Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 12-31-2010, 01:37 PM   #51
BSOD
 
Join Date: Dec 2010
Posts: 582
Default Re: Passwords: The not to use

Is it a bad idea to use the same password for everything from facebook to school password?
__________________

clacker is offline   Reply With Quote
Old 12-31-2010, 09:56 PM   #52
Site Team
 
berry120's Avatar
 
Join Date: Jul 2009
Location: England, UK
Posts: 3,425
Default Re: Passwords: The not to use

Yes and no. It's good because you're more likely to remember it, it's bad because if someone gets one password they've got everything.

I go for a mixture - I use one password for everything that I don't really care about, and a different password for things that I do. Import things like bank details and email accounts for me all use separate passwords. Things that I know are at risk from being stolen (unreliable forums for instance) have unique passwords. Everything else usually gets lumped with one of a few others.

Different people will tell you different things in regards to security, but in reality we're all old enough now to know that using your first name is a bad idea. Find a plan you think is sensible and stick with it.
__________________

__________________
Save the whales, feed the hungry, free the mallocs.
berry120 is offline   Reply With Quote
Old 01-01-2011, 06:51 PM   #53
BSOD
 
Join Date: Dec 2010
Posts: 582
Default Re: Passwords: The not to use

Quote:
Originally Posted by berry120 View Post
Yes and no. It's good because you're more likely to remember it, it's bad because if someone gets one password they've got everything.

I go for a mixture - I use one password for everything that I don't really care about, and a different password for things that I do. Import things like bank details and email accounts for me all use separate passwords. Things that I know are at risk from being stolen (unreliable forums for instance) have unique passwords. Everything else usually gets lumped with one of a few others.

Different people will tell you different things in regards to security, but in reality we're all old enough now to know that using your first name is a bad idea. Find a plan you think is sensible and stick with it.
Yer I probably wouldn't use it for important stuff but I use it for forums,facebook and twitter.
clacker is offline   Reply With Quote
Old 01-01-2011, 06:52 PM   #54
Site Team
 
berry120's Avatar
 
Join Date: Jul 2009
Location: England, UK
Posts: 3,425
Default Re: Passwords: The not to use

Quote:
Yer I probably wouldn't use it for important stuff but I use it for forums,facebook and twitter.
It's also probably not the wisest move ever to announce what specific accounts share passwords
__________________
Save the whales, feed the hungry, free the mallocs.
berry120 is offline   Reply With Quote
Old 01-02-2011, 09:36 AM   #55
Fully Optimized
 
~Darkseeker~'s Avatar
 
Join Date: Jan 2010
Location: Welwyn Garden City, United Kingdom
Posts: 2,494
Default Re: Passwords: The not to use

i did a bit on password policy for my MCITP prep

a mixture of alphanumeric and non-alphanumeric in capital and lower case usually makes for a strong password.

e.g. Pa$$w0rd101 instead of 'password'
__________________
EVGA SLI Micro Z68 // Intel i5-2500k @ 4.4GHz // 8GB Corsair Vengeance 1866MHz // Overclocked ASUS GTX 660 Ti // Corsair Carbide SPEC-03 // Kingston Hyper-X 120GB // 2TB WD Green + 500GB WD Black
#JC4PM
~Darkseeker~ is offline   Reply With Quote
Old 01-02-2011, 09:52 AM   #56
Site Team
 
berry120's Avatar
 
Join Date: Jul 2009
Location: England, UK
Posts: 3,425
Default Re: Passwords: The not to use

A bit of a tangent here - but many password policies in companies these days have exactly the opposite effect of what they set out to do. In theory they might produce the most secure passwords on the planet, but it's how people implement these policies that's often their downfall.

