The New Password Experience...

Got networking / internet / computer/ TV/ Telephone problems in Crete? Ask here.
BrianS
Posts: 112
Joined: Mon Jan 19, 2009 5:29 pm
Location: Apokoronas

The New Password Experience...

Postby BrianS » Sun Nov 02, 2014 8:27 pm

With day after day of damp and cool weather I've been catching up on some back issues of The Oldie and thought I would share this with you as it certainly made me smile:

Computer: Please enter your new password
User: cabbage
Computer: Sorry, the password must have more than eight characters
User: boiledcabbage
Computer: Sorry, the password must contain one numerical character
User: 1 boiledcabbage
Computer: Sorry, the password cannot have blank spaces
User: 50boiledbloodycabbages
Computer: Sorry, the password must contain at least one upper case character
User: 50BLOODYboiledcabbages
Computer: Sorry, the password cannot use more than one upper case character consecutively
User: 50BloodyBoiledCabbagesShovedUpYourAssIfYouDon'tGiveMeAccessNow!
Computer: Sorry, the password cannot contain punctuation
User: ReallyPissedOff50BloodyBoiledCabbagesShovedUpYourAssIfYouDontGiveMeAccessNow
Computer: Sorry, that password is already in use

Sent in by Bernard Taylor

Kilkis
Posts: 12179
Joined: Sat Apr 21, 2007 3:58 pm
Location: Near Chania

Postby Kilkis » Mon Nov 03, 2014 12:27 am

Frighteningly accurate.

The whole password issue is a nightmare. Everybody knows that you should use a different password for every site you use, that the passwords must not be anything easily deducible, i.e. preferably random strings of characters, you mustn't ever write it down anywhere and you must change it on a regular basis. Everybody also knows that is impossible in reality. In my case it would amount to about 50 passwords each changing on a six month cycle. The fact that every site has a different set of rules of what you can and cannot use makes it even worse. A simple example:

Normally when you set up a contract with OTENET you get a printed A4 sheet giving you all the details. On the sheet is a Customer Code and a Customer Password. You can use them to log on to the my.otenet.gr site and set up your normal log on user name and password. These are the ones you use for your router to connect to the Internet and to download emails. You also use these to change your password. The last time I set up an account I never received this sheet. Everything was set up by phone including the normal log on user name and password. I now get repeated emails from OTENET telling me that I have had the same password for over six months and I should change it but I can't change it because I don't have the original information.

Computer shopper came up with an interesting suggestion a couple of years ago. Think of three different length passwords that you won't forget, i.e. actual words. Modify them to include other characters so that they are no longer normal words in such a way that you won't forget the mods. For example you might use 1 instead of I or 4 instead of A etc. Never write these down. You can then construct a different password for every site by using different combinations of these words. You can keep a written record of these passwords in the form of their length without the risk of anybody discovering the passwords if they ever got hold of that record. For example you might write Living in Crete - Short Medium Short, Piraeus Bank - Long Short Medium Long

Warwick

SatCure
Posts: 1963
Joined: Fri Oct 05, 2007 9:57 pm
Location: Apokoronas

Postby SatCure » Mon Nov 03, 2014 8:01 am


johnincrete
Posts: 912
Joined: Thu Feb 18, 2010 4:04 pm
Location: Chania

Postby johnincrete » Mon Nov 03, 2014 8:02 am

I must not write down my password? What Greek burglar is going to force the front gate, get through the front door that is solid steel with an incredibly complicated lock, go down to the basement instead of up to the living quarters, then break into my storage area where my comuter & sound system are, then wade through the masses of paper work from several concurrent projects and find my password? Having found my password, how is this resorceful burglar going to use it?

There is far to much hysteria about passwords. Maybe true for the small number of people at work in a shared area where one or more has access to super-sensitive material. But surely totally irrelevent to we ex pats?

Similarly hackers. I have never seen any attempt to hack my computer revealed by security software - but then, I am careful about what sites I access.

Years ago, I had a discussion with the head of security at a London merchant bank. He really thought his system was secure because everyone's password was changed every day using a system generated string of 16 random characters. How, I asked, do people know their new password? We send it to them in the internal mail, was his proud reply. Are the envelopes distinctive, I asked. Then I gave up!

scooby

Postby scooby » Mon Nov 03, 2014 2:12 pm

Having used the same passwords for the last 12 years, despite the banks prompting me to change them now and then as one example, I have never come across any problems. My friend who is totally useless on a computer and has accessed some naughty sites has had the same passwords since he had his computer. A lot of scaremongering takes place to do with passwords. I would say it is a decision for each individual however.

Kilkis
Posts: 12179
Joined: Sat Apr 21, 2007 3:58 pm
Location: Near Chania

Postby Kilkis » Mon Nov 03, 2014 6:33 pm

It depends on the password and the web site.

If the password is long and complex, e.g. Pe2iJW75z&t5K8p%RZyukj7Cl$AOm@Uz there is probably no need to change it on a regular basis. If, however, it a recognisable word, e.g. password, you lay yourself open to hacking using dictionary techniques.

If the web site only allows a limited number of attempts before locking the account then you don't really need a very high security password. Some sites do this but some don't. I think most financial sites work this way.

If the web site has millions of users it is worth a hackers time repeatedly sending user names and passwords in the hope of striking lucky. I think the regular hacking of accounts on Google, Yahoo, Hotmail etc fell into this category. Greater care is then needed.

Warwick

Tim
Posts: 616
Joined: Sun Feb 19, 2012 1:41 pm
Location: Near Sitia
Contact:

Postby Tim » Mon Nov 03, 2014 7:21 pm

I recently had my UK bank account hacked. It would have made no difference how complicated my password was because the hackers used a virus to 'see' when I logged into my bank account and were then able to use my password and memorable information to get into the account and have a good look round. When they tried to set up a direct debit to a Santander account my bank was alerted and blocked them.

I would say that avoiding dodgy sites as previously mentioned and also running regular security scans with a program such as Malwarebytes would represent far better security precautions than endlessly messing about with passwords.

Tim

Kilkis
Posts: 12179
Joined: Sat Apr 21, 2007 3:58 pm
Location: Near Chania

Postby Kilkis » Mon Nov 03, 2014 7:30 pm

Banks usually operate a very limited number of permitted log on attempts before locking the account. It is extremely difficult, therefore, to hack a bank account by brute force methods. Gaining access to the password, e.g. using malware as you described, is about the only way.

That is not true of all web sites however. Some sites will allow effectively infinite repeated log on attempts and then brute force methods will work, especially if the password is a simple word.

Warwick

SatCure
Posts: 1963
Joined: Fri Oct 05, 2007 9:57 pm
Location: Apokoronas

Postby SatCure » Mon Nov 03, 2014 7:46 pm

SatCure wrote:I use this: https://agilebits.com/onepassword

on my Apple Macs (for extra security) but it's available for other platforms.


Return to “ Computers, TV, Telephone and Internet”

Who is online

Users browsing this forum: No registered users and 6 guests

cron