MSE News: Customers can't keep track of passwords

Gromitt

thepearce wrote: »

http://xkcd.com/936/

Thats fine for one password, now multiply it by 20 and see if you still remember each combination.

random324

Some people have known this is a difficult problem for a while, especially as you need to use many passwords for different things with no obvious pattern, otherwise once you lose one (and this happens. It is always interesting when it does to see how people choose their passwords) you lose them all. This is why many recommend one password for the unimportant stuff and and one strong master password for the virtual safe they keep all the others in.

I smiled at the xkcd reference, good choice I would also mention a gentleman by the name of Bruce Schneier. A man who could be described as respected in computer security circles and if the wits on the internet are to be believed:

Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.

Hiccups_2

fozmcfc wrote: »

They say passwords should never be written down, but I don't think that it is that easy with the numerous passwords we need to use nowadays.

This was a "myth" question on QI (Stephen Fry programme on the BBC). Apparently, writing down passwords and keeping them, say, in a locked drawer at home, is actually more secure than storing them on or via a computer, because a dishonest person would only get their hands on it if they were burgling your house. However, a burglar is very unlikely to be interested in stealing your identity and more focussed on stealing your valuable possessions.

On the other hand storing your passwords on your computer or online (encrypted or otherwise) is more likely to be targeted by cyber criminals because this is precisely the domain they "work" in.

Goldiegirl

dalesrider wrote: »

If only I had so few......
20+ at work most of which change at various intervals. None of which match. Various lengths, some have to have caps or numbers some dont.

And they expect you to remember them.....

Well they are in for a shock as the vast majority have them recorded somewhere

I have to have loads of passwords for work, and they change every few weeks. What makes it worse is that I only work two days a week, so it seems they change every five minutes. I do have them written down, but in a coded form, so no one would be able to log in

At home I have my bog standard forum password, but I do have different passwords for sites that deal with my finances. I admit I have them written down, again in coded form, and kept well away from the computer.

Rotor

roddydogs wrote: »

& in further news, the Pope is catholic.

You sure?
I thought the bear was catholic ; the Pope craps in the woods doesn't he?
Bet he does!

Dave_C_2

Ah! the joys of work passwords

• 3 different usernames and passwords (one of which was a calculator thingy) to protect the most sensitive industrial information - the weekly timesheet
• Really strict password rules so you can access trivial read-only information
• The one where swear words were rejected as passwords because it was against company policy to use foul language on company computers - until we pointed out that that there must be a file on the company computer containing all possible swear words so that they could compare passwords against it!
• The weekly CAD password on the whiteboard in the CAD room.
• And the old favourite, base password + month suffix

Nationwide has a calculator style gizmo that you put your debit card in and enter the PIN. This generates an 8 digit passcode. No problem with that, but the keys that you use to type in the PIN will get dirtier than the others ...

Gromitt

Dave_C wrote: »

Nationwide has a calculator style gizmo that you put your debit card in and enter the PIN. This generates an 8 digit passcode. No problem with that, but the keys that you use to type in the PIN will get dirtier than the others ...

You don't have to only use the ones for your PIN. You can press the others, then power on the unit and enter your PIN. So they all get dirty

However, I prefer to use a Barclays PIN Sentry. I think its a more quality product. A little bulkier, but better for it in my opinion. Got one at home and one at work. Works well with Nationwide. Just got a free set of batteries from them as well, even though my Barclays account has had £1 in it for the last 3 years or so.

innovate

Gromitt wrote: »

Just got a free set of batteries from them as well, even though my Barclays account has had £1 in it for the last 3 years or so.

No wonder the poor sods had to fix LIBOR rates, what with customers like you who take free batteries off them!

mh1923

The hackers have lots of data about us, and it's easy for them to decode passwords these days. I use LastPass for my passwords, and for any site that handles financial data.After reading this article, I started using 14 character passwords and generating fake answers to "insecurity questions". Lastpass is very easy to use, and I used diceware, the system from the xkcd comic above, to make my Master Password. So I only have to remember the Master Password and Lastpass does the rest.

The only place it doesn't work is the sites that want the 2nd, 5th, and 8th (or whatever) digits from a password. Then I have to open the Lastpass entry to see the password and count the digits. Stupidly tedious. I hate those systems.

Gromitt

mh1923 wrote: »

The only place it doesn't work is the sites that want the 2nd, 5th, and 8th (or whatever) digits from a password. Then I have to open the Lastpass entry to see the password and count the digits. Stupidly tedious. I hate those systems.

Use "Password Safe", you can right click an entry and "Select subset of password", enter the digits and it gives you the letters. More secure too as your password itself is never shown, just in case someone is recording your screen.