Security Recomendations for UserNames, SecurityQuestions, Passwords

» Site Navigation
Home Page The Villages Maps The Villages Activities The Villages Clubs The Villages Book Healthcare Rentals Real Estate Section Classified Section The Villages Directory Home Improvement Site Guidelines Advertising Info Register Now Video Tutorials Frequently Asked Questions
» Newsletter Signup
» Premium Tower
» Advertisements
» Trending News
» Tower Sponsors




















» Premium Sponsors
» Banner Sponsors
» Advertisements
Reply
Thread Tools
  #1  
Old 06-09-2021, 06:05 AM
CoachKandSportsguy CoachKandSportsguy is offline
Veteran member
Join Date: Jan 2019
Location: Marsh Bend
Posts: 576
Thanks: 297
Thanked 571 Times in 236 Posts
Default Security Recomendations for UserNames, SecurityQuestions, Passwords

Recommendations from the security department of a utility company as a member of the CNI system (Critical National Infrastructure)

UserNames/email addresses:
Non personal/individual identifying name whenever possible
use business names for a business, not your personal name
have a throw away email account on gmail. . . send grocery store emails there
throw away is not linked to any financial account. . .

Security Questions:
use long general descriptive names or type easy to remember wrong answers
Where did you meet your spouse?
onvacationinabar
What was your first pet's name?
hotdogLarry (dachsund named Larry)

Passwords:
Use maximium length, use an easy to remember phrase or sentence
Use specialcharacters as spaces or word separators
use capitals in the middle/end of the word
use a different password for each financial site and never reuse those anywhere else

thE!quicK!browN!fOx!jumPed!

use a throw away password on non sensitive web sites
easy to remember and throw some numbers and 1 special character in

never save financial passwords on your cell phone or laptop
  #2  
Old 06-09-2021, 07:04 AM
GrumpyOldMan's Avatar
GrumpyOldMan GrumpyOldMan is offline
Veteran member
Join Date: Jul 2019
Posts: 740
Thanks: 311
Thanked 810 Times in 222 Posts
Default

Good advice except for the password. Encouraging an "Easily remembered" is a doorway to less secure passwords. The imp[ortant part is to be as long as possible, second, it should be random.

Security has spiraled down into an abyss of complications for the average user. We need better. Biometrics would help but aren't ubiquitous enough yet.

There are very good password managers available for all platforms. Everyone should be using one. Password managers are apps that remember the password for you, so you don't have to. And good PW managers will also give advice on potential issues like you are reusing a password at multiple places (another no-no).

Apple has a very good password manager called "Keychain" which meets all those requirements and more.

It would pay users to get and learn and try to always use a good password manager.
__________________
A misunderstanding takes two. One to not clearly communicate, and one to assume negative intent.
  #3  
Old 06-09-2021, 07:36 AM
retiredguy123 retiredguy123 is offline
Sage
Join Date: Feb 2016
Posts: 6,487
Thanks: 671
Thanked 5,007 Times in 1,825 Posts
Default

Good advice in theory, but very few people will implement it.

I have my passwords listed in an MS Word document that needs a password to open. The document is three pages long. I use it often when I can't remember a password.
  #4  
Old 06-09-2021, 07:42 AM
Robbie0723 Robbie0723 is offline
Veteran member
Join Date: Jun 2019
Posts: 978
Thanks: 644
Thanked 697 Times in 313 Posts
Default

Highly recommend a password manager like Dashlane.

Password Manager App for Home, Mobile, Business | Dashlane
  #5  
Old 06-09-2021, 07:44 AM
JMintzer's Avatar
JMintzer JMintzer is online now
Veteran member
Join Date: Feb 2021
Posts: 630
Thanks: 107
Thanked 817 Times in 378 Posts
Default

I use "Incorrect" as a password for everything...

If I ever forget it, the website tells me "Your password is "Incorrect""...
__________________
Most things I worry about
Never happen anyway...

-Tom Petty
  #6  
Old 06-09-2021, 07:46 AM
JoelJohnson JoelJohnson is offline
Veteran member
Join Date: Jun 2012
Location: Lady Lake, FL
Posts: 623
Thanks: 389
Thanked 181 Times in 87 Posts
Default

I use LastPass, but for some sites (that don't really matter) I recommend that people use an old phone number (like maybe their home phone number when they were kids, most people know theirs).
  #7  
Old 06-10-2021, 04:57 AM
J1ceasar J1ceasar is offline
Veteran member
Join Date: Nov 2018
Posts: 715
Thanks: 39
Thanked 534 Times in 277 Posts
Default

Better tip use caps and small letters . Use a non word . Use a password manager . Use Google add a number sequence to a silly word you know like the last 4 digits of an old phone you remember
Add special characters like a dash or asterisk. In between
Umbrella_3030
My_old_dogs_name_1700
Hot_wheel_1951
2001*fav+Movie

Or use the letters from a ryme . Mary Mary, quite contrary becomes MMqc. . get it?
  #8  
Old 06-10-2021, 05:05 AM
Westie Man Westie Man is offline
Member
Join Date: Dec 2019
Posts: 51
Thanks: 49
Thanked 23 Times in 17 Posts
Smile

Quote:
Originally Posted by JMintzer View Post
I use "Incorrect" as a password for everything...

If I ever forget it, the website tells me "Your password is "Incorrect""...
  #9  
Old 06-10-2021, 05:21 AM
Girlcopper Girlcopper is offline
Veteran member
Join Date: May 2017
Posts: 796
Thanks: 21
Thanked 1,286 Times in 470 Posts
Default

Quote:
Originally Posted by CoachKandSportsguy View Post
Recommendations from the security department of a utility company as a member of the CNI system (Critical National Infrastructure)

UserNames/email addresses:
Non personal/individual identifying name whenever possible
use business names for a business, not your personal name
have a throw away email account on gmail. . . send grocery store emails there
throw away is not linked to any financial account. . .

