![]() |
Security Recomendations for UserNames, SecurityQuestions, Passwords
Recommendations from the security department of a utility company as a member of the CNI system (Critical National Infrastructure)
UserNames/email addresses: Non personal/individual identifying name whenever possible use business names for a business, not your personal name have a throw away email account on gmail. . . send grocery store emails there throw away is not linked to any financial account. . . Security Questions: use long general descriptive names or type easy to remember wrong answers Where did you meet your spouse? onvacationinabar What was your first pet's name? hotdogLarry (dachsund named Larry) Passwords: Use maximium length, use an easy to remember phrase or sentence Use specialcharacters as spaces or word separators use capitals in the middle/end of the word use a different password for each financial site and never reuse those anywhere else thE!quicK!browN!fOx!jumPed! use a throw away password on non sensitive web sites easy to remember and throw some numbers and 1 special character in never save financial passwords on your cell phone or laptop |
Good advice except for the password. Encouraging an "Easily remembered" is a doorway to less secure passwords. The imp[ortant part is to be as long as possible, second, it should be random.
Security has spiraled down into an abyss of complications for the average user. We need better. Biometrics would help but aren't ubiquitous enough yet. There are very good password managers available for all platforms. Everyone should be using one. Password managers are apps that remember the password for you, so you don't have to. And good PW managers will also give advice on potential issues like you are reusing a password at multiple places (another no-no). Apple has a very good password manager called "Keychain" which meets all those requirements and more. It would pay users to get and learn and try to always use a good password manager. |
Good advice in theory, but very few people will implement it.
I have my passwords listed in an MS Word document that needs a password to open. The document is three pages long. I use it often when I can't remember a password. |
Highly recommend a password manager like Dashlane.
Password Manager App for Home, Mobile, Business | Dashlane |
I use "Incorrect" as a password for everything...
If I ever forget it, the website tells me "Your password is "Incorrect""... ;) |
I use LastPass, but for some sites (that don't really matter) I recommend that people use an old phone number (like maybe their home phone number when they were kids, most people know theirs).
|
Better tip use caps and small letters . Use a non word . Use a password manager . Use Google add a number sequence to a silly word you know like the last 4 digits of an old phone you remember
Add special characters like a dash or asterisk. In between Umbrella_3030 My_old_dogs_name_1700 Hot_wheel_1951 2001*fav+Movie Or use the letters from a ryme . Mary Mary, quite contrary becomes MMqc. . get it? |
:bigbow:
Quote:
|
Quote:
|
I use the web site below as a guide to passwords. You can test what password you are thinking of using and it will give you an approximate time frame to crack the password.
Check this site out: Use a Passphrase |
Quote:
:ohdear: This is the last place I go for news :boxing2: |
I’d recommend getting a password manager like Last Pass. It’s foolish and risky to use the same password for everything! If just one site is hacked, and your username and password are available for hackers, then they will start trying the username and password on many bank and retirement sites! If each site uses a different password, you’ll need a password manager to remember the password, since you can’t remember 200 passwords, even if they are hard to guess, but easy to remember passwords. Writing down usernames and passwords in a book is a bad idea. If the book is lost, you have a problem. If the book is over a thousand miles away, you’ve got a problem.
At my former IT job, before I retired, management was very stupid, and used random characters for passwords. They foolishly believed that random characters were more secure. They are actually much less secure, since people had to write down the passwords that were impossible to remember. The passwords on paper could be discovered by someone else. It’s easy to create a hard to guess, but easy to remember password. For example, V1kingsL0st@gain! I had to make a password that was about 30 characters long for a backup storage system. I used a modified phrase from a famous book. I could tell co-workers that very long password one time. If the password didn’t change, they would still remember it in ten years after being verbally told the password one time, without writing down the password. Using intentional wrong answers for security questions, that can easily be remembered is a smart idea. I’ve done that for years. Two factor logins are also a good idea. The system sends you a text, with a code you have to enter. That system works well if you can copy and paste the code. For many years, my work retirement system account could only be protected with a four digit password. After many years, they financially protected the users of that financial system with longer passwords that allow upper and lower case, numbers, and special characters. |
But I love my 12345678 password.
