milovany Posted August 9, 2017 Share Posted August 9, 2017 (edited) Has has been shared already? I looked but didn't see it -- forgive me if so. It was an interesting read for me this morning. The man who was part of the report detailing how our passwords should have a good mix of uppercase and lowercase letters, as well as numbers and special characters, now says he was wrong. A long string of words is more secure. He also says it's not necessary to force users to change their passwords routinely unless there's been signs of a password hack attempt. I have a system for creating passwords that uses the uppercase, lowercase, numbers and symbols in a routine (but known only to me) way. Looks like I may be able to let go of the password gymnastics. WSJ article Edited August 10, 2017 by milovany 12 Quote Link to comment Share on other sites More sharing options...
Seasider Posted August 9, 2017 Share Posted August 9, 2017 Hopefully websites will stop forcing the password gymnastics upon us. I also have my own password system and while it's alpha-numeric, it's annoying to be forced to include capital letters and special characters. 10 Quote Link to comment Share on other sites More sharing options...
ashfern Posted August 9, 2017 Share Posted August 9, 2017 I hate when I can't quite recall the password. If the website would put a reminder of what they require for the password. Some want a of combination upper & lower, some want letters & numbers, some want special characters, some you can't use special characters. It's very annoying. 11 Quote Link to comment Share on other sites More sharing options...
milovany Posted August 9, 2017 Author Share Posted August 9, 2017 I hate when I can't quite recall the password. If the website would put a reminder of what they require for the password. Some want a of combination upper & lower, some want letters & numbers, some want special characters, some you can't use special characters. It's very annoying. Hopefully this news will start to filter into company website departments and we'll see changes over time. I'd much rather try and remember monkeymuffiincaliforniatrain than what I've had to do with my system. The system certainly made things easier for me, but sometimes my system doesn't work, for example when a website won't allow certain special characters. Then I have to remember how I changed that one password when I visit that site. 4 Quote Link to comment Share on other sites More sharing options...
EmseB Posted August 9, 2017 Share Posted August 9, 2017 Longer passwords are definitely better, which is why it's so annoying when a company limits a password field to 8 or 12 characters. I use LastPass which is amazing for having different passwords for every site that has different criteria and not having to remember them. 2 Quote Link to comment Share on other sites More sharing options...
milovany Posted August 9, 2017 Author Share Posted August 9, 2017 monkeymuffiincaliforniatrain I'm having fun coming up with the string of words, LOL. Don't worry, I won't use either of the examples posted here as a future password. :) Quote Link to comment Share on other sites More sharing options...
Cinder Posted August 9, 2017 Share Posted August 9, 2017 Longer passwords are definitely better, which is why it's so annoying when a company limits a password field to 8 or 12 characters. Yes, my ds has talked to us about this issue--that more characters provides more security than just using symbols and numbers. He was annoyed recently at some website he uses that limits the passwords to 8 characters. Quote Link to comment Share on other sites More sharing options...
TravelingChris Posted August 9, 2017 Share Posted August 9, 2017 Both of my kids work in the health field and they were both complaining to me yesterday how the new vaccination system set up by the government is absolutely horrible and they are having issues at each of their works. The problem- you have to change your password every 2 months and if you forget you are locked out. We had a similar nutty situation with our military retiree pay website- giant complicated passwords with all sorts of crazy rules that had to be changed every two or three months. I initially set it up and gave all the passwords for like four years worth to dh but thamkfully he was able to bypass it in another way where he doesn't have to keep changing passwords. I was so furious with it that I just used curse word substitutions and adjectives like idiotic, stupid, etc. So what does everybody do in these moronic situations- keep records of passwords. 1 Quote Link to comment Share on other sites More sharing options...
Guest Posted August 9, 2017 Share Posted August 9, 2017 I am exceedingly irritated by companies that require me to have a password to look at their site. If I have any choice in the matter, I walk away. It's so stupid. Quote Link to comment Share on other sites More sharing options...
milovany Posted August 9, 2017 Author Share Posted August 9, 2017 Ironically, we have to sign in and use a password to read the article! Did you?? I didn't and I don't have a WSJ account. Quote Link to comment Share on other sites More sharing options...
