The man responsible for most of your password headaches was wrong, and he's sorry (passwords, wi-fi)

[jacqueg]

The man responsible for most of your password headaches was wrong, and he's sorry

One less thing to obsess about...

[thecoalman]

The thing to note here is they are suggesting long passwords that are easier to remember, emphasis on long. Both length and complexity increase security. Also keep in mind if you are using passwords that are familiar to yourself they are also familiar to people who know you, undoubtedly when the X gets into your email account it's because they guessed the password.

While on the topic it's important to use different passwords for important sites like banks. For that reason alone you might as well use a password manager like Keepass and utilize complex passwords.

Using a common password on sites like this one and other forums for example is not much of risk unless you have personal data in PM's for example. Where the risk lies is that this site is not a bank and does not have an army on software engineers securing that data.

• If the user table in database is obtained one would have a list of associated usernames, emails and encrypted passwords. They will brute force the passwords starting with dictionary attack.
• If they are able to alter files on the server they could literally script it to send them whatever info they want about the login.
• This site does not use HTTPS, your login could be compromised if it's intercepted by third party. Someone that has control of public Wi-Fi router for example.

If they obtain the password it's off to your email account to try the password there, perhaps Ebay, Paypal, your bank or whatever. Any site you use like that should have a unique and strong password.


If you do not want to go through the trouble of managing passwords, come up with a formula for creating them. For example suppose an easy to remember number for you is 4196:


4c1i9t6y1


The letters mixed in are the the first four letters of the domain city-data.com... This is simple example and should be a longer.

[MikeJaquish]

At sites I think I will not access routinely, I just enter nonsense...
P)(*RKNV_)WF-3fj3-vj39=

And use the password reset when I go back...

[sholomar]

I never bought the BS about changing passwords every 3 months. I come up with secure ones and never change them. Its annoying that large corporations go by that 3 month policy.

[Cloudy Dayz]

Quote:

Originally Posted by stockwiz

I never bought the BS about changing passwords every 3 months. I come up with secure ones and never change them. Its annoying that large corporations go by that 3 month policy.

I especially hate those emails that force you to change your password. "We have noticed a security issue with your account. Log in now and change your password." 50% of the time the email is a scammer fishing for my password. So I have to examine it carefully and determine if the email is legitimate or not. I'm sure those type of emails create more security issues then they solve.

[NHDave]

Quote:

Originally Posted by stockwiz

I never bought the BS about changing passwords every 3 months. I come up with secure ones and never change them. Its annoying that large corporations go by that 3 month policy.

Unique, secure passwords for each site are more effective than changing reused passwords every 3 months

[VeeGer]

Quote:

Originally Posted by Cloudy Dayz

I especially hate those emails that force you to change your password. "We have noticed a security issue with your account. Log in now and change your password." 50% of the time the email is a scammer fishing for my password. So I have to examine it carefully and determine if the email is legitimate or not. I'm sure those type of emails create more security issues then they solve.

Never let Emails tell you what to do and do not follow the links in them, ever. Go to that site where it's supposed to come from and deal with them there.