:cryin2: |
Quote:
|
Also using a VPN (Virtual Private Network) to mask your IP address is a good idea, especially when you are accessing financial information.This is not a cure-all for hacker proof transmissions but it helps. I use IPVANISH but there are others.
|
Good humor. My gripe is that I'm told my logon/username OR password is incorrect. There is no clue as to which one or both.
|
Quote:
then reset password. |
Quote:
A good password manager will automatically fill in your user name and password on most (90%) of the logins you do, and on the others, it will show you what your password is. They are safer, inexpensive, and make life easier. |
You should probably change your password... Worth the watch...
You Should Probably Change Your Password! | Michael McIntyre Netflix Special - YouTube |
I use a password manager called LastPass. It’s awesome. It works on Android, iOS and has plugins/extensions for your browser.
I often use the generate password option. It’s a really handy app. |
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Holy dating yourself.
|
Quote:
|
Quote:
I just checked how long it would take to break a 20-character password that RoboForm generated. I used the "Use a Passphrase" link that was posted on page 1. The results for this password (BZfaUHBr.SJYGikf8393) was: Approximate Crack Time: 31,167,128,343,915,984 centuries. Good enough for me. |
And don't forget
Enable two step authentication for all major accounts, financial and cell phone
I have had friends have their cell phone go off when peeps trying to break in. |
To help me remember passwords, I use lines from songs and use the first letter of each word, throw in special characters, numbers, and random caps. For instance, using a line from Yesterday (Yesterday, all my troubles seemed so far away), I might get: y-Amtss4a. That’s not long enough, but it serves as an example.
I used to work in a Dept. of Energy national lab. They had a project to test the security of all the labs. They sent infected CDs to random people at the labs and some people actually played the programs on them. This allowed them to get into the lab’s network. From there, my understanding is that they cracked passwords by encrypting all possible combinations of valid characters up to a certain length and created a table that they could search for people’s passwords. The more characters used, the longer it takes and the more storage it takes. It takes about 70x the effort/storage to crack passwords for every character more. Because I had a reputation as a power user, they targeted me and cracked my 8-character password. They were hoping I would have programs on my computer they could user to break into more stuff. One day I saw my mouse pointer move without my assistance. I immediately disconnected my network cable and got a message saying the connection to a computer was broken. I later discovered it to be in Illinois. I called my support tech and our IS department went into action. Not knowing it was a test, I felt very guilty and wondered what I had done to get infected. I tried to clean up my computer and spent two weeks at it until they let me in on the secret. Then, they took my computer and destroyed the hard drive. I had to buy a new computer. I later found out that I was the only one in all the national labs to catch them. I was just lucky to see them accidentally bump my mouse when I was using my computer. The fact that so many people put a random CD they got in the mail and ran the program on it did not sit well with DOE. After that, lab started testing us on a regular basis. About one in five people failed the tests. I asked the people who cracked my computer how long of a password I should use. They said they could crack a 14-character password. I figured they were lying, so I changed mine to 16 characters. As this was over a decade ago, I imagine bad people can crack even bigger passwords with modern computers. The moral of this story is to use long, random passwords. I highly recommend a password manager. I use Keeper and like it very much. It runs on all my computers and mobile devices and shares my passwords amongst them. I also strongly recommend you use two-factor authentication for your most important accounts. |
Quote:
including the password manager. And I didn't know the password to the password manager, because I had google auto-fill the password for me. And then there are all those accounts that require you to change your password every 90 days. And then there are the few accounts that are left over from the dinosaur days, that finally catch up with the 21st century and tell you that you have to make a new password that's at least 8 characters long, require a special character, a capital letter, and a numeric digit. So all those "orangebaby" passwords now have to be "0rangeB^by" |
Quote:
Since she has an iPad I talked her into using Apples Keychain and now she is a happy camper. She has to type in passwords on windows, but she can always find them on her iPad or iPhone. |
Quote:
|
I just checked on Keeper, it seems to do everything Google already does. Stores my passwords, checks for breaches and warns me of them, saves anything I want to the cloud and syncs with all my devices. I don't pay anything for it though.
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
When we had our trust revised, we were told to put a list of user names and passwords with the trust in the safe deposit box. Getting that list together has been daunting. |
Quote:
|
All times are GMT -5. The time now is 06:41 AM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
Search Engine Optimisation provided by
DragonByte SEO v2.0.32 (Pro) -
vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.