|
Security Recomendations for UserNames, SecurityQuestions, Passwords
Recommendations from the security department of a utility company as a member of the CNI system (Critical National Infrastructure)
UserNames/email addresses: Non personal/individual identifying name whenever possible use business names for a business, not your personal name have a throw away email account on gmail. . . send grocery store emails there throw away is not linked to any financial account. . . Security Questions: use long general descriptive names or type easy to remember wrong answers Where did you meet your spouse? onvacationinabar What was your first pet's name? hotdogLarry (dachsund named Larry) Passwords: Use maximium length, use an easy to remember phrase or sentence Use specialcharacters as spaces or word separators use capitals in the middle/end of the word use a different password for each financial site and never reuse those anywhere else thE!quicK!browN!fOx!jumPed! use a throw away password on non sensitive web sites easy to remember and throw some numbers and 1 special character in never save financial passwords on your cell phone or laptop |
Good advice except for the password. Encouraging an "Easily remembered" is a doorway to less secure passwords. The imp[ortant part is to be as long as possible, second, it should be random.
Security has spiraled down into an abyss of complications for the average user. We need better. Biometrics would help but aren't ubiquitous enough yet. There are very good password managers available for all platforms. Everyone should be using one. Password managers are apps that remember the password for you, so you don't have to. And good PW managers will also give advice on potential issues like you are reusing a password at multiple places (another no-no). Apple has a very good password manager called "Keychain" which meets all those requirements and more. It would pay users to get and learn and try to always use a good password manager. |
Good advice in theory, but very few people will implement it.
I have my passwords listed in an MS Word document that needs a password to open. The document is three pages long. I use it often when I can't remember a password. |
Highly recommend a password manager like Dashlane.
Password Manager App for Home, Mobile, Business | Dashlane |
I use "Incorrect" as a password for everything...
If I ever forget it, the website tells me "Your password is "Incorrect""... ;) |
I use LastPass, but for some sites (that don't really matter) I recommend that people use an old phone number (like maybe their home phone number when they were kids, most people know theirs).
|
Better tip use caps and small letters . Use a non word . Use a password manager . Use Google add a number sequence to a silly word you know like the last 4 digits of an old phone you remember
Add special characters like a dash or asterisk. In between Umbrella_3030 My_old_dogs_name_1700 Hot_wheel_1951 2001*fav+Movie Or use the letters from a ryme . Mary Mary, quite contrary becomes MMqc. . get it? |
:bigbow:
Quote:
|
Quote:
|
I use the web site below as a guide to passwords. You can test what password you are thinking of using and it will give you an approximate time frame to crack the password.
Check this site out: Use a Passphrase |
Quote:
:ohdear: This is the last place I go for news :boxing2: |
I’d recommend getting a password manager like Last Pass. It’s foolish and risky to use the same password for everything! If just one site is hacked, and your username and password are available for hackers, then they will start trying the username and password on many bank and retirement sites! If each site uses a different password, you’ll need a password manager to remember the password, since you can’t remember 200 passwords, even if they are hard to guess, but easy to remember passwords. Writing down usernames and passwords in a book is a bad idea. If the book is lost, you have a problem. If the book is over a thousand miles away, you’ve got a problem.
At my former IT job, before I retired, management was very stupid, and used random characters for passwords. They foolishly believed that random characters were more secure. They are actually much less secure, since people had to write down the passwords that were impossible to remember. The passwords on paper could be discovered by someone else. It’s easy to create a hard to guess, but easy to remember password. For example, V1kingsL0st@gain! I had to make a password that was about 30 characters long for a backup storage system. I used a modified phrase from a famous book. I could tell co-workers that very long password one time. If the password didn’t change, they would still remember it in ten years after being verbally told the password one time, without writing down the password. Using intentional wrong answers for security questions, that can easily be remembered is a smart idea. I’ve done that for years. Two factor logins are also a good idea. The system sends you a text, with a code you have to enter. That system works well if you can copy and paste the code. For many years, my work retirement system account could only be protected with a four digit password. After many years, they financially protected the users of that financial system with longer passwords that allow upper and lower case, numbers, and special characters. |
But I love my 12345678 password.
:cryin2: |
Quote:
|
Also using a VPN (Virtual Private Network) to mask your IP address is a good idea, especially when you are accessing financial information.This is not a cure-all for hacker proof transmissions but it helps. I use IPVANISH but there are others.
|
| All times are GMT -5. The time now is 12:28 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
Search Engine Optimisation provided by
DragonByte SEO v2.0.32 (Pro) -
vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.