Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User mikerner
(newbie) Thu 17-Nov-16 10:37:35
Print Post

Password Strategies


[link to this post]
 
Hi everyone, I've been thinking lately about paying more attention to password security and thought it would be cool to start a thread for people to share tips and ideas on how to protect your data. Do you use a password manager? Choose passwords manually? How do you remember them? In short, what's your strategy, even if it's not perfect!

As for me, I have a couple of strong passwords committed to memory, and tend to use slight variations of them for each site I register on. Could definitely do with using stronger variations though... any tips for memorising?
Standard User gomezz
(eat-sleep-adslguide) Thu 17-Nov-16 11:06:43
Print Post

Re: Password Strategies


[re: mikerner] [link to this post]
 
One of my key password strategies is to never disclose details of my password strategies. And even now I may have said too much! blush

BT Infinity 1 (unlimited)
Standard User baby_frogmella
(fountain of knowledge) Thu 17-Nov-16 11:15:20
Print Post

Re: Password Strategies


[re: mikerner] [link to this post]
 
Using KeePass and it works well.

http://keepass.info/

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
TalkTalk Business 80/20
Asus RT-AC5300 with 380.63_HGG-FINAL
My Broadband Quality Monitor
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


Register (or login) on our website and you will not see this ad.

Standard User ian72
(eat-sleep-adslguide) Thu 17-Nov-16 11:49:21
Print Post

Re: Password Strategies


[re: mikerner] [link to this post]
 
I use a product called msecure - works on my phone, ipad and a PC version is available and can be synced up as well.

I have unique passwords for most sites (some less important sites do share a common password). I also, for most sites, have unique user names. I own a domain and where sites use email as the username I have something unique at that domain (for example boots@sampledomain.co.uk). That way it has increased security as anyone getting hold of an unencrytped list of usernames and passwords from one site would not have the correct item for either on any other site.

As far as the passwords go I use the random password generator on msecure to create the password. When generating the passwords I usually don't use special characters except where it is something really sensitive.

I remember probably about 3 of the passwords off by heart but most sites I just check on the app to get the ID and password.
Standard User kebabselector
(member) Thu 17-Nov-16 11:59:09
Print Post

Re: Password Strategies


[re: mikerner] [link to this post]
 
I tend to keep the same password, but use a few different emails.

Some sites have unique addresses, like amazon, paypal etc but I tend to group thing like forums under it's own unique email address. If I start to get spammed on an particular address then I can either identify a source or at least narrow it down to a smaller group.

So I can remember I do keep a list of sites and emails with the password (in a secure format I know) on a note on icloud.

Current on Zen, getting around 5mb down - .8mb up
Exchange is Fibre enabled, Cab not economically viable to upgrade - though 'Now Exploring Solutions aka we want someone else to pay for it.'
Stechford (CMSTE) Cab 50 - small cabinet of fail
Standard User mixt
(fountain of knowledge) Thu 17-Nov-16 12:34:01
Print Post

Re: Password Strategies


[re: mikerner] [link to this post]
 
- I have a different password for each site/service online.
- I aim for a minimum of 20 random characters, spanning 0-9, A-Z, a-z and 2 specials. On some sites, I have upped this to 40 characters.
- I enable 2 factor-auth where possible.
- None of these passwords are stored anywhere, in any password storage system, password manager, on disk, or on paper.
- At no point are any of the sites where these passwords are used stored in any password storage system, password manager, on disk or on paper.

My process does involve knowledge of a master password, which again, I haven't stored anywhere, on disk or on paper. In theory, if you found out what this was, you could potentially find out the other passwords but you would still need to know what sites/services I have accounts with, and as I've just said above, I don't store that information in a readily accessible form (the process is actually all linked together using sha512 hashing (a one way process), not encryption (a reversible process)). In fact, even I can't get this information back.

FYI, my PayPal account got hacked several years ago now. That was an 8 character lower case only, random password, which I was using on other sites. That incident gave me a wake-up call so I devised my own system to generate random but recoverable passwords of any length (up to 80 characters max) for each site/service as required.

Computerphile have done some good videos discussing choosing and cracking passwords:

https://www.youtube.com/watch?v=3NjQ9b3pgIg
https://www.youtube.com/watch?v=7U-RbOKanYs

and it demonstrates that even replacing letters with numbers, and any other variants of this, are all now pitfalls for choosing a secure password. Only lengthy passwords with high-entropy are secure, and only if hashed using a secure hashing algorithm. Which reminds me - if you signup somewhere and they email your password back to you, at any point, well... enough said. smile

IDNet Fibre Unlimited 55/10 with Native IPv6
Automated Hourly HTTP×6 TBB Speed Tests (3×IPv4+3×IPv6)
Previous ISPs » Zen (40/10 FTTC) | aaisp.net (40/10 FTTC) | Virgin Media (50Mb Cable) | Be* Un Limited (ADSL2+) | Zen (ADSL)
Download Maximiser | BIND GeoDNS | Are you being bløcked?
Standard User Andrue
(eat-sleep-adslguide) Thu 17-Nov-16 16:27:38
Print Post

Re: Password Strategies


[re: mikerner] [link to this post]
 
I have four basic passwords. Most are just alphanumeric with mixed case but based on meaningless phrases . I typically add a digit and/or character if a site demands it. I grade the passwords according to importance and they get shared across sites according to the sensitivity of the information I'm submitting.

The kind of thing I might use for a password is 'DrovEDoGShuttR'. It's susprising how easy I find it to remember something like that smile

One wrinkle is that I always use a unique email address for all my contacts. So knowing my password may not be enough to gain access.

---
Andrue Cope
Brackley, UK

Edited by Andrue (Thu 17-Nov-16 16:29:33)

Standard User Lethe
(fountain of knowledge) Thu 17-Nov-16 17:22:29
Print Post

Re: Password Strategies


[re: mikerner] [link to this post]
 
I thing I do when needed is the security questions sometimes required when setting up an account - examples:

Q. Your Mothers maiden name?
A. fish n chips

Q. Name of your first pet?
A. wooden spoon

Q. Name of your last school?
A. Mr. Spock

etc. etc.

Nick
Standard User mikerner
(newbie) Fri 18-Nov-16 14:35:39
Print Post

Re: Password Strategies


[re: Lethe] [link to this post]
 
Really great suggestions guys! It's interesting to see how varied everyone's approaches are, I'll certainly be taking a few leaves out of your books, so to speak. I've been doing a little digging for more advice and came across a guide to choosing a strong password: https://www.1and1.co.uk/digitalguide/server/security...

I thought the "Using your own password system" section was particularly interesting. Basically the idea is to devise and memorise one strong master password and then add extentions to it for each site you sign up to. So if your master key is "G5w.&$;(9b.B", you could go for "4G5w.&$;(9bE.Ba", or something similar. So it's sort of like a manual version of a password manager, just made easier for you to commit each password to memory.
Standard User micksharpe
(legend) Fri 18-Nov-16 15:29:36
Print Post

Re: Password Strategies


[re: mikerner] [link to this post]
 
Long and strong master pass-phrases. KeePass-generated 16-character password for every online account.
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to