Update your passwords lately?

mario_c · Dec 15, 2010

This didn't seem appropriate to FAQ or the Newbie section, and besides this is obviously not just about AW even though it is. You probably know about the Gawker hack, and if you haven't searched it you should. Here's another fun story about what happens to bad little boys and girls who don't update their Twitter / chat passwords :ROFL:

So that's turned into my project this afternoon. Over an hour! But until the thumbprint login thing becomes available at Best Buy / Apple store for less than $70, well...

kuwisdelu · Dec 15, 2010

mario_c said:
But until the thumbprint login thing becomes available at Best Buy / Apple store for less than $70, well...

As far as I know, that only works for the OS, not Twitter.

Tirjasdyn · Dec 15, 2010

Actually you can use a thumbprint scanner for any web site. However all it does is insert the password for you because you have to have a password as a backup. That all it does for logging into your computer as well.

This drove me nuts a few days ago but I don't know if was gawker or what..couldn't find my details on the list and the accounts that were hacked all had different passwords nondic, numbers and special characters so who knows what they all got into. Annoying.

Paperback Writer · Dec 15, 2010

This is actually next on my things to do. Any recommendations?

benbradley · Dec 15, 2010

There are people who use the same "my password" for their ISP account login, their Yahoo mail, their Gmail, their Forum A password, their Forum B password, their Forum W password, twitter, their Forum AW password (ahem), Gawker, Facebook, NaNoWriMo, PayPal, ...

Crackers and cybercriminals know this, and the first thing they do when they get any such username/password combination is try it at every online site they have a list of, starting with banks and brokerage sites.

One rule of passwords: Use a different password for each site. As much as possible, anyway. There are sites that pretty much require the same password, such as blogspot seeing the gmail cookie and prompting for your gmail password.

Deleted member 42 · Dec 15, 2010

Don't Use The Same Password For Any Thing.

Ever

If you MUST have a base password, at least have several with small differences added to each base.

Better -- keep a list in hard copy off line in a safe place.

Not taped to your desk, keyboard or the side of your monitor.

Change all your passwords at least once a year.

Don't use any password that is less than 8 characters.

Use letters, numbers, and punctuation.

Did I mention use punctuation?

Using a random punctuation mark in the middle of your password is diabolically clever.

Not the first character, or the last, but somewhere(s) else.

Don't use any name, phrase, or word that is sensible in any language.

Ever.

If you use a name from Star Wars, Star Trek, LOTR, or the word password or the digits 1234 in sequence or the letters fdsajkl; you go straight to password Hell and deservedly so.

kuwisdelu · Dec 15, 2010

Medievalist said:
or the digits 1234 in sequence

But 12345 is okay, right?

Deleted member 42 · Dec 15, 2010

kuwisdelu said:
But 12345 is okay, right?

Kuwi

Don't you think your avatar needs a little decoration?

Maybe some sparkles?

benbradley · Dec 15, 2010

Yeah. Having 12345 as part of your password IS okay, if your email is [email protected].

maestrowork · Dec 16, 2010

Everyone knows everyone's password is <pet'sname>1 - mine is Schwarzenegger1

mario_c · Dec 16, 2010

Hee. I have to change passwords for the illiterates who use the dayjob company's websites to a really stupid temp password and then beg, plead, cajole and harass them into changing it into something unique. And of course they all whine that the password changing form won't let them just type 111111 or their bank pin number and be done with it.
Well, we all have our quirks - I have three or four passwords that I rotate around on a regular basis, but how the hell do you keep track over 30 or 40 websites? You can't write them down. I dread having to keep a cheat sheet on my cellphone, with hints on which one has the third number spelled out and which ones end with the period and all that shit, but that is how things gotta be.

Lhun · Dec 26, 2010

mario_c said:
Well, we all have our quirks - I have three or four passwords that I rotate around on a regular basis, but how the hell do you keep track over 30 or 40 websites? You can't write them down.

Personally, i just use the same simple short extremely unsafe password for stuff that doesn't matter. Like forum logins, or email accounts i use exclusively to sign up for forums. Cuts way down on the number of real passwords i have to remember.
One can also use a password hasher.

RJK · Jan 4, 2011

A good way to create a password is to select a letter on the keyboard and surround it once holding the shift key down, and once without. Say you select the letter "i". Your password would be U*(OKJu89okj All you need to remember is the letter "i". Your password contains Upper and lower case letters, numbers and symbols. If you surrounded the "r" your password would be E$%TFDe45tfd.

BTW, I learned this from my 7-year-old grandson (who learned it from his father).

Maryn · Jan 4, 2011

Wow, I like that one, RJK.

I use the same password for all the stuff that doesn't matter in a Big Picture way--log-ins at various forums, member sites, and such. It's something my family knows or could guess, but not my closest friends. For sites where money or credit card information changes hands, I have a handful of other passwords I rotate--but I do find it hard sometimes to remember which goes with what site.

Maryn, who hates that this is necessary

AlexPiper · Jan 4, 2011

I actually used to use a shorthand text for passwords, where everything was in the form of some specific date. For instance, if you got your drivers license in 1998 and your first car was a Mercury Sable, you might use:

dL98.mS

And then your password hint could be 'Independence!' (i.e., when you got your driver's license and car). This makes a meaningful mnemonic for each password, which is thus harder to forget. Unfortunately, after a certain point (say, 20-30 sites), remembering each password becomes horrible; even mnemonics aren't enough at that point.

