Heartbleed Bug shows why you should change passwords regularly

in Techie Stuff
42 replies 5.4K views
"MoneySavingExpert.com wants to assure users that we've carried out a check of our systems following the Heartbleed Bug..."
Read the full story:

Heartbleed Bug shows why you should change passwords regularly

OfficialStamp.gif

Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
«1345

Replies

  • mh1923mh1923 Forumite
    525 Posts
    "Use a mixture of words, numbers and characters. Passwords can still be memorable even when you jumble up numbers and letters, for example: M0n3y5av7ng3xp3rt.c0m!"
    This may have been sufficient security ten years ago, but not anymore. I don't think it's possible to be secure without a different completely random password for each website you use. And for that to work, you either need a notebook to physically write down each password, or a system such as Lastpass that remembers it for you.
    Hi, I'm Mich :o
    I won a years supply of Comfort fabric softener in November 2013 - more than half remains...
    2015 survey proceeds £115.36
  • edited 11 April 2014 at 7:28PM
    anotheruseranotheruser Forumite
    3.4K Posts
    Ninth Anniversary 1,000 Posts Name Dropper I've been Money Tipped!
    ✭✭✭✭
    edited 11 April 2014 at 7:28PM
    I use the same password for many things.

    If someone manages to find another forum/website I visit, guess or crack my password and then lock me out of the account, I'll just open a new one. I use different usernames and all the forums I visit don't have any importance on my life, so I don't worry if I am suddenly locked out.

    Banks have secure systems (secure enough for me anyway).

    Amazon won't allow you to post to another address than one that is already stored with out entering payment details again, so that's fine too.

    PayPal and Ebay both have secure-ish passwords and I'm not really worried about those either.

    Most other sites, I either don't create an account or if I do, they will usuaully ask for the CV3 code anyway. Even if they don't, Mastercard/Visa have their password verification anyway.

    The password I use most frequently, apparently would be cracked instantly and is "IN THE TOP 3600 MOST USED PASSWORDS"

    However my most secure password would take "26 million years" to crack. A variation of it would take 37 but I doubt the computer program would try for even 36 years so I'd consider that safe.
    PayPal password would take 19 years, that's still a very long time.

    https://howsecureismypassword.net/
  • tafelmoneysavertafelmoneysaver Forumite
    235 Posts
    Part of the Furniture 100 Posts Name Dropper
    ✭✭

    When testing a password I'd recommend not typing in your exact password - Perhaps a variation of it with the same mix of characters and numbers.

    So if really must enter your password into a completely random website and your password is "password" at least type something like "drowssap" into the test box.
  • SoolerSooler Forumite
    3.1K Posts
    Part of the Furniture 1,000 Posts Combo Breaker
    ✭✭✭✭
    However my most secure password would take "26 million years" to crack. A variation of it would take 37 but I doubt the computer program would try for even 36 years so I'd consider that safe.
    PayPal password would take 19 years, that's still a very long time.

    They could of course be possibly guessed correctly on the first attempt!
  • abibeeabibee Forumite
    441 Posts
    Part of the Furniture
    ✭✭
    Lastpass is the best policy in my opinion, for most sites. But for my banking and main e-mail I don't even trust Lastpass company (though I'm sure they're trustworthy), and have strong ones committed to memory.
  • bobblebobbobblebob Forumite
    988 Posts
    Part of the Furniture 500 Posts Name Dropper
    ✭✭✭
    2 step verification seems the most secure way. Even if someone knows your username and password, they still cant get access without your phone
  • JivesingerJivesinger Forumite
    1.2K Posts
    Ninth Anniversary Combo Breaker
    ✭✭✭
    bobblebob wrote: »
    2 step verification seems the most secure way. Even if someone knows your username and password, they still cant get access without your phone
    ... and even if they used something like Heartbleed to read the code you entered with 2-step verification as well as your password, that code only works for a very short period of time. So 2-step verification does seem to be a good thing.

    The idea of a password that you remember is pretty much doomed.

    There are too many websites, and too many hackers cracking them (which means you need a different password for every website so once one is hacked, you haven't lost them all).

    The password-cracking power of computers is increasing while the password-remembering power of the human brain is sadly pretty fixed.

    It won't be many years before we're all carrying around something like a 2-step verification gizmo for everything, and probably not many more years before they just get implanted in our bodies! ;)
  • bobblebobbobblebob Forumite
    988 Posts
    Part of the Furniture 500 Posts Name Dropper
    ✭✭✭
    It won't be many years before we're all carrying around something like a 2-step verification gizmo for everything, and probably not many more years before they just get implanted in our bodies!

    We do already, its a mobile phone ;)
  • neilwoodsneilwoods Forumite
    2.3K Posts
    Jivesinger wrote: »
    It won't be many years before we're all carrying around something like a 2-step verification gizmo for everything, and probably not many more years before they just get implanted in our bodies! ;)

    As already mentioned, mobile phone. Plus HSBC use a 2 step, with a small device that looks like a small calculator. Maybe other banks use them as well
    Mansion TV. Avoid at all cost's :j
This discussion has been closed.
Latest MSE News and Guides

Stoozing, sublets & summer sips

This week's MSE Forum highlights

MSE News

Martin Lewis quizzes Rishi Sunak

Watch the cost of living support Q&A here

Join the MSE Forum discussion

48 craft beers for £50 delivered

One-off bundle for newbies. Excludes Northern Ireland

MSE Deals