PistonHeads
PistonHeads
Buy
Sell
Forum
Gassing Station » News, Politics & Economics
PistonHeads » Gassing Station » The Pie & Piston » News, Politics & Economics
Millions using 123456 as password, security study finds
My ProfileMy PreferencesMy Mates
SearchMy Stuff
What's New3122472

Millions using 123456 as password, security study finds

Reply
Show all posts
Show all posts
Reply
Show all posts
Author
Discussion

bitchstewie

Original Poster:

51,395 posts

211 months

[report]
[news]
Monday 22nd April 2019
quotequote all
In 2019 with all the mainstream coverage that security incidents get I find this slightly staggering.

https://www.bbc.com/news/amp/technology-47974583

If you're reading this and thinking "I do that" please read the article and change your habits smile

bitchstewie

Original Poster:

51,395 posts

211 months

[report]
[news]
Monday 22nd April 2019
quotequote all
Get a password manager and use it.

  • 1Password
  • LastPass
  • KeePass if you don't trust cloud options.
Protect your email account with every measure available i.e. strong unique password and 2FA if available.

bitchstewie

Original Poster:

51,395 posts

211 months

[report]
[news]
Monday 22nd April 2019
quotequote all
Eric Mc said:
I worked that out - but thanks for the assistance.

Yes - there are lots of people who you can't educate - let alone re-educate. That consigns them to the scrapheap of life - in true PH "big and powerful director" manner.
I think personally that even if you shun a technology solution and simply keep a book and use three or four random words for each site, you're in a pretty good place.

I work in IT and it's easy to say "Use a password manager" but my Mum uses a book because honestly she's hopeless with anything IT related.

bitchstewie

Original Poster:

51,395 posts

211 months

[report]
[news]
Monday 22nd April 2019
quotequote all
Sheepshanks said:
We have 2FA on our email, but then if someone gets access to our 'phones by the pin code (or perpahs by chopping our fingers off) then they're straight in, aren't they?
Yes, but that's not what 2FA is meant to guard against.

It's meant to guard against someone either guessing your password or re-using one they've stolen from somewhere else or picking it up off the post-it note you leave lying around.

It's a little like password managers in that it isn't perfect, but you're almost always better off with it than without it.

bitchstewie

Original Poster:

51,395 posts

211 months

[report]
[news]
Monday 22nd April 2019
quotequote all
Dogwatch said:
Why do sites allow multiple login attempts anyway? Should be three attempts and then blanked for perhaps an hour.
Because people are people and type things in wrong.

Repeatedly.

bitchstewie

Original Poster:

51,395 posts

211 months

[report]
[news]
Tuesday 23rd April 2019
quotequote all
The Mad Monk said:
How secure would it be to use a cryptic word encoded, plus a number known only to you?
Think less about that, though it's important, and more about uniqueness.

So let's say on Site A you use a password of "crypticwordencoded776" and sit back basking in the knowledge that it's something strong and known only to you.

However it's a bh to remember so when you register on Site B you also use "crypticwordencoded776".

Only Site B don't have the same levels of security as Site A and someone steals (not guesses, steals) the passwords so now they know your email address and password of "crypticwordencoded776".

They then go and try Facebook, Twitter, Gmail, whatever, using your email address and "crypticwordencoded776".

See where this is headed...
Reply
Show all posts
Show all posts
Reply
Show all posts

Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff