Ransom Demands

Taoz

Chohole said:

bluejaunte said:

marble said:

There are password generators but I have found them impractical because some sites don't allow "paste" in the password field. Who wants to type out:  hhuipiWT^F@@))uyf∞£lluiuvGIbD195kh09kfY every time you login to one of those sites? So I tend to use word combinations with some letters transposed for symbols and numbers and a mixture of upper and lower case.

Not one of those 143 I'm apparently registered at prevented a paste. If they did I'd drop them a mail and educate them about how such functionality works against security exactly because of the reaction you had.

I go to several sites that won't allow a paste in the password field, 

Ctrl + v often works if there are no other options.

Subtropic Pixel

Chohole said:

I opften wonder,  when reading threads like this, if people to whom English is a 2nd language make thier passwords in English or their first language.  And if the latter do they get hacked as easily as English and American English passwords.

I use passwords from languages I've never spoken.

Taoz said:

 

Chohole said:

I opften wonder,  when reading threads like this, if people to whom English is a 2nd language make thier passwords in English or their first language.  And if the latter do they get hacked as easily as English and American English passwords.

I make mine in Gibberish.

Pig Latin is always an interesting oicechay.

Subtropic Pixel

Pixolygon said:

davidwski_16294691f0 said:

Pixolygon said:

Miss Bad Wolf said:

marble said:

bluejaunte said:

marble said:

There are password generators but I have found them impractical because some sites don't allow "paste" in the password field. Who wants to type out:  hhuipiWT^F@@))uyf∞£lluiuvGIbD195kh09kfY every time you login to one of those sites? So I tend to use word combinations with some letters transposed for symbols and numbers and a mixture of upper and lower case.

Not one of those 143 I'm apparently registered at prevented a paste. If they did I'd drop them a mail and educate them about how such functionality works against security exactly because of the reaction you had.

I use LastPass which automatically pastes my credentials and several sites don't allow it.

I use LastPass too.  I recommend LastPass.

I ditched LastPass ages ago as it was purchased by LogMeIn, the same people who run the Hamachi VPN client, which has a history of getting breached.
I switched to Enpass. It's a local password manager with autofill/pw generation capabilities and I sync the database between my devices.

The safest though I've heard is another offline one, which is also open source, which allows it's code to be scrutinized.  It's called KeePass.

Actually, the safest method is making up your own passwords from random digits, and writing them down on a piece of paper.  I know, what a pain to actually type in characters!  Archaic, I understand, but anything you use software for, and then sync between devices is vulnerable unless it's generating completely random characters..

From what I've read, the random characters isn't really the problem, it's the length of the password. The longer it is, the longer it takes to crack. Once you're in the 30-35+ character range I believe, you're looking at years upon years of cracking. You could use full words, but the trick is to make each word have nothing to do with each other. For instance, donkeycrackerswimmingtriangle is better than iliketoeatapplepie, but you still want to throw in random capitals, numbers, and symbols.

Or just put a limit on number of attempts. 

I could choose a 3-character password and with only 10 attempts available, I'd be confident that NOBODY is going to guess it.  They simply don't have enough available attempts to be successful in any brute-force methodology.

Passwords are NOT working!  We keep making it harder on good people when we SHOULD be making it harder on evil people.  A 35-character password with mixed case, numbers, and special characters?  What, and then do a 3-person tango at midnight under a full moon?  Are you KIDDING me?

Why don't we have password attempt limits?  It seems only Apple understands this issue.

kyoto kid

...my bank has password attempt limits as well.  So does my email.

Chohole

Subtropic Pixel said:

Chohole said:

I opften wonder,  when reading threads like this, if people to whom English is a 2nd language make thier passwords in English or their first language.  And if the latter do they get hacked as easily as English and American English passwords.

I use passwords from languages I've never spoken.

Taoz said:

 

Chohole said:

I opften wonder,  when reading threads like this, if people to whom English is a 2nd language make thier passwords in English or their first language.  And if the latter do they get hacked as easily as English and American English passwords.

I make mine in Gibberish.

Pig Latin is always an interesting oicechay.

My favourite is to choose a random 3 or 4 words from the welsh side of the bilingual communications we receive. 

