Millions using 123456 as password, security study finds
Discussion
I need over 40 different passwords to access various websites etc. In addition to the passwords, in some cases I also need additional "memorable words" or authentication codes" to access certain services.
Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
Password manager is the only way to go. Set up 2 factor reauthentication for when a new IP location is detected.
Any risks inherent to the tech is vastly outweighed by potential for manual error.
Sites are hacked all the time. If you reuse even part of a password on multiple sites, you may as well be using 123456.
The only safe method is a different 12 digit pass for every site you visit.
Modern encryption is pretty much uncrackable. Your master pass is not accessible to anyone but you.
Any risks inherent to the tech is vastly outweighed by potential for manual error.
Sites are hacked all the time. If you reuse even part of a password on multiple sites, you may as well be using 123456.
The only safe method is a different 12 digit pass for every site you visit.
Modern encryption is pretty much uncrackable. Your master pass is not accessible to anyone but you.
Eric Mc said:
I need over 40 different passwords to access various websites etc. In addition to the passwords, in some cases I also need additional "memorable words" or authentication codes" to access certain services.
Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
Last time I looked in my "records" I have just under 80 - from forums thro to dartford toll crossing - I rarely need to look and all my passwords are different and between 15 and 16 characters with upper and lower case, numbers as well as special characters.Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
For work it's the same but I use a different base and some of the applications have different rules - one of them has a max of 12 characters some have as few as 6 as a maximum
B'stard Child said:
Eric Mc said:
I need over 40 different passwords to access various websites etc. In addition to the passwords, in some cases I also need additional "memorable words" or authentication codes" to access certain services.
Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
Last time I looked in my "records" I have just under 80 - from forums thro to dartford toll crossing - I rarely need to look and all my passwords are different and between 15 and 16 characters with upper and lower case, numbers as well as special characters.Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
For work it's the same but I use a different base and some of the applications have different rules - one of them has a max of 12 characters some have as few as 6 as a maximum
Eric Mc said:
I need over 40 different passwords to access various websites etc. In addition to the passwords, in some cases I also need additional "memorable words" or authentication codes" to access certain services.
Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
If you use 1 password for all system and one of those systems is compromised the attacker can potentially access all your accounts. You wouldn't have a single key for every physical lock you own would you.Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
B'stard Child said:
anonymous said:
[redacted]
I would have thought that quite a few petrolheads use number plates as a base for passwords red_slr said:
The diagonal line method with shift holds works well and easy to change every x days/months by moving over one letter.
So long as you use the same combination of shift up and down you just have to remember the starting letter / number so you can end up with a really nice long random (ish) password that is really quite quick to input such as bhu8*UHBbgt5%TGB you only have to remember "b".
It also means you can share passwords with other people with just one letter so you could tell your wife / business partner that the current password is b and so long as they know the direction / combination of shift holds they can access AND change the password then just tell you the new password is for example m would be mko0)OKMmju7&UJM.
This is also a very bad idea. A password cracker application will try common passwords and key patterns before a brute force. This method is also very vulnerable to a shoulder surf.So long as you use the same combination of shift up and down you just have to remember the starting letter / number so you can end up with a really nice long random (ish) password that is really quite quick to input such as bhu8*UHBbgt5%TGB you only have to remember "b".
It also means you can share passwords with other people with just one letter so you could tell your wife / business partner that the current password is b and so long as they know the direction / combination of shift holds they can access AND change the password then just tell you the new password is for example m would be mko0)OKMmju7&UJM.
if your password is any of these (or mild variations of), change them immediately:
Password123
123456789
qwerty
ManchesterUnited
England1966
Letmein123
Eric Mc said:
B'stard Child said:
Eric Mc said:
I need over 40 different passwords to access various websites etc. In addition to the passwords, in some cases I also need additional "memorable words" or authentication codes" to access certain services.
Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
Last time I looked in my "records" I have just under 80 - from forums thro to dartford toll crossing - I rarely need to look and all my passwords are different and between 15 and 16 characters with upper and lower case, numbers as well as special characters.Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
For work it's the same but I use a different base and some of the applications have different rules - one of them has a max of 12 characters some have as few as 6 as a maximum
Eric Mc said:
I need over 40 different passwords to access various websites etc. In addition to the passwords, in some cases I also need additional "memorable words" or authentication codes" to access certain services.
Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
It is absurd some of the sites that require you to have passwords or go through ridiculous security hoops. I live in fear that my HMRC password will be hacked and someone will login and pay my taxes for me.Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
B'stard Child said:
Eric Mc said:
B'stard Child said:
Eric Mc said:
I need over 40 different passwords to access various websites etc. In addition to the passwords, in some cases I also need additional "memorable words" or authentication codes" to access certain services.
Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
Last time I looked in my "records" I have just under 80 - from forums thro to dartford toll crossing - I rarely need to look and all my passwords are different and between 15 and 16 characters with upper and lower case, numbers as well as special characters.Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
For work it's the same but I use a different base and some of the applications have different rules - one of them has a max of 12 characters some have as few as 6 as a maximum
jtremlett said:
t is absurd some of the sites that require you to have passwords or go through ridiculous security hoops. I live in fear that my HMRC password will be hacked and someone will login and pay my taxes for me.
It has already happened - although funilly enough, the hackers were claiming tax refunds.Quelle surprise.
Eric Mc said:
B'stard Child said:
Eric Mc said:
B'stard Child said:
Eric Mc said:
I need over 40 different passwords to access various websites etc. In addition to the passwords, in some cases I also need additional "memorable words" or authentication codes" to access certain services.
Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
Last time I looked in my "records" I have just under 80 - from forums thro to dartford toll crossing - I rarely need to look and all my passwords are different and between 15 and 16 characters with upper and lower case, numbers as well as special characters.Do they really expect us to keep all of this in our heads - or try and have completely different passwords for each and every service?
For work it's the same but I use a different base and some of the applications have different rules - one of them has a max of 12 characters some have as few as 6 as a maximum
It helps but some people you can't re-educate
B'stard Child said:
It was a reference to a post you made in another thread citing education being the solution
It helps but some people you can't re-educate
I worked that out - but thanks for the assistance.It helps but some people you can't re-educate
Yes - there are lots of people who you can't educate - let alone re-educate. That consigns them to the scrapheap of life - in true PH "big and powerful director" manner.
Eric Mc said:
I worked that out - but thanks for the assistance.
Yes - there are lots of people who you can't educate - let alone re-educate. That consigns them to the scrapheap of life - in true PH "big and powerful director" manner.
I think personally that even if you shun a technology solution and simply keep a book and use three or four random words for each site, you're in a pretty good place.Yes - there are lots of people who you can't educate - let alone re-educate. That consigns them to the scrapheap of life - in true PH "big and powerful director" manner.
I work in IT and it's easy to say "Use a password manager" but my Mum uses a book because honestly she's hopeless with anything IT related.
eldar said:
I worked for IBM. They had a high security system that issued unmemorable secure passwords rather than let you choose.
Always written on an ID badge or underneath the keyboard.
Wasn't there a second factor - code generator etc? If you had to enter the password everytime you logged in then having unmemorable passwords seems stupid.Always written on an ID badge or underneath the keyboard.
Missus worked in the civil service and they had to change their password every month - apparently a huge proportion of them used their DOB plus the current month.
Whoozit said:
Passwords are old tech. But combine them with two factor authentication for everything important, and the complexity for a third party to hack the account increases rather a lot, I'm told.
We have 2FA on our email, but then if someone gets access to our 'phones by the pin code (or perpahs by chopping our fingers off) then they're straight in, aren't they?Sheepshanks said:
We have 2FA on our email, but then if someone gets access to our 'phones by the pin code (or perpahs by chopping our fingers off) then they're straight in, aren't they?
Yes, but that's not what 2FA is meant to guard against.It's meant to guard against someone either guessing your password or re-using one they've stolen from somewhere else or picking it up off the post-it note you leave lying around.
It's a little like password managers in that it isn't perfect, but you're almost always better off with it than without it.
Sheepshanks said:
Whoozit said:
Passwords are old tech. But combine them with two factor authentication for everything important, and the complexity for a third party to hack the account increases rather a lot, I'm told.
We have 2FA on our email, but then if someone gets access to our 'phones by the pin code (or perpahs by chopping our fingers off) then they're straight in, aren't they?If you are a right handed powerfully built company director and they can get you to pay them millions, be ready to start picking your nose with your left index finger. Or have other physical and procedural measures in place.
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff