Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
Yikes?
The people who can bust truecrypt are not likely to be stealing computers or usb drives of people like you or me unless we are committing federal crimes. It is still good.
TrueCrypt and VeraCrypt have the same vulnerabilities.... which aren't anything the average user should be concerned about. Even for this one vulnerability, there's best practices to eliminate it.
My passwords are usually just a seemingly random jumbled mess of letters and numbers. They do mean something to me however, which is how I'm able to remember them. However even my significant other would never be able to figure it out.
Wz4fgR4ws2Q!$ for example.
I have three of them depending on which sites I'm on. Banking and personal stuff gets one. Forums gets another. Generic websites I won't ever visit more than once gets a 3rd.
My work passwords are a 4th and 5th set of random garbled numbers. They make me change it every 90 days so One particular digit gets rotated.
My passwords are usually just a seemingly random jumbled mess of letters and numbers. They do mean something to me however, which is how I'm able to remember them. However even my significant other would never be able to figure it out.
Wz4fgR4ws2Q!$ for example.
I have three of them depending on which sites I'm on. Banking and personal stuff gets one. Forums gets another. Generic websites I won't ever visit more than once gets a 3rd.
My work passwords are a 4th and 5th set of random garbled numbers. They make me change it every 90 days so One particular digit gets rotated.
You're lucky your workplace IT department is lazy. Many places I've worked would not allow that.
Location: Mableton, GA USA (NW Atlanta suburb, 4 miles OTP)
11,334 posts, read 26,083,811 times
Reputation: 3995
Quote:
Originally Posted by Tek_Freek
You're lucky your workplace IT department is lazy. Many places I've worked would not allow that.
At my workplace, it varies by system. Sometimes a system will allow that sort of thing, but most will not allow a password which is substantially similar to a previous password. Or the past 40 previous passwords, etc.
My password manager (in my case KeePass) is my savior. :-)
I don't make my end users ever change their passwords. If you really break it down, it really is kind of senseless. I make my end users make VERY complicated passwords, but they never have to change them unless our systems gets compromised (and it hasn't in 9 years).
As he points out the rationale behind the 90-expiration is that it would limit the amount of time someone could use that info to hack you.
- If someone hacks into your corporate network with stolen creds, they are going to install malware or some other such junk on your network and will no longer need access to your creds.
- If someone hacks into your bank account, they are going to steal your money. You will know right away you have been compromised.
I don't make my end users ever change their passwords. If you really break it down, it really is kind of senseless. I make my end users make VERY complicated passwords, but they never have to change them unless our systems gets compromised (and it hasn't in 9 years).
As he points out the rationale behind the 90-expiration is that it would limit the amount of time someone could use that info to hack you.
- If someone hacks into your corporate network with stolen creds, they are going to install malware or some other such junk on your network and will no longer need access to your creds.
- If someone hacks into your bank account, they are going to steal your money. You will know right away you have been compromised.
All 90 day expiry's do is annoy end users.
What if someone hacked in, stole the credentials and then decided to sell them? They could potentially be on the market for quite some time.
Location: Mableton, GA USA (NW Atlanta suburb, 4 miles OTP)
11,334 posts, read 26,083,811 times
Reputation: 3995
Quote:
Originally Posted by Skyl3r
What if someone hacked in, stole the credentials and then decided to sell them? They could potentially be on the market for quite some time.
Change them every 6 months, maybe. I used to have over 100 passwords at work between the mainframe systems, Solaris and Linux servers, and various web applications. Thankfully, some of them were synched in terms of password change schedules, so I could draw up a table and change a series of servers to a related pattern in one shot. Not the same PW, but one I could logically derive.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
