Thread: Usernames and passwords

Your point being?????????

If any forum would be stupid enough to switch that "prove you're not a robot" off, you wouldn't want to be a member as there would be more spammers than "genuine" members.

Of course there are those membes that for their own nefarious reasons insist on having 5+ user names, aren't there? They then seem to complain that it is hard to keep track.

Your "frustrations" could be easily fixed by not joining any forum where you don't agree with their rules.

The Username issue is unfortunate I agree, however the password issue is not that hard to overcome. Having a strong password is highly advisable, and there are relatively simple methods that can be used to achieve that. As an example, the "standard" for passwords is now 8 Characters, including at least one uppercase, one numeric and one special character. The easiest way I have found to achieve this is by having a password along the lines of P@ssword1, that is, I take a suitable word and substitute special characters and numbers for letters based on similarity, don't use the example, it is commonly known, whereas, until this post 1Beerplea$e is a very strong password. You can increment the numeric character if required to change regularly.

The other aspec is to use a Password Safe, such as SafeInCloud to record logons and passwords, and it will autofill webforms, you record all of your credentials, they are encrypted (you are able to view them) and stored in the cloud, and you require a master password to access it. If you use multiple devices (i have laptop, ipad, android phone and a desktop) it is accessible from all of them. You can check it out here https://www.safe-in-cloud.com/en/

As to verification images, yes they are a pain, but necessary to avoid robots, there are no shortage of tossers out there with nothing better to do than spam and scam.

From a security point of view, having different user names on different forums is actually a good thing, as it makes it harder to find ways to get your password.

As for passwords - a simple, easy to remember common password - such as Password123 - on all sites where you really don't care (which, really, is most of them) and something like 4t2!5KD(gJT3+5LW4b??hM%acc2Uwr on your bank. ie - if there are no financial downsides, compromised accounts are disposable.

Things are slowly changing as google and facebook take over the world. Often, when shopping or doing anything where you need to sign up to the site you can sign in with a google or facebook account. I dont sign into anything with facebook or google though because its just another tracking mechanism that they employ. I dont want google knowing that im in the market for a russian bride.

Time to buy a VPN, the gumbiment has the ISP's stashing the metadata, more likely to get pinged for movie piracy than russian brides, and for that matter, why do want one that's russian, I prefer one who takes her time

Originally Posted by Thylacene

Time to buy a VPN,

I've been assuming that by now, everyone in Australia has a VPN...

What are you hoping for here Big Shed? Your tone suggests an agenda!

A tip, ignore those who you don't feel measure up to your standards - I do - usually. I think it's clear where you want to go from here Big Shed! A bit silly but!

I understand what you are saying but unfortunately as web traffic increases so to does the number of characters and variations on characters needed for passwords. Trying to come up with a username on some sites that means something to you or is easy to remember is nearly impossible. Some sites are helpful in providing suggestions like 'Bart1874509742', very helpful indeed. Once upon a time we needed four, any four, now we're up to eight in a lot of cases with capitals, numbers and so on, as it increases so too does the need to change them. I have a small almost full notebook (which the gremlins love to hide) which contains cryptic clues to usernames and passwords, but it is extremely annoying having to race inside to find it and nut out the cryptic clues to gain access.
I find it annoying, granted there is probably no way around it but still annoying.

For passwords now I've begun using a pattern on the keyboard rather than a word I have to remember.
Every hacker knows the 1 for I, 0 for O, $ for S and adding the 1 or 123 to the end etc as substitutes.

If the forum starts with a G then I start a figure 8 pattern starting with the G.
If it starts with R then start the figure 8 pattern at R.
Use an 0 pattern, make the letter F shape on the keyboard keys, anything that doesn't make a word.
So an O starting with a C and you get CDE#$%TGBV, make every second a capital if you like.
Or a Big W starting somewhere @WSXDR%THMKO) , No password cracker using any dictionary with substitutions will get it easily.

