Heartbleed Bug shows why you should change passwords regularly

propertyman

Aah but as the browsers are not rushing to fix the loophole, changing your password can in fact mean that your NEW password will be harvested.

:money: If you have the funds, only have online access to one account for day to day expenses and keep the rest of your money in an account that only has counter or telephone access.

[Deleted User]

I spent ages thinking up a good system for generating passwords, then one day I was on the blower to PlusNet and the bloke said "Ooh, that's a really good password you've got there if I may say so". :wall:

Jivesinger

neilwoods wrote: »

As already mentioned, mobile phone. Plus HSBC use a 2 step, with a small device that looks like a small calculator. Maybe other banks use them as well

Yes it was the 'for everything' bit in my post that I really think will be the change - not everything uses 2-step verification yet.

Plus - you can use the mobile phone for some things but not banking. The bank calculator thing only works for banks, and even they don't all use the same method.

To stop us needing to carry around a bunch of gizmos to login to stuff, you'd hope that someone will come up with a standard method that gets universally adopted, and my hunch is that might be more like the bank's card reader than the mobile phone app.

matttye

Fingerprint tech on everything please.

I'm not concerned about heartbleed.. if they manage to gather millions of account details, what's going to draw them specifically to mine? Nothing.

I use about 10 different passwords or variations thereof and it's a nightmare to remember what I've used where, not about to go and change everything.

[Deleted User]

matttye wrote: »

Fingerprint tech on everything please.

http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm

spud17

matttye wrote: »

Fingerprint tech on everything please.

I worked on a construction site using finger print technology for site security.

A couple of finger prints from each hand were scanned, and saved.

The problem was, prints were scanned in a warm office, after a days work your finger prints couldn't be read due to hands being cold or wet or sweaty.

We tried wiping hands, washing hands in warm water, but nothing was ever reliable.

Also worked on a site where they used facial recognition cameras, in combination with a pin, totally unreliable.
Nothing like being locked in the site by the system when you need to get off site to use the toilet! :rotfl:

whitegoods_engineer

I read a good way of doing passwords once which goes something like, for instance, Ebay password could be (M)y (A)ccess (2) (E)bay (I)s (V)ia (T)he (N)umber (654321). (obviously just using the letters/numbers shown in brackets MA2EIVTN654321 so you have a memorable phrase including numbers, and the E would be for Ebay so change that for F for facebook, etc.

That way, it is possible to have a different password for each site which is memorable but not possible to guess!

The phrase could be something similar like, I Always Use This Code 2C My Ebay Page 3456 IAUTC2CMEP3456

Obviously the phrase could be slightly different, FB for facebook , N for Number instead of Code etc. You could even change S to $ etc!

Jivesinger

whitegoods_engineer wrote: »

Obviously the phrase could be slightly different, FB for facebook , N for Number instead of Code etc. You could even change S to $ etc!

Although that's better than nothing, the trouble with that is if a hacker found your password on Facebook was:
ba52946%gaFBa
they only have to try a few combinations to get into other systems - eg. it wouldn't take long to get in if your password on here was:
ba52946%gaMSEa

andydiysaver

I'll give away my system because it's not going to compromise my security and it's a good system because it is offline


Problem: ridiculous passwords are now needed to keep ahead of the hackers to the point where we forget our own passwords


my solution I have a USB holder for 5 USB sticks with an off/on switch with the usb stick in which has the passwords on


when I update my passwords, I make the file offline in excel run from an encryption directory on the sticks on the USB rack, then I take a snapshot of the new passwords to be and store that as a PDF (image PDF) in the encryption directory, I then copy this over to another USB stick in an encryption directory


so now I've got one USB stick one USB encryption directory with an image of passwords in that I can switch on and off when I need to see them


then I go back online and I change the passwords as per the image. Whenever I forget/want to log in, I can momentarily switch on the USB go into the encrypted vault and open the image then switch off the USB again. the encrypted vault itself is password protected, of all my ridiculous long stringed passwords, this is the one I remember and have only in my head.


I think it's pretty secure and I don't mind sharing it, the drawback is if someone can monitory your keystrokes or see what you are doing onscreen via some means of remote access. so of course, you don't want remote access turned on to make that easier for that to happen.


the BEST system is a good old hand written note hidden somewhere only you know - but admit it I can't be arsed and my system above is pretty good (note the use of images means passwords are to be read not copied) . Isn't it amazing how the higher tech things get the lower tech the best solutions often become...

PasturesNew

How long does it take you to think of a website where you have an account, load it, find the login button, login ... then navigate round the site to find your account and change your password, then log out?

3 minutes?

I have 900 sites/passwords .... 3x900=2700 = 45 hours.