Change your trivial passwords (1 Viewer)

My twitter account was hacked and spam posted. The password was one I've used for over a decade online. It was vulnerable to dictionary attack. Fortunately, my account wasn't modified, and I updated my password to something incomprehensible and unhackable. I also changed my Facebook and HTF passwords. Especially HTF, which used the same 10+ year old password. I also noted that Facebook has great logs of all the computers I logged in from, and let me disable outdated connections. Twitter: nothing. No idea where the hack might have come from (not that it matters). But it reinforced my preference of Facebook over Twitter for my practical needs.I recommend you change any simple passwords for high-profile websites.

Dave:

Seeing as to how you probably didn't mean for the thread title to be "Change, you trivial passwords"...I am changing your thread title to "Change Your Trivial Passwords."



(But, if you'd prefer the comma instead...let me know.)

Sorry to hear your account got hacked. They're getting more and more sophisticated at cracking passwords. A while back I started using a password manager (very good app that's on Windows and Mac and iOS) and now my passwords are all incomprehensible strings of random numbers, digits and characters.

Main problem is using the same password on multiple sites (which I did for years!). If one site get's hacked, they try that same username and password on lots of other sites.

Mike Frezon said:

Dave:Seeing as to how you probably didn't mean for the thread title to be "Change, you trivial passwords"...I am changing your thread title to "Change Your Trivial Passwords." (But, if you'd prefer the comma instead...let me know.)

Click to expand...

Don't you know the great Easter spiritual, "Change, oh Thou trivial password." Thanks.

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway? I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence. I can't use a password manager because I have to login from several different computers and my phone.

Chuck Anstey said:

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway? I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence. I can't use a password manager because I have to login from several different computers and my phone.

Click to expand...

I use notepad in my phone.

I also still use AOL as my "base" for most websites. Seems AOL is long lost to spammers/hackers.

AOL is like the joke Bill Maher said about Facebook...

"If you want internet privacy, use MySpace..."

Chuck Anstey said:

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway? I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence. I can't use a password manager because I have to login from several different computers and my phone.

Click to expand...

I've used SplashID for years to keep track of passwords. I also use browser auto fill and , more recently, OS X keychain to hold passwords. These aren't vulnerable to remote brute force attack. (I suppose keychain might be, but I'm aware of problems so far)Corporate password that can't be recorded is based on keyboard patterns, patterns for changing it, and frequent use.

Chuck Anstey said:

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway? I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence. I can't use a password manager because I have to login from several different computers and my phone.

Click to expand...

I have an app on my phone with all my userid/passwords. At last count, I have 48 different accounts listed between work and personal use. There is absolutely no way I could possibly remember all these without some sort of app. At least this way I only need my phone and to remember one password.

Scott Merryfield said:

I have an app on my phone with all my userid/passwords. At last count, I have 48 different accounts listed between work and personal use. There is absolutely no way I could possibly remember all these without some sort of app. At least this way I only need my phone and to remember one password.

Click to expand...

Scott:

What's the app?

Re: SplashID. So you are saying that you put all your passwords in one place "in the cloud" (i.e. China) to increase security? That doesn't seem very secure because you don't know who is holding your data (and they have full unencrypted access) and hackers only need to go to one place to get it all.

A better question to ask is how exactly do the password cracking programs work?

More specifically, how exactly are the "dictionaries" being created?

Mike Frezon said:

Scott:

What's the app?

Click to expand...

I am using PwdHive on my Android-based phone. Not sure if they have an iPhone version.

Android also has aWallet Password Manager.

I have a small thumb drive I can connect to any PC that includes a copy of KeePass on it. It's another password management type application, but is stored locally rather than in the cloud. I just have to remember the "master" password to access everything else.

Chuck Anstey said:

Re: SplashID. So you are saying that you put all your passwords in one place "in the cloud" (i.e. China) to increase security? That doesn't seem very secure because you don't know who is holding your data (and they have full unencrypted access) and hackers only need to go to one place to get it all.

Click to expand...

I don't pay for the cloud sync. Local sync only.

I've been using SplashID since about 2002, with a Sony Clie (Palm). The same database has transitioned over a decade, across two Palm devices and and two iPhones and an iPad. It has also survived going from Win98 to WinXP to OS X. It lacks some browser integration features of dedicated password minders, but makes up for it as an all-in-one data minder: credit cards, vehicle VIN & license plate, frequent-flyer accounts, and web passwords (over 200 passwords going back to some of my earliest logins).

jcroy said:

A better question to ask is how exactly do the password cracking programs work?

More specifically, how exactly are the "dictionaries" being created?

Click to expand...

Brute force and ignorance. Computers are fast enough that every password combination based on common words can be pre-computed and tried against a hacked password hash table. Depending on the login system, they can also be tried against live logins.

Wikipedia has an overview:
http://en.wikipedia.org/wiki/Dictionary_attack

I believe both Facebook and Twitter now support two factor authentication so if you don't mind the extra step, it provides some extra security.

Chuck Anstey said:

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway? I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence. I can't use a password manager because I have to login from several different computers and my phone.

Click to expand...

LastPass, as well as other password managers I would guess, support "one time use" passwords which would solve this particular problem. Use of a Yubikey with LastPass might also work as a solution.

-Keith

Chuck Anstey said:

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway? I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence. I can't use a password manager because I have to login from several different computers and my phone.

Click to expand...

I failed to comment on that, and I don't have an answer. I don't have any systems with monthly password resets.