Security Questions:
use long general descriptive names or type easy to remember wrong answers
Where did you meet your spouse?
onvacationinabar
What was your first pet's name?
hotdogLarry (dachsund named Larry)

Passwords:
Use maximium length, use an easy to remember phrase or sentence
Use specialcharacters as spaces or word separators
use capitals in the middle/end of the word
use a different password for each financial site and never reuse those anywhere else

thE!quicK!browN!fOx!jumPed!

use a throw away password on non sensitive web sites
easy to remember and throw some numbers and 1 special character in

never save financial passwords on your cell phone or laptop
Old news. Yawn
  #10  
Old 06-10-2021, 05:28 AM
B-flat B-flat is offline
Veteran member
Join Date: Feb 2018
Posts: 566
Thanks: 245
Thanked 265 Times in 93 Posts
Default

I use the web site below as a guide to passwords. You can test what password you are thinking of using and it will give you an approximate time frame to crack the password.
Check this site out:
Use a Passphrase
  #11  
Old 06-10-2021, 05:33 AM
CoachKandSportsguy CoachKandSportsguy is offline
Veteran member
Join Date: Jan 2019
Location: Marsh Bend
Posts: 576
Thanks: 297
Thanked 571 Times in 236 Posts
Default

Quote:
Originally Posted by Girlcopper View Post
Old news. Yawn
And you get your news from TOTV?



This is the last place I go for news

  #12  
Old 06-10-2021, 06:35 AM
davephan davephan is offline
Senior Member
Join Date: Dec 2019
Location: Florida Suncoast
Posts: 159
Thanks: 0
Thanked 79 Times in 53 Posts
Default

I’d recommend getting a password manager like Last Pass. It’s foolish and risky to use the same password for everything! If just one site is hacked, and your username and password are available for hackers, then they will start trying the username and password on many bank and retirement sites! If each site uses a different password, you’ll need a password manager to remember the password, since you can’t remember 200 passwords, even if they are hard to guess, but easy to remember passwords. Writing down usernames and passwords in a book is a bad idea. If the book is lost, you have a problem. If the book is over a thousand miles away, you’ve got a problem.

At my former IT job, before I retired, management was very stupid, and used random characters for passwords. They foolishly believed that random characters were more secure. They are actually much less secure, since people had to write down the passwords that were impossible to remember. The passwords on paper could be discovered by someone else.

It’s easy to create a hard to guess, but easy to remember password. For example, V1kingsL0st@gain!
I had to make a password that was about 30 characters long for a backup storage system. I used a modified phrase from a famous book. I could tell co-workers that very long password one time. If the password didn’t change, they would still remember it in ten years after being verbally told the password one time, without writing down the password.

Using intentional wrong answers for security questions, that can easily be remembered is a smart idea. I’ve done that for years.

Two factor logins are also a good idea. The system sends you a text, with a code you have to enter. That system works well if you can copy and paste the code.

For many years, my work retirement system account could only be protected with a four digit password. After many years, they financially protected the users of that financial system with longer passwords that allow upper and lower case, numbers, and special characters.
  #13  
Old 06-10-2021, 06:37 AM
dewilson58's Avatar
dewilson58 dewilson58 is offline
Sage
Join Date: May 2013
Location: South of 466a, if you don't like me.......I live in Orlando.
Posts: 7,762
Thanks: 493
Thanked 4,775 Times in 1,820 Posts
Default

But I love my 12345678 password.


__________________
Mr. Helpful
  #14  
Old 06-10-2021, 06:43 AM
oldtimes oldtimes is offline
Senior Member
Join Date: Nov 2018
Posts: 389
Thanks: 61
Thanked 582 Times in 195 Posts
Default

Quote:
Originally Posted by CoachKandSportsguy View Post
Recommendations from the security department of a utility company as a member of the CNI system (Critical National Infrastructure)

UserNames/email addresses:
Non personal/individual identifying name whenever possible
use business names for a business, not your personal name
have a throw away email account on gmail. . . send grocery store emails there
throw away is not linked to any financial account. . .

Security Questions:
use long general descriptive names or type easy to remember wrong answers
Where did you meet your spouse?
onvacationinabar
What was your first pet's name?
hotdogLarry (dachsund named Larry)

Passwords:
Use maximium length, use an easy to remember phrase or sentence
Use specialcharacters as spaces or word separators
use capitals in the middle/end of the word
use a different password for each financial site and never reuse those anywhere else

thE!quicK!browN!fOx!jumPed!

use a throw away password on non sensitive web sites
easy to remember and throw some numbers and 1 special character in

never save financial passwords on your cell phone or laptop
You are talking to people who use their real names, give out their addresses, emails, phone numbers and discuss their personal information on a public forum. I am surprised the mods aren't more concerned about that.
  #15  
Old 06-10-2021, 06:46 AM
ronharvey2 ronharvey2 is offline
Junior Member
Join Date: Sep 2017
Posts: 7
Thanks: 0
Thanked 11 Times in 3 Posts
Default

Also using a VPN (Virtual Private Network) to mask your IP address is a good idea, especially when you are accessing financial information.This is not a cure-all for hacker proof transmissions but it helps. I use IPVANISH but there are others.
Reply

Tags
throw, remember, easy, financial, security

Thread Tools

You are viewing a new design of the TOTV site. Click here to revert to the old version.

All times are GMT -5. The time now is 03:33 PM.