MSE News: Customers can't keep track of passwords

dalesrider

Fella wrote: »

And the most ridiculous thing of all is that only some sites insist on it.
.

VbV & Mastercard secure.
You do know that the retailers have to pay to use the service. That is why many do not.

If retailers ran more security checks, then there would be no need for such services.
Things like only delivering to card holders address for 1st delivery. If they think something is not right. Either contact card holder via snail mail to listed address or contact their card provider to check with them.
Sure it would slow things down. But the benefit would be less cards to stop and replace due to fraud.

roddydogs

Dave_C wrote: »

Ah! the joys of work passwords

• 3 different usernames and passwords (one of which was a calculator thingy) to protect the most sensitive industrial information - the weekly timesheet
• Really strict password rules so you can access trivial read-only information
• The one where swear words were rejected as passwords because it was against company policy to use foul language on company computers - until we pointed out that that there must be a file on the company computer containing all possible swear words so that they could compare passwords against it!
• The weekly CAD password on the whiteboard in the CAD room.
• And the old favourite, base password + month suffix

Nationwide has a calculator style gizmo that you put your debit card in and enter the PIN. This generates an 8 digit passcode. No problem with that, but the keys that you use to type in the PIN will get dirtier than the others ...

You dont need to use gizmo for NW, just use "Memorable data" instead.

Blackjack_Davy

I'm probably guilty of using similar passwords, though I have different sets of passwords for different categories of risk.

For example, my forum passwords are separate from my online retail passwords which are different from the most complex of all, my online banking ones.

So if someone manages to get hold of my forum passwords they can't log into my bank accounts, for instance. It's not perfect, but its a way of limiting the risk.

Sheer numbers of passwords can be daunting my bank requires 3 sets of numbers/passwords to access my account, another account I once had had many more... and I actually managed to forget one of them and was locked out of my account I had to phone up the bank and was told to drive to a branch some distance away where I was ushered into a private room past staring customers and staff and had to provide endless amounts of personal documents and statements and passports to prove who I was before they would finally release my money... very awkward.

Dave_C_2

Gromitt wrote: »

You don't have to only use the ones for your PIN. You can press the others, then power on the unit and enter your PIN. So they all get dirty .

roddydogs wrote: »

You dont need to use gizmo for NW, just use "Memorable data" instead.

Agreed, I always press the other buttons on the gizmo when entering the PIN.
I tend to use the gizmo more than the memorable data as N/W insist that it is more secure. Admittedly there is an element of "don't give them an excuse" as well.

Dave

Anthorn

There is the old prefix and suffix strategy for passwords: You have a hard to guess password common to everything and everywhere and add a prefix and suffix according to the site name or an abreviation for the site name. For example if your password is "aarrgghh" applying it to MSE might make it "msaarrgghhe" or "moneysavingaarrgghhexpert".

Solly_Atwell

Why all the fuss? Just use the free open source programme called 'KeePass' it stores all your passwords encrypted by algorithms AES and Twofish and logs into each site for you. The whole package is protected by a master password. Mine being 36 digits long and I have no trouble remembering it each time I log in. There is a portable version for those on the go types.

Eco_Miser

For those sites that require, say, the first, fith and seventh characters of your password, I devise a password with each character related in some way to its position, e.g. by a counting rhyme - 12 days of Christmas gives PtFcrgsmlLpd.
Other passwords are based on poetry I was forced to memorise at school.

tyllwyd

Eco_Miser wrote: »

... 12 days of Christmas gives PtFcrgsmlLpd ...

Please excuse my stupidity - but can you translate? I can't see how you get from the rhyme to the password!

black_taxi_2

the more passwords you have means you hav to write them down which in itself is worse security

black_taxi_2

tyllwyd

if he/she tells they would have to kill you:D