Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length.

[Tug Fanatic]

After a friend had a problem I have been reviewing my security and what I have found is worrying/frightening. I had thought that that I was on top of this. 10+ not single word and not repeated passwords, 2 factor SMS text message authentication, Yahoo email etc.

What I have found is that the "experts" tell me that I need a password safe, an authentication app and a new secure email such as Proton.

I have never kept important passwords on my computer but there really isn't a secure alternative. I am just not comfortable.

I hadn't even heard of all this stuff a week ago.

Has anybody else gone through this indecision?   
 
PS The though of changing the email address for all the people who have it is daunting.

[malcolmfrary]

Can't help with the password problems, but for email I have the one that my current ISP insists on, and a hotmail.com one that I've had through several ISPs since 1998.
I have just noted that my current provider is going to jack their price several quid a month with the "sweetener" that they will "give" me some useless tat that they have over valued that I neither want nor need.  So I will be looking for a replacement, and will have a change of non-hotmail address fairly soon.

[Tug Fanatic]

Malcolm

Have you changed email provider before?

When I think of the number of times that I have given out my email address over the years it is going to be an enormous job to change them all even if I take the opportunity to reduce the numbers.

I wish that you could port them like mobile phone numbers.

[RST]

I've never understood the theory of putting all your faith for passwords in yet another program. Everybody who sells them says they're safe, every software engineer I've asked says theyre not much different.  You takes your choice I guess.  I've gone the opposite way and cut my on-line footprint down as much as I can. Every year I aim to remove another on-line account and never join anything or shop anywhere new to an account is required now.

[spearfish99]

Malcolm

Have you changed email provider before?

When I think of the number of times that I have given out my email address over the years it is going to be an enormous job to change them all even if I take the opportunity to reduce the numbers.

I wish that you could port them like mobile phone numbers.

   When I looked at this, I found that if I changed my current provider (Talktalk), they would continue to support my old email address for 1 year after i cancelled my contract.  I believe that many providers do the same, giving you time to get your new email  address "out there" without losing anything sent to your old address .

[Colin Bishop]

I wouldn't get too worked up about it, just exercise a bit of commonsense.

It's difficult to order anything online without giving out at least an email address. I have several and use just two most of the time. My primary one is used by friends and family, banks, utilities, insurance and anything financially important.

The secondary one is with AOL and used for virtually all online orders. Of course when you order online, particularly from someone you don't know, your email address can simply be harvested and sold on (and often is) but AOL are good at weeding out special offers for blue pills and enticements from ladies of the night etc. and it all goes into a spam folder which I clear out every now and then.

I try to use PayPal for payments wherever possible rather than giving out my credit/debit card details. My PayPal account is linked to my No. 2 bank current account which never has more than a few hundred pounds in it.

For passwords, I maintain them using the Keepass program which is enough for my needs. The encrypted master file is copied to my laptop and a thumb drive and my Wife and daughters have the master password in case I fall under a bus.

It's worked so far.....

Colin

[warspite]

I have a special file for all my passwords under a family known heading that seems innocuous to others and the contents are related to family info, which unless you know the answers to the questions you cannot guess the password.


I also have two email accounts, the one for work and general known good contacts etc. and the other is an old email used to buy stuff with and one offs and the companies after you have bought something once, you are then plagued with 'offers' like insurance etc

[malcolmfrary]

Malcolm

Have you changed email provider before?

When I think of the number of times that I have given out my email address over the years it is going to be an enormous job to change them all even if I take the opportunity to reduce the numbers.

I wish that you could port them like mobile phone numbers.

A long time ago.  As others have said, you do get a grace period to depart gracefully, but the task is still there.  The advantage of a web based email is that once you have it, it stays.  A couple of traders didn't like hotmail and insisted on a non-hotmail address, but I expect that that has moved on.  And like anybody with a mobile phone, I have grown a gmail one as well.
Anyway, I jumped a bit early.  It wasn't end of contract, just an "upgrade" offer involving a selection of over valued, but unwanted, "gifts".
Chrome remembers most of them for me if I can remember my M$ account password.  Edge (the best browser to use to download Chrome) seems to be doing the same.

[RST]

If you check your isp's terms some still allow a working address (talk talk do /did allbeit with "reduced" functionallity) and last time I checked some allowed a nominal payment to keep it running. But you're at the mercy of what they want to do and no guarantee. I've always maintained the same ISP partly because of the e-mail address and partly because I'd only change to virgin media and they won't go north of Glasgow.  I didn't like the Ts and C's of any web based mail yet but they're probably no better or worse than my isp's. Better the devil you know for me.

[kinmel]

Just this week the UK's National Cyber Security Centre has updated it's advice concerning passwords and says if we use 3 random words strung together, that is sufficient security.

 The simplest way to select 3 random words is to use the location app " what3words ", which divides the world up into 3m² grid squares and assigns each of them a three-word code. Hence the single most valuable building in Great Britain can be identified as handed.dawn.short rather than Ordnance Survey grid reference SJ 89773 90375.

My local Tesco is in Prestatyn and W3W allocates the store defeated.envelope.trickled   so that could be a password for my Tesco Account. ( It isn't !)

