChaseRobberRobertRobinHoodTightsRightyLoosey
- ChaseberertintTightyWhiteyRLucy
- CheererTint80WhiteyRLC
Re: best tips for passwords?
keepass can run from a thumbdrive. this would circumvent your issue with the employer. Just google search "keepass portable app"
Re: best tips for passwords?
https://passfault.appspot.com/password_strength.html
Found this on USA today awhile back. Interesting to play with. I use 1password on our apple devices.
Found this on USA today awhile back. Interesting to play with. I use 1password on our apple devices.
Re: best tips for passwords?
I've never understood why password changes are forced and I'm glad Vanguard and Fidelity doesn't play that way.
My local regional bank forces a password change every 90 days and I really dislike it. Is the assumption someone is close to cracking your already very good password and you're going to foil them at the last moment and make them start all over?
My local regional bank forces a password change every 90 days and I really dislike it. Is the assumption someone is close to cracking your already very good password and you're going to foil them at the last moment and make them start all over?
Re: best tips for passwords?
Well, I am weak. I finally gave in and signed up for fast pass premium ($12) a year. Ironically, a little bit of a hassle for the two vendors I was most concerned about (VG and bank). However, it does seem to be working so far.
I prefer to pay for stuff that becomes critical for me so there is a reasonable level of obligation from the vendor. Same reason I use smugmug for photos/videos rather than a free provider that might just delete them on a whim. IMHO it is important to understand the business model, versus a free vendor that is data mining for advertisers, etc.
I prefer to pay for stuff that becomes critical for me so there is a reasonable level of obligation from the vendor. Same reason I use smugmug for photos/videos rather than a free provider that might just delete them on a whim. IMHO it is important to understand the business model, versus a free vendor that is data mining for advertisers, etc.
Re: best tips for passwords?
I use Keeper (https://keepersecurity.com/). It's a pay subscription service as well.
What I like about it is that it doesn't try to do everything like remember my identity and credit cards and it doesn't botch a lot of my logins by crapping out during an automatic login process. It doesn't try to autofill forms which I like. To me, the failure of most of this type program is the kitchen sink approach - I just want to manage passwords.
I have to click a little lock icon to enter my username, then click another time to enter my password - so it works, 100% of the time.
It also has web access so I can access a password over an SSL connection if necessary and works perfectly on my iphone and ipad.
What I like about it is that it doesn't try to do everything like remember my identity and credit cards and it doesn't botch a lot of my logins by crapping out during an automatic login process. It doesn't try to autofill forms which I like. To me, the failure of most of this type program is the kitchen sink approach - I just want to manage passwords.
I have to click a little lock icon to enter my username, then click another time to enter my password - so it works, 100% of the time.
It also has web access so I can access a password over an SSL connection if necessary and works perfectly on my iphone and ipad.
Re: best tips for passwords?
Work around for work (where I can't install software OR use USB devices): I bring the username/password up in LastPass on my phone and type it in.
Warning: I am about 80% satisficer (accepting of good enough) and 20% maximizer
Re: best tips for passwords?
Another reason to store all your passwords using password manager software is to enable quick access to your accounts for your loved ones should you become indisposed.
A paper list is too easily lost, incomplete, or out of date. With a password manager all someone needs is your master password.
A paper list is too easily lost, incomplete, or out of date. With a password manager all someone needs is your master password.
Re: best tips for passwords?
I use Keepass for all financials. Open source, reliable for years.
I actually prefer that Keepass isn't so easy to keep open on multiple browsers/phones. (As compared to Lastpass.) For financial pwds I want it to force me to really have to put in extra effort if I'm going to open financial software anywhere other than my home computer where it's safe. I do have the iphone keepass app as well, but it's only for emergencies - I've verified it works but otherwise never use it.
I actually prefer that Keepass isn't so easy to keep open on multiple browsers/phones. (As compared to Lastpass.) For financial pwds I want it to force me to really have to put in extra effort if I'm going to open financial software anywhere other than my home computer where it's safe. I do have the iphone keepass app as well, but it's only for emergencies - I've verified it works but otherwise never use it.
-
- Posts: 904
- Joined: Sat Apr 06, 2013 7:11 pm
- Location: Springfield
Re: best tips for passwords?
Lastpass has smartphone apps that sync with your other devices. They also have a portable app that works off a USB thumbdrive, Lastpass Pocket.Beezthree wrote:i wish lastpass and the like were practical for me.
i do much of my internetting at work, behind a massive company firewall/filter that won't let me download or use any outside software. makes using lastpass or other similar password generating software impossible.
anyone have any ideas to circumvent this scenario? i'd love to be able to use this technology.
https://helpdesk.lastpass.com/lastpass- ... ss-pocket/
Re: best tips for passwords?
If you do that then you are not living up to your responsibilities under Vanguard's fraud reimbursement guarantee:furwut wrote:Another reason to store all your passwords using password manager software is to enable quick access to your accounts for your loved ones should you become indisposed.
