Passwords /ID | GTAMotorcycle.com

Passwords /ID

nobbie48

Well-known member
Site Supporter
The security types have numerous suggestions and rules:

At least 8 characters

Alpha and numerical

Upper and lower case

Throw in a symbol but only certain ones are allowed

Change every six months

Different for every account

Do they consider that as people age they get whachamacallit disease but they aren't supposed to write the above down?

As we are encouraged to do more on line in an aging society will it get worse? Expecting people to remember weird sets of characters is ridiculous if the person can't remember their own name.

Part two:

Security questions shouldn't be subjective.

"What is your favourite song?"

Answer:

It depends on my mood.

Ignoring moods, it could be a hit from two years ago but then you hear a new song and like it more.

However:

My first car will always be my first car.

My mother's maiden name doesn't change.

My birthplace can't change.

Peeved that I just went through a limited time sign up with too many questions. Found out the government says I owe $5 Gs.

Feeling better now that I spoke to someone at CRA and their paperwork is way behind and I owe nothing. The sun just came up.
 
I only remember the passwords for a few places now. Most of my passwords are long (16+ characters) and either random or diceware. They are all stored in codebook and I generate a new random password for each site. Codebook also stores the answers to the security questions, account numbers and telephone numbers to contact credit card companies.
 
My passwords involve a personal algorithm and bit shifting; this is tied to the website or company I'm accessing so all my passwords are unique.

The reason passwords have become more strict is because a large portion (I'd estimate over 90%) of data breaches are caused by the human element (password)

https://github.com/DavidWittman/wpxmlrpcbrute/blob/master/wordlists/1000-most-common-passwords.txt

If I ran the above file on any website using a bruteforce bot, I'm pretty damn sure I'd unlock over 20% of the accounts.

And, of course, if someone has a poor password and they lose their account....they blame the business instead of themselves.
 
油井緋色;2571169 said:
My passwords involve a personal algorithm and bit shifting; this is tied to the website or company I'm accessing so all my passwords are unique.

The reason passwords have become more strict is because a large portion (I'd estimate over 90%) of data breaches are caused by the human element (password)

https://github.com/DavidWittman/wpxmlrpcbrute/blob/master/wordlists/1000-most-common-passwords.txt

If I ran the above file on any website using a bruteforce bot, I'm pretty damn sure I'd unlock over 20% of the accounts.

And, of course, if someone has a poor password and they lose their account....they blame the business instead of themselves.

Use the same password for all accounts and if a rinky dink site has poor protection a hacker can get, in effect, a master key to your secure connections.
 
Use the same password for all accounts and if a rinky dink site has poor protection a hacker can get, in effect, a master key to your secure connections.

Don't use the same passwords on every site....

At the end of the day, it is just as much the user's responsibility to secure their credentials as it is the business.
 
Difficult password rules lead to the current password being written on a yellow sticky note stuck to the laptop screen.
 
I think I'll try a Vic cipher. Basically make up a password that gets screwed up by a key word that I can remember.

For the tongue tied, a Vic cipher is a straddling bipartite mono-alphabetical substitution super enciphered by modified double transposition.

Screw up the password with a key word and then screw it up again with another.

Or maybe I'll try to find a sunken Nazi U boat and take the Enigma machine.
 
Difficult password rules lead to the current password being written on a yellow sticky note stuck to the laptop screen.

Yup seen that a few times, or it is in the desk drawer.

Some people just won't get it.

I only use the same password if it is for something not so sensitive (user forum etc), otherwise I custom generate a password every time.
I'll be storing all these logins to a spreadsheet as more sites are requiring more login's.
 
Yup seen that a few times, or it is in the desk drawer.

Some people just won't get it.

I only use the same password if it is for something not so sensitive (user forum etc), otherwise I custom generate a password every time.
I'll be storing all these logins to a spreadsheet as more sites are requiring more login's.

Make sure your spreadsheet has a very non-obvious name. Passwords.xls is low hanging fruit for any malicious code running on your computer. I would just use a random collection of characters for the file name.

I bought Codebook as it keeps the database encrypted (many many password managers store the database as plain text) and syncs across multiple devices. You have to pay for IOS, Android and PC separately but can have many devices for one purchase (IIRC unlimited IOS/android and 5 PC's). It's not perfect, but I find it much easier to use and more secure than a spreadsheet.
 
@GreyGhost

I will definitely look into Codebook, sound interesting. But I try to avoid putting any passwords into any kind of cloud based sync.
Right now it just sits on my Mac (not called passwords etc), which is good as it is a less likely security risk then a PC. Also my browsers have ad blockers and tracking blockers to avoid some malicious stuff. And for the real sensitive sites (banking) I only use 1 browser for this purpose and doesn't go anyplace else on the net. And those passwords are stored someplace separately from all the other passwords.
 
@GreyGhost

I will definitely look into Codebook, sound interesting. But I try to avoid putting any passwords into any kind of cloud based sync.
Right now it just sits on my Mac (not called passwords etc), which is good as it is a less likely security risk then a PC. Also my browsers have ad blockers and tracking blockers to avoid some malicious stuff. And for the real sensitive sites (banking) I only use 1 browser for this purpose and doesn't go anyplace else on the net. And those passwords are stored someplace separately from all the other passwords.

For better or for worse, codebook sync is manual and slightly ghetto. You can use dropbox, google drive, wifi or a local folder for sync. Sync happens manually when you tell it to. If you wanted to avoid passwords in the cloud, the local options work for you (although obviously, any device not updated while you are at home won't be able to sync while out and about).

Edit:
Make sure you have a solid backup plan in place for whatever solution you choose. The problem with hundreds of random passwords is losing access to the file/database that contains them takes a long time to correct.
 
Last edited:
Difficult password rules lead to the current password being written on a yellow sticky note stuck to the laptop screen.

Well, there is two factor authentication (which I have for multiple video games as they were the first to get data breach issues before the breaches went mainstream.)

Until we get biometric authentication, in conjunction with two factor, in a cost efficient manner....gotta live with passwords. And if people write them down on yellow sticky notes...

.....the last time someone did this at my previous work place, we broke into his computer and replaced all icons, background images, start menu image, etc. etc. to http://knowyourmeme.com/photos/456353-nicolas-cage
 
Difficult password rules lead to the current password being written on a yellow sticky note stuck to the laptop screen.

I was at a Canadian Tire and the service desk had the usernames and passwords typed out, printed and taped to the monitor. I don't think they understand security. At the very least they could put the sheet in a drawer where not every single customer sees all of your access credentials.
 
Last edited:
I had an employee at work that could watch you typing and read your password.

At least one of my kids can do the same. All my passwords are long and complicated, or completely random now.

Does anyone use Keepass? https://keepass.info/
 
Newer industrial robots and PLCs have password protection for certain critical functions. If you apply security rules then if that robot acts up at 3 AM you are screwed. They either all have the factory default, or they are left unlocked, or they all have a simple password that everyone in the plant knows...

I've had someone call me asking if I had the password in my records. Couldn't help them.
 
You used to be able to walk from the street, into the U of T Computing Facility, drop a deck of cards into the hopper, and walk around the queue to get your printout.

I did that for years before they installed passwords and accounts on the job decks.
 
I only remember the passwords for a few places now. Most of my passwords are long (16+ characters) and either random or diceware. They are all stored in codebook and I generate a new random password for each site. Codebook also stores the answers to the security questions, account numbers and telephone numbers to contact credit card companies.
What is codebook and diceware?

Sent from my purple G4 using Tapatalk
 

Back
Top Bottom