U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Internet
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 03-09-2016, 06:32 PM
 
40,169 posts, read 41,775,319 times
Reputation: 16740

Advertisements

Quote:
Originally Posted by WannabeCPA View Post
I'm kind of like you in that I use the same passwords and usernames for different sites if they allow me to. The password gets more complex as the site becomes more important. Sites such as CD mean almost nothing to me so my password is just a regular word you can find in the dictionary. The only problem is that certain websites have requirements for their passwords that other websites don't have (ex. number of characters, numbers, symbols, some can't use symbols). I'll read the reviews for password storage. I just was hoping to hear some individual stories here.
You should never use the same password on different sites unless it completely inconsequential. What happens is for example someone gets into the database on this site, I'm sure they take great care to prevent that but they aren't a bank with an army of engineers either. Typically your password is going to be encrypted however it's typically not a strong encryption for performance reasons. If someon is abl to obtain tht password they now have am associated username, email address and password. The next stop is your email account to try your password.

Keepaas has profiles for generating different types of passwords, you can even create your own.

The fundamental reason I like Keepass is because it's fully in my control, there is no third party involved. I've been using OneDrive to store the file. I can access it from any computer I want.
Reply With Quote Quick reply to this message

 
Old 03-09-2016, 06:44 PM
 
Location: Sierra Nevada Land, CA
8,674 posts, read 9,444,320 times
Reputation: 13828
Quote:
Originally Posted by WannabeCPA View Post
Currently I have all my passwords written down on a single piece of paper, obviously not ideal were something to happen to that piece of paper.
I would suggest having three pieces of paper. Keep one in your safety deposit box.
Reply With Quote Quick reply to this message
 
Old 03-10-2016, 09:09 AM
 
Location: Cleveland, Ohio
11,815 posts, read 13,954,365 times
Reputation: 8047
Quote:
Originally Posted by thecoalman View Post
You should never use the same password on different sites unless it completely inconsequential.
I disagree there.
The single best rule is to never use your email password anywhere but your email. You can use the same one on all your other sites.
Think about it: if I hack into your banking website and get your password from there. Well I have full on access to your stuff there, but where else? Having that info doesn't tell me all the other sites you go to. So even though your password for ALL your bank sites, might be the same, there's no way me (as the hacker) is going to know what other banking sites you use.
Unless, of course, I am sitting in front of your computer.
But what I MIGHT get from your banking site if you only use one password for email and every other site is your email address. Now if I'm really out to get you I might try the banking password at your email address site. If it's the same? I'm in.

Let's also face facts that for example like when Target was hacked, did anyone get their ID hacked? Not that we heard of. Most of the time when these big sites get hacked, the hackers just do it for the "Look what I did" and the shock value and to show these big corporations how vulnerable they are.
They aren't taking the time to sift through all that and find people to identity hack.
Reply With Quote Quick reply to this message
 
Old 03-10-2016, 10:42 AM
 
40,169 posts, read 41,775,319 times
Reputation: 16740
Quote:
Originally Posted by Peregrine View Post
You can use the same one on all your other sites.
And if someone gets into your Ebay account or other online service that may be storing financial information? Government sites? Do you have root logins for your own server with peoples personal information?

If you are going to be security conscious you want to create layers to insulate yourself. Creating and managing unique complex passwords is very easy to do, why not do it?
Reply With Quote Quick reply to this message
 
Old 03-10-2016, 01:01 PM
 
Location: Cleveland, Ohio
11,815 posts, read 13,954,365 times
Reputation: 8047
Yea I mean there's no reason not to, I suppose.
That's just one rule I've always used. ALWAYS have a unique password for email. Don't use that one on any other site.
I use the same 3 passwords for everything. But my banks and email only I use different passwords.
I retract my last statement.
Reply With Quote Quick reply to this message
 
Old 03-10-2016, 04:03 PM
 
3,269 posts, read 4,894,430 times
Reputation: 1382
Quote:
Originally Posted by thecoalman View Post
Keepass has a plethora of options including custom fields, notes and you can even attach files.
Thank you! I'll definitely check them out. Never heard of them. I hope there's a mobile app.
Reply With Quote Quick reply to this message
 
Old 03-10-2016, 06:11 PM
 
Location: Mayacama Mtns in CA
14,523 posts, read 7,675,445 times
Reputation: 11316
Quote:
Originally Posted by WannabeCPA View Post
Currently I have all my passwords written down on a single piece of paper, obviously not ideal were something to happen to that piece of paper. What I'm looking for is just a place to store my passwords. I don't need anything that autofills them for me when I visit websites. I plan to use this as a backup to what I have written down, so that if my paper gets lost I have the passwords stored someplace else. What I'm worried about is someone hacking into the password storage and having access to all my passwords. That would be a disaster. I've heard about sites like 1password and Keypass but I still don't know what to use. How are your passwords usually stored? On a server where if a hacker gained access he could compromise your passwords? Anyone have any advice? I've been wanting to do this a long time as I know I'm taking a risk having all my passwords on that one piece of paper.
I've used 1Password for several years and am so pleased with it. Go here for information, if you want: https://agilebits.com/onepassword Yes, there are versions of the app for your desk or laptop, also for mobile devices.