Guest Posted August 9, 2017 Share Posted August 9, 2017 Hopefully websites will stop forcing the password gymnastics upon us. I also have my own password system and while it's alpha-numeric, it's annoying to be forced to include capital letters and special characters. I'd love to get rid of the asinine security questions!! "What was your maternal grandmother's shoe size?" "Name your first grade teacher's favorite food" "What was the third song at your neighbor's wedding reception?" 5 Quote Link to comment Share on other sites More sharing options...
Aura Posted August 9, 2017 Share Posted August 9, 2017 Both of my kids work in the health field and they were both complaining to me yesterday how the new vaccination system set up by the government is absolutely horrible and they are having issues at each of their works. The problem- you have to change your password every 2 months and if you forget you are locked out. We had a similar nutty situation with our military retiree pay website- giant complicated passwords with all sorts of crazy rules that had to be changed every two or three months. I initially set it up and gave all the passwords for like four years worth to dh but thamkfully he was able to bypass it in another way where he doesn't have to keep changing passwords. I was so furious with it that I just used curse word substitutions and adjectives like idiotic, stupid, etc. So what does everybody do in these moronic situations- keep records of passwords. I do exactly that. I keep a hard copy of websites and their passwords. I don't carry it with me, so it would only be of use if someone broke into the house, found the mundane place I keep it, figured out what it was and how to use it, and so on. 2 Quote Link to comment Share on other sites More sharing options...
Seasider Posted August 9, 2017 Share Posted August 9, 2017 I'd love to get rid of the asinine security questions!! "What was your maternal grandmother's shoe size?" "Name your first grade teacher's favorite food" "What was the third song at your neighbor's wedding reception?" When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out. Mother's maiden name? Gobbledegook. Name of first pet? Gobbledegook. Favorite vacation city? Gobbledegook. 5 Quote Link to comment Share on other sites More sharing options...
Guest Posted August 9, 2017 Share Posted August 9, 2017 I do exactly that. I keep a hard copy of websites and their passwords. I don't carry it with me, so it would only be of use if someone broke into the house, found the mundane place I keep it, figured out what it was and how to use it, and so on. I asked a brilliant man (I mean as in really a genius) who works in the encryption field how to best keep track of the passwords. He looked at me like I was nuts. "Write them down! No one can remember all this stuff." Then put them somewhere safe. Like a safe. As a backup measure, I periodically send a copy to my BFF and she slaps the envelope in her safe. Done. Quote Link to comment Share on other sites More sharing options...
ktgrok Posted August 9, 2017 Share Posted August 9, 2017 I just heard about this too...my husband is in cyber security and told me. And we now have one password on our computers/phones, and it encourages strings of words, often with hyphens added in between them. I like to use insults. 3 Quote Link to comment Share on other sites More sharing options...
klmama Posted August 9, 2017 Share Posted August 9, 2017 When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out. Mother's maiden name? Gobbledegook. Name of first pet? Gobbledegook. Favorite vacation city? Gobbledegook. This is brilliant! 1 Quote Link to comment Share on other sites More sharing options...
Corraleno Posted August 9, 2017 Share Posted August 9, 2017 (edited) I was so furious with it that I just used curse word substitutions and adjectives like idiotic, stupid, etc. So what does everybody do in these moronic situations- keep records of passwords. The ones that tick me off the most are the websites that don't give you specific parameters (# of letters, UC, lc, numbers, characters, etc.) but just say that the password you chose was "weak" and make you keep randomly typing new ones until you hit on one it decides is "strong" enough. Those are the passwords that end up being a string of curse words and characters! As for recording passwords, Safari does that automatically and I can access the whole list with the main password for my laptop. Written copies would never work for me because I'd be writing new passwords on scraps of paper and then losing them before I ever got around to adding them to the master list. :blush: I'd love to get rid of the asinine security questions!! "What was your maternal grandmother's shoe size?" "Name your first grade teacher's favorite food" "What was the third song at your neighbor's wedding reception?" :lol: :lol: :lol: When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out. Mother's maiden name? Gobbledegook. Name of first pet? Gobbledegook. Favorite vacation city? Gobbledegook. That is genius! :thumbup1: Edited August 9, 2017 by Corraleno Quote Link to comment Share on other sites More sharing options...
EmseB Posted August 9, 2017 Share Posted August 9, 2017 Seriously, look into a password manager. It's a secure way of having many long complicated passwords for multiple websites without writing them down or trying to remember them. Quote Link to comment Share on other sites More sharing options...
Corraleno Posted August 9, 2017 Share Posted August 9, 2017 Don't most browsers include password management? I know Safari does and I think Firefox does too. Or do people think those aren't secure enough? 1 Quote Link to comment Share on other sites More sharing options...
klmama Posted August 9, 2017 Share Posted August 9, 2017 Dh thinks the password vault on the computer is a better choice. I think that if the computer is stolen, his list will be gone; my written list of passwords tucked into a file with foreign language worksheets is likely to still be there. 1 Quote Link to comment Share on other sites More sharing options...
EmseB Posted August 9, 2017 Share Posted August 9, 2017 Don't most browsers include password management? I know Safari does and I think Firefox does too. Or do people think those aren't secure enough? I prefer a manager independent of my browser, with a mobile app (only accessible by fingerprint). I have a really long phrase I use to log in to it and my passwords aren't stored on my computer. Quote Link to comment Share on other sites More sharing options...
purpleowl Posted August 9, 2017 Share Posted August 9, 2017 (edited) For one frustrating website, I tried using "yourmom'spasswordisn'tstrongenough." It was rejected because it was too long. Edited August 9, 2017 by purpleowl 3 Quote Link to comment Share on other sites More sharing options...
RegGuheert Posted August 9, 2017 Share Posted August 9, 2017 (edited) Don't most browsers include password management? I know Safari does and I think Firefox does too. Or do people think those aren't secure enough? Yes, Firefox, Safari and other browsers have features to store passwords. I consider them a huge security leak. Here are some issues: - You can view all the passwords stored there. - If it is Firefox (and perhaps the others), you can easily get the passwords from a backup of the computer if one exists. - If you tell the browser to "Never Store" certain passwords, then the browser stores the urls of your banks, investments, etc. My policy with these things is: - NEVER store a "strong" password for an important site in the browser. - NEVER tell the browser to "Never Store" important passwords, but rather tell them not to remember it each and every time. DS19 has the most secure approach I know of to password security. It's a bit of a pain, but I think his stuff is ridiculously secure. I'm getting close to adopting his approach myself. Edited August 9, 2017 by RegGuheert Quote Link to comment Share on other sites More sharing options...
Lady Florida. Posted August 9, 2017 Share Posted August 9, 2017 Dh works for a civilian contractor in a military facility. He's required to change his password every 6 months and they follow the uppercase/lowercase/numbers/characters rule. He has a special way of coming up with new ones. I wonder if government entities are going to change their rules after this. I like my way of coming up with passwords and I could be wrong but they do seem secure to me. -No one on the planet, not even dh, knows the pet name* I had for the dog I owned in the seventies plus the year she was born and the year she died. Not even closest family knows what I used to call her. Most don't remember when she was born if they even knew. -No one (except maybe my 82 yo aunt) knows my mother's first name that she never ever ever used (not in any legal or informal way ever) but was given at her baptism because the priest required a saint's name, plus the unkind name she and her sisters were called as kids (because they were "greasy Italians") plus the year she and my dad divorced. ^^Those are not actual current passwords but examples of how I come up with passwords. ^^ I suppose if hackers tried long enough they'd string those things together but if they tried long enough they'd crack nearly any password. *Yes, I have special pet names for my pets. Doesn't everyone? :) I'd love to get rid of the asinine security questions!!"What was your maternal grandmother's shoe size?""Name your first grade teacher's favorite food""What was the third song at your neighbor's wedding reception?" I remember a meme going around a while back with a parent looking down on a child and a puppy. The caption has the parent saying. "Think carefully before you name him. That will be your security answer for the rest of your life.". :lol: 2 Quote Link to comment Share on other sites More sharing options...
Joules Posted August 9, 2017 Share Posted August 9, 2017 When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out. Mother's maiden name? Gobbledegook. Name of first pet? Gobbledegook. Favorite vacation city? Gobbledegook. I've always done that, but have recently started getting error messages: "Security questions must have unique answers" Quote Link to comment Share on other sites More sharing options...
Lady Florida. Posted August 9, 2017 Share Posted August 9, 2017 I've always done that, but have recently started getting error messages: "Security questions must have unique answers" Maybe try: Gobble de gook Unique answers to each question. 1 Quote Link to comment Share on other sites More sharing options...
Seasider Posted August 9, 2017 Share Posted August 9, 2017 I've always done that, but have recently started getting error messages: "Security questions must have unique answers" I hope I never see that! So far it's been a good run! Quote Link to comment Share on other sites More sharing options...
milovany Posted August 9, 2017 Author Share Posted August 9, 2017 (edited) DP. Edited August 9, 2017 by milovany 1 Quote Link to comment Share on other sites More sharing options...
milovany Posted August 9, 2017 Author Share Posted August 9, 2017 (edited) Maybe try: Gobble de gook Unique answers to each question. Then you have to remember which one goes with which question, thus (partially) defeating the purpose. And usually answers have to be a minimum of four letters so it would have to be gobb, lede and gook. 😄 Edited August 9, 2017 by milovany 1 Quote Link to comment Share on other sites More sharing options...
Guest Posted August 9, 2017 Share Posted August 9, 2017 (edited) There was a very famous XKCD about this years ago. We have found it to be true. I use a password vault (OnePassword) and my password for that is extremely long, unique, and yet memorable. Everything contained within is extremely long and completely algorithmically gibberish, but all I need to remember is the one. Good stuff. Edited August 10, 2017 by Arctic Mama Quote Link to comment Share on other sites More sharing options...
greenbeanmama Posted August 10, 2017 Share Posted August 10, 2017 My husband is in IT and deal with security issues for a billion-dollar company. He's extremely careful with passwords, and uses a password generator to come up with random uppercase/lowercase/number/symbol passwords of a ridiculously long variety. What worries me is that the bank that has our mortgage is a) not case sensitive and b) doesn't allow symbols in their passwords. How drastically reduced are my password options! I have a piece of paper where I write down our passwords because I can't remember all of them. Quote Link to comment Share on other sites More sharing options...
Laurie4b Posted August 10, 2017 Share Posted August 10, 2017 I was so relieved when this news came out. I will much more easily remember passwords composed of words than letters/numbers/symbols differing by website. I have one password I use for everything online that is not tied to money in any way, like this and other message boards. Is there anything wrong with that? Then I have a handful of different passwords that I use for sites like Facebook (where accounts regularly get hacked) or sites involving any money exchange. Quote Link to comment Share on other sites More sharing options...
RegGuheert Posted August 10, 2017 Share Posted August 10, 2017 There was a very famous XKCD about this years ago. We have found it to be true. I use a password vault and my password for that is extremely long, unique, and yet memorable. Everything contained with in is extremely long and completely algorithmicallt gibberish, but all I need to remember is the one. Good stuff. This Gizmodo article includes that XKCD piece. 3 Quote Link to comment Share on other sites More sharing options...
Anne Posted August 10, 2017 Share Posted August 10, 2017 When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out. Mother's maiden name? Gobbledegook. Name of first pet? Gobbledegook. Favorite vacation city? Gobbledegook. I thought this was a great idea also until I ran into the website that would not allow duplicate answers to different questions...... :-( anne Quote Link to comment Share on other sites More sharing options...
scoutingmom Posted August 10, 2017 Share Posted August 10, 2017 I thought this was a great idea also until I ran into the website that would not allow duplicate answers to different questions...... :-( anne GobbledegookMom GobbledegookPet GobbledegookCity ? Sent from my SM-G903W using Tapatalk 1 Quote Link to comment Share on other sites More sharing options...
Laura Corin Posted August 10, 2017 Share Posted August 10, 2017 I'd love to get rid of the asinine security questions!! "What was your maternal grandmother's shoe size?" "Name your first grade teacher's favorite food" "What was the third song at your neighbor's wedding reception?" What's your father's middle name? No, you can't use that because it doesn't have enough letters.... 3 Quote Link to comment Share on other sites More sharing options...
fdrinca Posted August 10, 2017 Share Posted August 10, 2017 (edited) A while ago DH started using song titles from his favorite albums as his password. It hits: long streams of words (usually), capital letters, and, when he includes the tracks, numbers. I, however, have exactly the same password I have had for 15+ years, and when I am forced to change it I invariably never ever ever remember the new password. Edited August 10, 2017 by fdrinca Quote Link to comment Share on other sites More sharing options...
Lanny Posted August 10, 2017 Share Posted August 10, 2017 I use the Free version of the LastPass Password Manager, which makes life easier and faster for getting into the web sites I visit, routinely or rarely. For LastPass, I use a "Pass Phrase" such as you described. That's the only one I need to have memorized. This is the URL for LastPass: https://www.lastpass.com/ Quote Link to comment Share on other sites More sharing options...
