We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Passwords security
Comments
-
Just playing devil's advocate a little here....
From media reports it seems that most banking scams involve the victim actually providing login details, e.g. with phishing emails that purport to come from banks.
Is there a danger that we focus too much on password security, rather than stopping many other scams which don't involve breaking passwords?
2 -
Software key loggers can intercept virtual keyboards as well as physical ones. Its all software that does the work at the end of the day.2
-
Yes, absolutely, social engineering and other non password hacks are very important.double_dutchy said:
Is there a danger that we focus too much on password security, rather than stopping many other scams which don't involve breaking passwords?
One of the things I advocate to businesses is that when they do their security training the also align it to out of the office environments, as many will associate with that better and get a better understanding on how to protect themselves in both environments better.1 -
Which is why mobile phone banking apps provide protection against keyloggers as the apps use their 'own' keyboard (rather than eg the android system one) as these cannot be intercepted.400ixl said:Software key loggers can intercept virtual keyboards as well as physical ones. Its all software that does the work at the end of the day.2 -
As they are not single code ASCII characters they could not be used.RobM99 said:OK thanks, I was thinking more of special characters that don't appear on a keyboard. I'd have thought they'd be a tad more secure. ß ◙ ì
You can use any of the characters in the printable range (codes 32-127). https://www.ascii-code.com/0 -
...and that tells me exactly what I wanted to know. Thanks you! No apple π for me then.unforeseen said:
As they are not single code ASCII characters they could not be used.RobM99 said:OK thanks, I was thinking more of special characters that don't appear on a keyboard. I'd have thought they'd be a tad more secure. ß ◙ ì
You can use any of the characters in the printable range (codes 32-127). https://www.ascii-code.com/Now a gainfully employed bassist again - WooHoo!0 -
km1500 said:For a brute force dictionary attack this is equivalent to a 13 length password
my name is far fetch and i post on money saving expert website
The 19 character password elephantrhinocerous is equivalent to a length 2 password for brute force attacks ie you might just as well use the password '12'Are you thinking that a brute force dictionary attack will try combinations of words as in the above examples?They might, but there are thousands of words to try (with variations in capitalization and '1337' substitutions, and mis-spellings), rather than the 95 printable ASCII characters.So for your second example there are 95*95 =9025 possible two character passwords, there are over 2000*2000 = 4 million two word passwords.
Eco Miser
Saving money for well over half a century0 -
I have always found it interesting that the National Cyber Security Centre recommends simply using 3 random words for your password, if not using an AI generated one plus a password manager0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards