U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Internet
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 03-22-2016, 11:10 AM
 
Location: League City
3,490 posts, read 6,757,061 times
Reputation: 4192

Advertisements

Quote:
Originally Posted by Tek_Freek View Post
Looked up TrueCrypt. Found this:

TrueCrypt

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

Yikes?
The people who can bust truecrypt are not likely to be stealing computers or usb drives of people like you or me unless we are committing federal crimes. It is still good.
Reply With Quote Quick reply to this message

 
Old 03-23-2016, 08:50 AM
 
Location: Cleveland, Ohio
11,853 posts, read 13,978,818 times
Reputation: 8083
TOtally agree TrueCrypt is more then good enough for 90% of end users.

There's always VeraCrypt if you want something that's still maintained. (Based on True).
Reply With Quote Quick reply to this message
 
Old 03-23-2016, 09:03 AM
 
1,111 posts, read 599,260 times
Reputation: 1005
TrueCrypt and VeraCrypt have the same vulnerabilities.... which aren't anything the average user should be concerned about. Even for this one vulnerability, there's best practices to eliminate it.
Reply With Quote Quick reply to this message
 
Old 03-23-2016, 09:22 AM
 
Location: Massachusetts
9,968 posts, read 10,985,271 times
Reputation: 13923
I just memorize mine.


My passwords are usually just a seemingly random jumbled mess of letters and numbers. They do mean something to me however, which is how I'm able to remember them. However even my significant other would never be able to figure it out.


Wz4fgR4ws2Q!$ for example.




I have three of them depending on which sites I'm on. Banking and personal stuff gets one. Forums gets another. Generic websites I won't ever visit more than once gets a 3rd.


My work passwords are a 4th and 5th set of random garbled numbers. They make me change it every 90 days so One particular digit gets rotated.
Reply With Quote Quick reply to this message
 
Old 03-23-2016, 01:58 PM
 
28,648 posts, read 40,627,244 times
Reputation: 37346
Quote:
Originally Posted by BostonMike7 View Post
I just memorize mine.


My passwords are usually just a seemingly random jumbled mess of letters and numbers. They do mean something to me however, which is how I'm able to remember them. However even my significant other would never be able to figure it out.


Wz4fgR4ws2Q!$ for example.




I have three of them depending on which sites I'm on. Banking and personal stuff gets one. Forums gets another. Generic websites I won't ever visit more than once gets a 3rd.


My work passwords are a 4th and 5th set of random garbled numbers. They make me change it every 90 days so One particular digit gets rotated.
You're lucky your workplace IT department is lazy. Many places I've worked would not allow that.
Reply With Quote Quick reply to this message
 
Old 03-23-2016, 04:57 PM
 
Location: Mableton, GA USA (NW Atlanta suburb, 4 miles OTP)
11,319 posts, read 22,745,181 times
Reputation: 3896
Quote:
Originally Posted by Tek_Freek View Post
You're lucky your workplace IT department is lazy. Many places I've worked would not allow that.
At my workplace, it varies by system. Sometimes a system will allow that sort of thing, but most will not allow a password which is substantially similar to a previous password. Or the past 40 previous passwords, etc.

My password manager (in my case KeePass) is my savior. :-)
Reply With Quote Quick reply to this message
 
Old 03-23-2016, 09:57 PM
 
28,648 posts, read 40,627,244 times
Reputation: 37346
That's what I remember.
Reply With Quote Quick reply to this message
 
Old 03-24-2016, 08:59 AM
 
Location: Cleveland, Ohio
11,853 posts, read 13,978,818 times
Reputation: 8083
I don't make my end users ever change their passwords. If you really break it down, it really is kind of senseless. I make my end users make VERY complicated passwords, but they never have to change them unless our systems gets compromised (and it hasn't in 9 years).

Even my man Bruce mostly agrees with me.

https://www.schneier.com/blog/archiv...ng_passwo.html

As he points out the rationale behind the 90-expiration is that it would limit the amount of time someone could use that info to hack you.
- If someone hacks into your corporate network with stolen creds, they are going to install malware or some other such junk on your network and will no longer need access to your creds.
- If someone hacks into your bank account, they are going to steal your money. You will know right away you have been compromised.

All 90 day expiry's do is annoy end users.
Reply With Quote Quick reply to this message
 
Old 03-24-2016, 10:22 AM
 
1,294 posts, read 630,977 times
Reputation: 587
Quote:
Originally Posted by Peregrine View Post
I don't make my end users ever change their passwords. If you really break it down, it really is kind of senseless. I make my end users make VERY complicated passwords, but they never have to change them unless our systems gets compromised (and it hasn't in 9 years).

Even my man Bruce mostly agrees with me.

https://www.schneier.com/blog/archiv...ng_passwo.html

As he points out the rationale behind the 90-expiration is that it would limit the amount of time someone could use that info to hack you.
- If someone hacks into your corporate network with stolen creds, they are going to install malware or some other such junk on your network and will no longer need access to your creds.
- If someone hacks into your bank account, they are going to steal your money. You will know right away you have been compromised.

All 90 day expiry's do is annoy end users.
What if someone hacked in, stole the credentials and then decided to sell them? They could potentially be on the market for quite some time.
Reply With Quote Quick reply to this message
 
Old 03-24-2016, 02:32 PM
 
Location: Mableton, GA USA (NW Atlanta suburb, 4 miles OTP)
11,319 posts, read 22,745,181 times
Reputation: 3896
Quote:
Originally Posted by Skyl3r View Post
What if someone hacked in, stole the credentials and then decided to sell them? They could potentially be on the market for quite some time.
Change them every 6 months, maybe. I used to have over 100 passwords at work between the mainframe systems, Solaris and Linux servers, and various web applications. Thankfully, some of them were synched in terms of password change schedules, so I could draw up a table and change a series of servers to a related pattern in one shot. Not the same PW, but one I could logically derive.
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Internet
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 01:21 PM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top