Ausmumof3 Posted August 10, 2017 Share Posted August 10, 2017 When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out. Mother's maiden name? Gobbledegook. Name of first pet? Gobbledegook. Favorite vacation city? Gobbledegook. Good idea... Will do this from now on. Quote Link to comment Share on other sites More sharing options...
Bluegoat Posted August 10, 2017 Share Posted August 10, 2017 I had wondered about this thing with different characters, which my dh seems to insist on. It's seemed to me that it isn't really any different than having a larger alphabet that you are using? Quote Link to comment Share on other sites More sharing options...
EmseB Posted August 10, 2017 Share Posted August 10, 2017 I had wondered about this thing with different characters, which my dh seems to insist on. It's seemed to me that it isn't really any different than having a larger alphabet that you are using? You are correct. Adding numbers and characters increases the "alphabet" but in terms of hacking someone's password the effect there is negligible. Whereas if you have more characters (longer password) that is harder to hack. Which is basically what the article says, I suspect, but it's behind a paywall for me. 1 Quote Link to comment Share on other sites More sharing options...
J-rap Posted August 10, 2017 Share Posted August 10, 2017 When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out. Mother's maiden name? Gobbledegook. Name of first pet? Gobbledegook. Favorite vacation city? Gobbledegook. What a great idea! Quote Link to comment Share on other sites More sharing options...
Lady Florida. Posted August 10, 2017 Share Posted August 10, 2017 So is anyone else trying to think of a string of words that don't go together but that you can remember? :) Quote Link to comment Share on other sites More sharing options...
J-rap Posted August 10, 2017 Share Posted August 10, 2017 I've been on sites where they require that the password has no word in it that is actually a real word. So, it has to be completely random characters that do not spell anything at all. Very frustrating. Quote Link to comment Share on other sites More sharing options...
klmama Posted August 10, 2017 Share Posted August 10, 2017 DS19 has the most secure approach I know of to password security. It's a bit of a pain, but I think his stuff is ridiculously secure. I'm getting close to adopting his approach myself. What is his approach? Quote Link to comment Share on other sites More sharing options...
TravelingChris Posted August 10, 2017 Share Posted August 10, 2017 No requiring or including numbers or symbols is less good because we have 26 letters and 52 if you use both capitals and small letters, and there are only 10 numbers (0-9) and usually 8 or less symbols allowed. It decreases the time needed to hack the code as the link previously mentioned showed in a nice cartoon. Quote Link to comment Share on other sites More sharing options...
Ravin Posted August 10, 2017 Share Posted August 10, 2017 Often there are limits to how many characters a password can be. I use a system that utilizes lines of poetry, using just the first letter of each word, correctly capitalized and including punctuation. The poem then helps me remember the password. 1 Quote Link to comment Share on other sites More sharing options...
luuknam Posted August 10, 2017 Share Posted August 10, 2017 (edited) I've been on sites where they require that the password has no word in it that is actually a real word. So, it has to be completely random characters that do not spell anything at all. Very frustrating. Often by that they just mean English words... so, just make up a phrase in a foreign language. ETA: it's not like they can realistically make you not use words from *any* language, because then most letter combinations would be words. Edited August 10, 2017 by luuknam 1 Quote Link to comment Share on other sites More sharing options...
Bluegoat Posted August 10, 2017 Share Posted August 10, 2017 Often there are limits to how many characters a password can be. I use a system that utilizes lines of poetry, using just the first letter of each word, correctly capitalized and including punctuation. The poem then helps me remember the password. I am going to steal your system. 1 Quote Link to comment Share on other sites More sharing options...
milovany Posted August 10, 2017 Author Share Posted August 10, 2017 You are correct. Adding numbers and characters increases the "alphabet" but in terms of hacking someone's password the effect there is negligible. Whereas if you have more characters (longer password) that is harder to hack. Which is basically what the article says, I suspect, but it's behind a paywall for me. This does make sense, that increasing the usable "alphabet" by adding in the special characters and numbers increases the strength of the password. But when using a mix of the letters, numbers and special characters came to be required, it made it seem as if that mix was the key to a strong password, not the length of the password. So glad to be learning that it's the length that's key, not the mix of characters. 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.