[RST]

I listened to an r4 program about that system last year.  Something seems a bit counter -intuative about using an application to generate it (how secure is the application?).  Our IT at work put something similar out last year but they required many words, many latters, described it like remembering words 7, 99 and 376 of a minimum 1000 word memorable story, than allocating three random easy numbers and some kind of symbol.  The instruction was half an A4 page long.  Couldn't make any sense of it!  The problem I always have with memonics is trying to remember the memonic rather than just what's needed.  For me roygbiv is easier to remember than the Richard of York rhyme for the colours of the rainbow. Think you're either a believer or not.


I got rid of my Barclaycard finally before Xmas. 3 months of trying to get through on the phone and 1hr plus on hold each time. Their security has always been crazy daft. Trouble has always been they ask you for your memorable word, but they're not allowed to give you a reminder prompt like anyone else does -so unless it's written somewhere (which is counter effective), how are you supposed to know if you have a bad memory. Ultra secure I guess, nowt wrong with that security!

[Buccaneer]

All my Passwords etc. are kept in a notebook in the top draw of my desk. I think it is fairly secure.
John

[Tug Fanatic]

Thank you for all the thoughts. A few observations:

1. My email is not linked to my broadband supplier so I can take as long over the transition as I want. That is a mistake that I made with Freeserve many years ago & will not repeat.

2. I doubt that a "special file" is enough. If I searched your computer for a couple of links most people have, say Amazon and Ebay I wonder if they would appear on a very short list.

3. I am trying to keep this simple so that I can understand it! I am also concerned that my wife knows what is going on in case anything happens to me. All this without writing anything down.

4. A notebook doesn't sound very secure to me and if you have a problem I think that it is all the excuse your bank needs to disown any liability.

[warspite]

My 'Special Computer File' doesn't have the actual passwords etc, just a phrase or question that the wife knows what the password would be or at least one of three other versions of the answer, so even if the file is read by someone, unless they know the answers to the question they cannot guess the passwords, the file is also on a external hard drive which is not connected for the majority of the time.

[tigertiger]

Before people get too complacent about keeping passwords secret, that is not the problem. Passwords are cracked by malware, often with an active hacker. The malware just cycles through potential passwords until they get a hit.

Longer and more sophisticated passwords are better because after a certain amount of time, you wither log off, or the hacker has hacked other people first.
For example, if you have a single figure numeric password the software only needs 10 attempts. Double figure 100 attempts, etc. If you use numbers and letters, the number of tries increases by 10x26 factored into the length of the password, reduced if you are using words as those are fixed blocks of characters.
If you use numbers, letters, at least one capital letter, at least one special character (!@#etc.). That sounds familiar.

If you used randomly generated alpha, numeric, special character passwords these are most secure BUT can be easy to forget and a pain in the but to type in. That is why password safes have been flooding the market.


However, it is important to remember the password safe vendors are using scare tactics to frighten people into buying their product. This is a hard sell.

[tigertiger]

Having said what I said in my previous post.

You are most at risk if you allow your computer to save your user name and password for websites. I never do this for anything connected with my money, business, or sensitive personal data. That includes online shopping.
Passwords for sensitive sites I keep on paper, as many other people do. But these passwords are long (over 20 characters), and are alphanumeric and contain special characters and are memorable.

E.G.
MartinhashawaiianshirtsthatareOMG!@#LOUDliketheoneheworeatMayhem2010

[Tug Fanatic]

I have had a piece of paper with an index of company names to password numbers and also a separate piece of paper with the numbered passwords. It leaves the problem of a bit of paper to secure. In the real world the index and the passwords seem to end up in the same place.

Yes to long random passwords and yes to 2 factor authentication.

A problem that I had with this method was my email account. If they can break into an email account they can set about resetting passwords on all your other accounts. Putting it on the same sheet as all the other passwords is therefore not a good idea so that is 2 sheets that must be kept separate.

[malcolmfrary]

Writing on a piece of paper has worked well for a long time.
https://www.youtube.com/watch?v=ctM_Rvgjfpo


MartinhashawaiianshirtsthatareOMG!@#LOUDliketheoneheworeatMayhem2010  would be easily guessed by anybody observing Martin.

[spearfish99]

Does this ring any bells?

[derekwarner]

Any computer Guru will confirm that Troll creepeys search hard drives for number/digit sequences and repeated splurts of them.....so to keep my security numbers safe


1. I have an image of them on the home page, however disguised so even the Trolls eyes cannot distinguish what the digits represent
2. I also have a paper copy converted into one of those digitized QR Codes [blurred] image that even I cannot read

I am told, that the Dragon in the QR Code is actually a Troll eater 


So in the event I need to enter such a Password to enter into the PC, I ask one of my 9 Grandchildren to help 


Derek

[tigertiger]

MartinhashawaiianshirtsthatareOMG!@#LOUDliketheoneheworeatMayhem2010  would be easily guessed by anybody observing Martin.

Even from a distance 

[warspite]

Does this ring any bells?

I have a password like that - the only problem is I had to use just horse blood as I couldn't get any from a unicorn for love nor money 


That QR code - is it actually an updated version of packman, where the Ghosts have merged into a dinosaur