A paper list is too easily lost, incomplete, or out of date. With a password manager all someone needs is your master password.
https://personal.vanguard.com/us/help/S ... ontent.jspNever share your user name, password, or other account-related information with anyone.
Instead, you should use an agent authorization or the appropriate form to grant others access to your account:
https://personal.vanguard.com/us/litful ... C&subCat2=
I the case of a deceased person, the account should not be accessed. The executor and beneficiaries should contact Vanguard. You should provide them with instructions on how to do that.
Re: best tips for passwords?
You can probably just use a random car license plate number you are following on the way home from work. that would be hard to hack, I would think.
-
- Posts: 51
- Joined: Sun Jan 26, 2014 1:05 pm
Re: best tips for passwords?
I use KeePass as a password manager. I randomly generate a password for every account and the only password I know from memory is my Gmail account as I use it to access mail from work and I use the two-step authentication method. I have no idea what my passwords are to the other 300 accounts I have (financial, shopping, message boards, etc.). With KeePass, I simply type in my master passphrase to open KeePass, and copy+paste the specific password into the site. There are cloud-based solutions, but I don't feel comfortable having my passwords kept outside my control. I keep the KeePass database file on an IronKey USB flash drive.schmitz wrote:anyone have any good tips for creating safe passwords? what is most important?
1) length? 2) using non-letter characters? 3) changing them often? 4) does every website need a different password?
my guess is all of the above. however, is there a way to create passwords that dont need to be changed monthly and so I dont need to memorize 10+ passwords that are each 20+ characters long?
also are those password programs (like 1password) recommended/safe?
The following is based on me using KeePass:
1) Make the length as long as the site will support. It'll generally tell you how many max characters can be used.
2) Absolutely use non-alphabet characters. Some of the better sites will tell you what special symbols are allowed like spaces.
3) Because I randomly generate my passwords with special characters I don't change my passwords for all accounts. While it is good practice to change your password every couple of months, it's not feasible when you have over 300 accounts like I do. So, I focus on the financial type accounts and change those every six months or when I get bored. Accounts for message boards I don't change (just too many of them!) as I'm not as paranoid about them.
4) Yes, it is best practice that every password be different for each website. In fact, if the site allows, I randomly generate the username so it's different for each site, hence why my Boglehead's username is all gibberish.
- Random Musings
- Posts: 6770
- Joined: Thu Feb 22, 2007 3:24 pm
- Location: Pennsylvania
Re: best tips for passwords?
Not enough length.rixer wrote:You can probably just use a random car license plate number you are following on the way home from work. that would be hard to hack, I would think.
RM
I figure the odds be fifty-fifty I just might have something to say. FZ
-
- Posts: 6
- Joined: Tue Sep 17, 2013 9:01 pm
Re: best tips for passwords?
A few more tips:
--Security challenge questions should not be truthfully answered. A nonsensical passphrase is better, or even a long random string of characters if you don't have to give your answer to a human being over the phone
--A username of random characters may be good too
--Close all unnecessary accounts, and avoid opening new accounts for onetime transactions (e.g. online retailers). Less passwords to manage, and less accounts susceptible to data breaches
--Avoid storing bank and credit card information with online retailers unless completely necessary
I echo the recommendations for maximal entropy randomly generated passwords, password managers (keepass is my favorite), and multi-factor authentication.
--Security challenge questions should not be truthfully answered. A nonsensical passphrase is better, or even a long random string of characters if you don't have to give your answer to a human being over the phone
--A username of random characters may be good too
--Close all unnecessary accounts, and avoid opening new accounts for onetime transactions (e.g. online retailers). Less passwords to manage, and less accounts susceptible to data breaches
--Avoid storing bank and credit card information with online retailers unless completely necessary
I echo the recommendations for maximal entropy randomly generated passwords, password managers (keepass is my favorite), and multi-factor authentication.
Re: best tips for passwords?
Security challenge questions are a major security hole. The typical questions are things that can be relatively easily discovered. There are numerous reports of crackers gaining access to accounts by figuring out the answers to security questions.Nowa Osoba wrote:A few more tips:
--Security challenge questions should not be truthfully answered. A nonsensical passphrase is better, or even a long random string of characters if you don't have to give your answer to a human being over the phone<snip>
Re: best tips for passwords?
I am not directing this at anyone. I hope to show you that no matter what you think you are not really safe unless...
So any words and phrases in dictionaries whether English or foreign are useless. Cracking software using GPUs (forget what they are just know they are powerfully fast!) can run through billions of combinations a second.