Take the classic "change your password every 28 days" example. This is forced upon you by most companies I've seen, the idea being that if anyone does find out your password they only have a shortened time window in which to do anything. In practice though, this backfires for a few reasons:

- People can't, and won't, think up different unique passwords for each month. It'll generally be something like pass, pass01, pass02, pass03 and so on. Which pretty much invalidates the whole policy (if you find out a password and it's pass05, it's not too hard to guess what the next one might be!)
- The people that do create unique passwords will likely write them down somewhere on their desk to remember them - this undermines pretty much everything if they're found by a casual passer by!
- However short the time window is for an attacker to work, they can most likely still do all the damage and retrieve all the data they like given a day or 2. So unless you make people change their password every day, this policy is pretty useless anyway.

Another point - it's true that non-alphanumeric characters and a mix of non-dictionary words make a strong password. But in practice this usually makes next-to-no difference. How come? Well, if you think about it there's a number of ways an attacker could break a password:

- He could use social engineering techniques to make a good guess at what it is
- He can find it stored somewhere unencrypted (or stored using a weak encryption algorithm)
- He could find a way to delete it and create a new one
- He could brute force it by trying every combination against a hash until he finds the right one.

Now, I'm willing to bet most passwords compromised are in the first category, and the next two also play a relatively decent role. But the chances of an attacker finding out a password via brute forcing it are pretty much 0, and unless your account is of some considerable value most won't bother. Obviously don't use dictionary passwords because they're really easy to break (they go into the second category more than the fourth.) But even using numbers is secure enough for most purposes.

I'm not trying to downplay security here at all, it's important and it's something we should all be taking note of. What I am trying to highlight is the biggest weakness - humans. It's all very well having these amazingly secure encryption algorithms, but if from a human level people take steps to circumvent them (intentionally or otherwise) then the whole thing is blown wide open. The most secure password in the world written down on a desk somewhere can suddenly become the least...
__________________
Save the whales, feed the hungry, free the mallocs.
berry120 is offline   Reply With Quote
Old 01-02-2011, 12:25 PM   #57
Fully Optimized
 
~Darkseeker~'s Avatar
 
Join Date: Jan 2010
Location: Welwyn Garden City, United Kingdom
Posts: 2,494
Default Re: Passwords: The not to use

i heard a story of a guy who worked in a developement sector for some software company (story told by a administrator at my place of study). He sellotaped a piece of paper with his password on it underneath his keyboard, the administrators did a check after-hours one night of the office and he got fired for it.

i think this illustrates what berry said about putting passwords on desks and stuff xD
__________________
EVGA SLI Micro Z68 // Intel i5-2500k @ 4.4GHz // 8GB Corsair Vengeance 1866MHz // Overclocked ASUS GTX 660 Ti // Corsair Carbide SPEC-03 // Kingston Hyper-X 120GB // 2TB WD Green + 500GB WD Black
#JC4PM
~Darkseeker~ is offline   Reply With Quote
Old 01-02-2011, 05:59 PM   #58
BSOD
 
Join Date: Dec 2010
Posts: 582
Default Re: Passwords: The not to use

Quote:
Originally Posted by berry120 View Post
It's also probably not the wisest move ever to announce what specific accounts share passwords
I have trust. :/
clacker is offline   Reply With Quote
Old 05-06-2011, 08:42 AM   #59
Beta Member
 
Join Date: Sep 2010
Posts: 3
Default Re: Passwords: The not to use

I suppose using a program such as Norton Identity Safe would be a bad idea in regards to protecting my passwords? I am having problems managing all the passwords as I have close to around 50 different passwords and probably well over 100 accounts. These range from bank accounts, work passwords, e-mail addresses, online storage passwords, passwords for forums, social networking sites and so many more. Identity Safe makes life so much easier by storing my passwords and automatically filling them out, but whether this is truly safe is the question?
Chris101 is offline   Reply With Quote
Old 06-06-2011, 06:35 PM   #60
Baseband Member
 
Join Date: May 2011
Posts: 49
Default Re: Passwords: The not to use

this is really helpful
i hate when people make really stupid passwords
__________________

thatguywhy is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 06:08 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0