It is not free, but it is expertly designed and presented in a manner which can be understood even if one is not a professional computer & software tech. I think it's worth every penny. 1Password is one of the most highly rated password managers.

I encourage you to check it out. They offer a free trial period, which is really a great idea. That way you can see exactly what you're getting. They also have really good customer service.
Reply With Quote Quick reply to this message
 
Old 03-10-2016, 07:25 PM
 
Location: HoCo, MD
4,581 posts, read 8,190,996 times
Reputation: 5113
Quote:
Originally Posted by Peregrine View Post
I disagree there.
The single best rule is to never use your email password anywhere but your email. You can use the same one on all your other sites.
Think about it: if I hack into your banking website and get your password from there. Well I have full on access to your stuff there, but where else? Having that info doesn't tell me all the other sites you go to. So even though your password for ALL your bank sites, might be the same, there's no way me (as the hacker) is going to know what other banking sites you use.
Unless, of course, I am sitting in front of your computer.
But what I MIGHT get from your banking site if you only use one password for email and every other site is your email address. Now if I'm really out to get you I might try the banking password at your email address site. If it's the same? I'm in.

Let's also face facts that for example like when Target was hacked, did anyone get their ID hacked? Not that we heard of. Most of the time when these big sites get hacked, the hackers just do it for the "Look what I did" and the shock value and to show these big corporations how vulnerable they are.
They aren't taking the time to sift through all that and find people to identity hack.
Approx 40 million CC card numbers were taken from the Target hack. As well as around 70 million records including name, address, and email of customers. And there are certainly a number of compromised cards as a result. According to Krebs, 1-3 million were sold and used fraudulently. So yes, no actual theft of ID took place, but it certainly wasn't just a "demonstration". The biggest loss was to the financial institutions that had to reissue these cards (and eat the fraud losses).

As for passwords - it basically comes down to common sense. Basically do a risk assessment and be aware of the loss potential. Personally, my banking passwords are the most 'complex'. My social media passwords are actually more complex than my credit card passwords. My liability with social media - especially professional ones like Linkedin - is actually higher than my credit card. There's not much you can do if you have my credit card password. Yes, you can change my email etc...but that only gets you so far and I'd notice it pretty quickly. But the priority may be completely different for others.

I personally use keepass. But any password manager will do. Having an encrypted database is definitely much better than a piece of paper. Easier to update/maintain, and easier to backup.
Reply With Quote Quick reply to this message
 
Old 03-11-2016, 01:57 AM
 
Location: Honolulu
1,169 posts, read 1,551,841 times
Reputation: 2824
Quote:
Originally Posted by thecoalman View Post
You should never use the same password on different sites unless it completely inconsequential. What happens is for example someone gets into the database on this site, I'm sure they take great care to prevent that but they aren't a bank with an army of engineers either. Typically your password is going to be encrypted however it's typically not a strong encryption for performance reasons. If someon is abl to obtain tht password they now have am associated username, email address and password. The next stop is your email account to try your password.

Keepaas has profiles for generating different types of passwords, you can even create your own.

The fundamental reason I like Keepass is because it's fully in my control, there is no third party involved. I've been using OneDrive to store the file. I can access it from any computer I want.
Actually I use the same password for different sites depending on importance. Ex. I use the same password for CD, Youtube and my local newspaper subscription. I also have a password for my various credit cards, another one for my different banking accounts. To me, to have a different password for each account would be impractical. I also have a unique password for each of my email accounts. I'm going to look at Keepass and 1password as ways to store my passwords. However, I'm wondering what are the chances of Keepass being hacked and then someone having access to all your passwords. I'm thinking not very likely, since the hacker would have to find it on your OneDrive and then bypass the encryption right? Is that how it works? I'm just worried about "Keeping all your eggs in one basket" with a password manager like this.
Reply With Quote Quick reply to this message
 
Old 03-11-2016, 02:01 AM
 
Location: Honolulu
1,169 posts, read 1,551,841 times
Reputation: 2824
Quote:
Originally Posted by Macrina View Post
I've used 1Password for several years and am so pleased with it. Go here for information, if you want: https://agilebits.com/onepassword Yes, there are versions of the app for your desk or laptop, also for mobile devices.

It is not free, but it is expertly designed and presented in a manner which can be understood even if one is not a professional computer & software tech. I think it's worth every penny. 1Password is one of the most highly rated password managers.

I encourage you to check it out. They offer a free trial period, which is really a great idea. That way you can see exactly what you're getting. They also have really good customer service.
Thanks, I'll check it out. I've heard good things about 1Password so it's definitely worth a look. However, do you ever worry that if some expert hacker does manage to get a hold of your passwords, how nightmarish it'll be since you have "all your eggs in one basket"?
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Internet
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 11:51 PM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top