So nowadays I use 1Password and let it generate secure gibberish passwords for me. Each password is stored in an encrypted keychain, which I can access (with a single 'master password') from Safari. The encrypted keychain is stored on Dropbox, so I can access it from any of my Macs, my PC, or the iPhone or iPad. Thus, updating a password on any of my machines updates it on everything, since I allow 1Password to handle all my logins for me.

cryaegm · Feb 3, 2011

mario_c said:
You can't write them down.

I write them down in a notebook that only my eyes see.

Then when I change, I rip out the paper and burn it.

alleycat · Feb 3, 2011

cryaegm said:
I write them down in a notebook that only my eyes see.

Then when I change, I rip out the paper and burn it.

There is a way to do this and make it completely safe, even if you lose the notebook. Let me know if you'd like me to explain.

cryaegm · Feb 3, 2011

alleycat said:
There is a way to do this and make it completely safe, even if you lose the notebook. Let me know if you'd like me to explain.

If you like, you can. I just write it down because no matter what, a computer isn't always safe.

You can protect it, but it doesn't guarantee that nothing will get through.

If I lose it, I change all my passwords again.

alleycat · Feb 3, 2011

Sounds like you're happy with your system as is.

cryaegm · Feb 3, 2011

Well I'm always looking for new ways to have passwords stored because it is a hassle to change passwords, and if I don't have paper, then I'm pretty much SOL. I have it written in the middle of my notebook that has my writings in it, so it's pretty much "*Story story story RANDOM PAGE OF PASSWORDS story story story*" so anything different would be great.

I just know not to always trust and rely on a computer because something can happen. I don't want my passwords all on a computer that could be taken advantage of by careless me and have it all out in the open, you know?

maestrowork · Feb 3, 2011

I yearn for the day when everything is done by retina or fingerprint scans. LOL. Sure, they can still cut off your fingers or eyes, but what are the chances of that? * looks sheepishly around him * But the inherent problems with passwords (hard to remember, easy to guess, easy to capture, etc.) make it an antiquated technology.

alleycat · Feb 3, 2011

Here's a fairly simple way to keep a list of your passwords and still keep them safe.

First, think of some simple things that you would always remember, some of them words, some numbers. DON'T use obvious things like your own phone number, birthday, SSN, address, or things like that.

A simple example:
Your first dog was named Rover
Your best friend's birthday is 4-7-82
Your first little boyfriend was named Jimmy
Your favorite writer is Rawlings
Your number was 13 when you played volleyball in HS
You scored 2146 on the SAT (hey, you're a bright girl! ;-)
Your grandfather's name was Pete

You can make little mnemonics or memory joggers out of them: Dog1, BFF BD, BF1, Author, Jersey No., SAT, Grandpa.

Now you can put these together in all sorts of ways, and then write them down:
Absolute Write, Password: Grandpa+SAT
Absolute Wrong, Password: Dog1+Jersey No.
Bank, Password: BF1+Jersey No.+SAT
Amazon, Password: Dog1+BFF BD+Grandpa
You can make dozens of combinations.

You will know what these mnemonics mean, but no one else will. For the most secure passwords, you can think of things ONLY YOU would know. You want to make so that even if you lost your list, and your best friend found it and even knew the system, they still wouldn't be able to break the code very easily. This way you can even make multiple lists of your passwords; maybe keep one with you, hide the other in your desk.

cryaegm · Feb 3, 2011

maestrowork said:
I yearn for the day when everything is done by retina or fingerprint scans. LOL. Sure, they can still cut off your fingers or eyes, but what are the chances of that? * looks sheepishly around him * But the inherent problems with passwords (hard to remember, easy to guess, easy to capture, etc.) make it an antiquated technology.

Or maybe lift your finger prints off of something you touched, maybe.

And the finger thing: they only need to cut off the top part of your finger.

You can have the rest of it since it's not important to them.

alleycat · Feb 3, 2011

Sorry about the formatting of the post above. I'm running major backups at the moment (they didn't finish overnight). I need to log off of Firefox and AW and log back in, but the computer is running so slow at the moment I didn't want to take the time. I'll clean up the post later.

cryaegm · Feb 3, 2011

It's okay, it happens. My posts will have missing words or the words will have missing letters, but that's because I don't catch it since my keyboard keys don't want to work anymore (like the space bar....good thing I'm getting that new laptop soon. Poor Toshiba; I still love the thing).

Update your passwords lately?

Your thoughts are not real...

Revolutionize the World

Outline Maven

Learning the craft

It's a doggy dog world

Deleted member 42

Revolutionize the World

Deleted member 42

It's a doggy dog world

Fear the Death Ray

Your thoughts are not real...

New kid, be gentle!

Sheriff Bullwinkle the Poet says:

I Tried

Wayward Wordsmith

Snakecakes

Still around

Snakecakes

Still around

Snakecakes

Fear the Death Ray

Still around

Snakecakes

Still around

Snakecakes