Such as   mae hwn yn rybudd pwysig       or          nid yw'n bost sothach

plenty of chances to change some to special characters and random uppercase or numerals        the second is really good I think

Edited to add         Even my Grocery shops have password attempt limits.

davidtriune

thanks ppl for the warning, changed password.

Subtropic Pixel

Chohole:  LOL, thank you for the laugh!  Er, I mean "Ankyouthay orfay uhthay afflay". 

SpottedKitty

Chohole said:

My favourite is to choose a random 3 or 4 words from the welsh side of the bilingual communications we receive. 

Such as   mae hwn yn rybudd pwysig       or          nid yw'n bost sothach

Better check to see if any of them say something like "on holiday, back in two weeks". Someone in a Welsh town council got that reply a couple of years back and assumed it was a real translation. What's surprising is that no-one noticed the unusual instructions on the road sign right away...

Samanthie

I could not login today with current password and I use Norton/Vault with a password generator. It's been changed now but I haven't had that happen before. Glad I found this thread.

Chohole

SpottedKitty said:

Chohole said:

My favourite is to choose a random 3 or 4 words from the welsh side of the bilingual communications we receive. 

Such as   mae hwn yn rybudd pwysig       or          nid yw'n bost sothach

Better check to see if any of them say something like "on holiday, back in two weeks". Someone in a Welsh town council got that reply a couple of years back and assumed it was a real translation. What's surprising is that no-one noticed the unusual instructions on the road sign right away...

That is one of the most widely quoted bad Welsh translations.   There are several   I was quite surprised to see that Google translate actually didn't make too bad a job of translating the two I quoted,  but don't try doing it the other way,  they do not get the same Welsh words as came in the letter.    I also like quoting the leaflets if I ever get a nuisance call for one of those people with the un-understandable accents.  my Favourite  is to quote the front page of the booklet on recycling etc.   Makes a perfect remark for a nuisance caller as it says (in English)
We are changing the way we collect your waste.  

Sounds really good in welsh   and my accent is getting better
 

tkdrobert

Chohole said:

Funny, but I'm pretty sure "incorrect" is on the master list of known passwords that hackers can use to crack a password. 

Spit

.

Chohole said:

bluejaunte said:

marble said:

There are password generators but I have found them impractical because some sites don't allow "paste" in the password field. Who wants to type out:  hhuipiWT^F@@))uyf∞£lluiuvGIbD195kh09kfY every time you login to one of those sites? So I tend to use word combinations with some letters transposed for symbols and numbers and a mixture of upper and lower case.

Not one of those 143 I'm apparently registered at prevented a paste. If they did I'd drop them a mail and educate them about how such functionality works against security exactly because of the reaction you had.

I go to several sites that won't allow a paste in the password field, 

me too.

Amazon is the strangest. The 'saved' password in firefox is incorrect, Anytime I sign in I have to change it. Then Firefox asks me if I want to save the new pword. Doesn't matter what I answer, it doesn't save it. This has been going on for several years.

 

Taoz

Spit said:

.

Chohole said:

bluejaunte said:

marble said:

There are password generators but I have found them impractical because some sites don't allow "paste" in the password field. Who wants to type out:  hhuipiWT^F@@))uyf∞£lluiuvGIbD195kh09kfY every time you login to one of those sites? So I tend to use word combinations with some letters transposed for symbols and numbers and a mixture of upper and lower case.

Not one of those 143 I'm apparently registered at prevented a paste. If they did I'd drop them a mail and educate them about how such functionality works against security exactly because of the reaction you had.

I go to several sites that won't allow a paste in the password field, 

me too.

Amazon is the strangest. The 'saved' password in firefox is incorrect, Anytime I sign in I have to change it. Then Firefox asks me if I want to save the new pword. Doesn't matter what I answer, it doesn't save it. This has been going on for several years.

Amazon and practically everything else works fine for me using auto login. I'm using Password Agent and Roboform (browser plugin).

AllenArt

If you use Last Pass like I do, I've found that it truncates my password on Amazon. I have to open the vault in Last Pass, look at my amazon account and copy and paste the password. Just for Amazon. Not sure why.

Laurie

tkdrobert