No way could I remember all my passwords so I use a password program to store them.Only need to remember the access password.
For sites like bank and paypal I use the max allowable number of characters, randomly generated from a set of all allowable characters.
For junk and game sites I use about 8 characters.
Thank goodness for copy paste.

What annoys me are the sites or programs that require you to change your password every 90 days or so "for security purposes". Moo. Poo.

I have 3 passwords that get me into everything I need to. One of them is unique to me and is used in everything I put a value on, but is apparently easily hacked because it has no capitals or special characters. The other two are work related; one is my generic 8 character with capital and special that I use in every application I can, the other is the bog standard P@ssword1/2/3/4 that I have to keep changing "for security purposes" just to log onto my computer at work.

My bank takes a different approach; it's happy to let me use an easy username and two simple passwords but they only allow me to LOOK at my account. To actually DO anything involving moving money around outside of my accounts I then have to enter a PIN into a security device, which then generates random codes that I have to transcribe onto the logon page just to get me into my account, and then again to confirm an action like paying a bill. Sounds complicated but is actually real easy. It's secure because to get money out of my account you would need to know my username, both passwords, my PIN AND physically have my security device in your sticky mits.

This is a bit of an aside to the OP, but anyway...



I'm a little bit of a security nutter...or at least I was... and have done a little "white hat" hacking in my time (super-fun-corporate-times )
I know that it can be a little troublesome ontop of everything else, but I used to like to assign "sentences" to each site for a password.

For example (a very old one for a non-critical site that I don't use anymore)...

From a Futurama episode:
"I have made it with a woman. Inform the men"

Take the first letter of each word...

IHMIWAWITM

Get all hax0r on it...(the use of the shift key becomes rhythmical after a while when you have to retype it regularly (which in itself is a problem))

1hM!w@w!tm

And there you go...what the heck is that!?!?!




Although, (and it really is a good idea), after the publication of https://xkcd.com/936/ a lot of sites started banning "correct horse battery staple" explicitly.

Anyway, the point of the comic is, these days, quite really...brute force password cracking programs are better at guessing mixed cases and symbols than they are at guessing simple randomly mixed words.


Oh, and did anyone see the leak of the most common passwords for the Ashley Madison site once it was hacked?
http://qz.com/501073/the-top-100-pas...shley-madison/
This should be considered a modern list of THE WORST passwords to use.


Back in "the day" (late 90's early 2000's) the list used to be: root, god and passwd....and the securest length of a password was 7 characters. Fewer was an easy crack (low entropy) and any more was repetition (can you see it in my example above?) and/or started/finished with a number(s)...how times have changed


Story:
In the mid 90's I was doing some work for a university lecturer...in their office...on their computer.
I was merrily working away...but at one stage I had to reboot the machine and, without said lecturer around, was presented with a simple Windows/NetWare login prompt before I could access the system again.

Their username was easy to figure out...after-all, it was only the "name" part of their email address...[name]@[educational institution].edu.au.

Quite literally...and I kid you not...I looked at the row of 6 dozen books sitting on a single shelf next to me and said "....................that one."

I opened it up and the password was written inside the cover and I had full access again.

Such a basic, BASIC mistake for in-situ naughtiness...if one were so inclined

+1 for the password safe. I use last pass and I can't remember the last time I typed in a password for a website or made one up.

To be honest I never thought pf a password manager, never gave them a thought, never even realised there was such a thing although in retrospect, it’s an obvious helper program I guess. Surely though if hackers can get your password by hacking a site like Woodwork Forum then they could also hack something like LastPass.

Don’t pay much attention to passwords other than making them easy for me to remember, but realistically why would you care if someone hacked your woodwork forum account. I can understand bank accounts, paypal accounts and the like (I use the blind pecker method for that) but not accounts like whirlpool, woodwork, etc.
Facebook? Well that happens on a daily basis doesn’t it?