So here's what you do:
1. use some form of password manager. By doing this you don't have to remember anything except the master password and that should be really long and complex but something you can remember. Ex - use names, dates, old addresses, old phone numbers, anything that you can remember so for example here's your master password:
kYlE!82312@12/24/65#jAcKsOn$06/25/82%that'sallfolks
alternate lower and upper case in words with every other or every 3rd character
kYle is your kid, friend, dog, spouse, whatever
! 1st separator and 1st special character on key board
82312 someone's zip code
@ 2nd separator and 2nd special character on key board
12/24/65 someones birth date
# 3rd separator and 3rd special character on key board
jAcKsOn last name or first name of someone
$ 4th separator and 4th special character on key board
06/25/82 another birth date or anniversary whatever you want
% 5th separator and 5th special character on key board
that'sallfolks how you end it
so that is such a crazy master password once you get the naming convention you want and you can remember and the length with upper, lower characters, numbers, special characters it is a good one!
now I use unique userids and passwords for everything and I use the max length and all the characters each site allows. For example here's what I might use for say a bank -
userid is Ym(4",ag2QLn8^]Pzn7b
password is 0(MpO-1QXt5${Ky7@hVz9*\cR.i
I make these up and it is easy to do this. Storing them in your password safe means you don't have to remember any of them, just the master password. I put the password safe on a flash drive not the c drive so it isn't online unless you plug it in. I keep 2 flash drives in case one fails. I print a copy of the password manger's contents and put it into my safe deposit box at the bank.
This is as safe as you can get. Forget your "tricky" ideas cuz crackers use all sorts of software to try all different combinations. Could they guess my stuff? Maybe but the length, complexity and randomness of these userids and passwords makes them pretty safe.
So any words and phrases in dictionaries whether English or foreign are useless. Cracking software using GPUs (forget what they are just know they are powerfully fast!) can run through billions of combinations a second.
So here's what you do:
1. use some form of password manager. By doing this you don't have to remember anything except the master password and that should be really long and complex but something you can remember. Ex - use names, dates, old addresses, old phone numbers, anything that you can remember so for example here's your master password:
kYlE!82312@12/24/65#jAcKsOn$06/25/82%that'sallfolks
alternate lower and upper case in words with every other or every 3rd character
kYle is your kid, friend, dog, spouse, whatever
! 1st separator and 1st special character on key board
82312 someone's zip code
@ 2nd separator and 2nd special character on key board
12/24/65 someones birth date
# 3rd separator and 3rd special character on key board
jAcKsOn last name or first name of someone
$ 4th separator and 4th special character on key board
06/25/82 another birth date or anniversary whatever you want
% 5th separator and 5th special character on key board
that'sallfolks how you end it
so that is such a crazy master password once you get the naming convention you want and you can remember and the length with upper, lower characters, numbers, special characters it is a good one!
now I use unique userids and passwords for everything and I use the max length and all the characters each site allows. For example here's what I might use for say a bank -
userid is Ym(4",ag2QLn8^]Pzn7b
password is 0(MpO-1QXt5${Ky7@hVz9*\cR.i
I make these up and it is easy to do this. Storing them in your password safe means you don't have to remember any of them, just the master password. I put the password safe on a flash drive not the c drive so it isn't online unless you plug it in. I keep 2 flash drives in case one fails. I print a copy of the password manger's contents and put it into my safe deposit box at the bank.
This is as safe as you can get. Forget your "tricky" ideas cuz crackers use all sorts of software to try all different combinations. Could they guess my stuff? Maybe but the length, complexity and randomness of these userids and passwords makes them pretty safe.
-
- Posts: 4
- Joined: Sun Jan 05, 2014 7:38 pm
Re: best tips for passwords?
Install Lastpass in your browser. Pick a nice, long, difficult password for it.
Now, you can use Lastpass to generate appropriately secure passwords for each unique account that you have. The best part is, Lastpass will remember them all, because their is no way you will. No more Post-It's in your drawer, no more secret notebook, no more secret spreadsheet...
Now, you can use Lastpass to generate appropriately secure passwords for each unique account that you have. The best part is, Lastpass will remember them all, because their is no way you will. No more Post-It's in your drawer, no more secret notebook, no more secret spreadsheet...
-
- Posts: 211
- Joined: Tue Feb 12, 2013 3:53 pm
Re: best tips for passwords?
I find it really intriguing that people are so comfortable with password managers that they'd trust the password manager to do all the memory work.
I find it also really intriguing that people are so comfortable with putting all eggs in one basket. Lose the master password/account, lose everything. That's exactly the argument for having unique passwords across sites---if you have one username/password compromised, the rest are still largely safe.
It is far too easy to accidentally the whole password manager account; you could forget, you could lose the encrypted files, you could have something hacked, and so on. The way people leave their hard drives unencrypted (e.g., not using Bitlocker or similar), the way lots of people leave machines unlocked when they leave the room... I don't know.
I find it also really intriguing that people are so comfortable with putting all eggs in one basket. Lose the master password/account, lose everything. That's exactly the argument for having unique passwords across sites---if you have one username/password compromised, the rest are still largely safe.
It is far too easy to accidentally the whole password manager account; you could forget, you could lose the encrypted files, you could have something hacked, and so on. The way people leave their hard drives unencrypted (e.g., not using Bitlocker or similar), the way lots of people leave machines unlocked when they leave the room... I don't know.