Password "security"

Bed & Breakfast / Short Term Rental Host Forum

Help Support Bed & Breakfast / Short Term Rental Host Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

agoodman

Well-known member
Joined
Oct 18, 2008
Messages
818
Reaction score
0
Recently one "not to be named" res system decided to upgrade their security features. Thank you. I appreciate that. But when these companies that insist that my password is "8-10 letters and numbers that must include at least one capital letter, and at least one number and (now in this case) at least TWO special characters which can only be @& and a few others .. GRRRRR
How do people remember these passwords?? They write them down. THAT immediately eliminates the 'security". Come on software companies, YOU KNOW very well that most people that hack into systems do NOT get in by using someone's password, they do it through a back door firewall or not! We also know that people hacking into most systems are hacking into HUGE corp systems, where they get hundreds of thousands of cc numbers or personal info, and not the couple of hundred that a small business may have. Just take a look at those that have been hacked recently - including banks
So to whomever it is that sits and dreams up how many requirements you can put into my password .. PLEASE .. get real!!!!
 
Shall I make your life easier?
http://www.lastpass.com
Stores your usernames and passwords. Fills them in when you need to and let's you easily create passwords like *bU84u5PxK
And if you go to http://howsecureismypassword.net/ you can see that the password above would take about 713 years to crack.
You only have to remember the password for your lastpass. And frankly, just in logging in to our credit card processor is worth it. They make you change your password every 60 days and 12 characters mixed case. Not a problem... I just generate a new one.
 
Thanks, I checked mine and it will take 106 years. My kids would have the money spent by then!
smileystooges.gif
 
I always worry that someone will hack lastpass and then what would I do? Mint.com also generates that fear in me.
 
I always worry that someone will hack lastpass and then what would I do? Mint.com also generates that fear in me..
Well, if you are that worried, you can save your lastpass to an encrypted USB key. Or use the Yubi key. Or use the Grid authentication.
 
I am confused what is the difference between me telling my computer to "save this password" and having lastpass remember it? I don't want all of my passwords to already be filled in when someone accesses a saved site?
 
I am confused what is the difference between me telling my computer to "save this password" and having lastpass remember it? I don't want all of my passwords to already be filled in when someone accesses a saved site?.
There are many ways that you can setup lastpass, including that it won't fill in anything unless you are signed in to lastpass. You can also require lastpass to confirm with your password before filling out a website. There are a lot of settings. You can also set it to logoff lastpass after x minutes, so you need to log back into lastpass if you leave your computer idle.
 
I am confused what is the difference between me telling my computer to "save this password" and having lastpass remember it? I don't want all of my passwords to already be filled in when someone accesses a saved site?.
There are many ways that you can setup lastpass, including that it won't fill in anything unless you are signed in to lastpass. You can also require lastpass to confirm with your password before filling out a website. There are a lot of settings. You can also set it to logoff lastpass after x minutes, so you need to log back into lastpass if you leave your computer idle.
.
Thanks Eric, I will look more into it
 
I used to work in tech support and had to ask users for their passwords to access their computers (not any of their accounts, just the computer itself). Most people would just tell me what it was when I called to let them know I was on my way. One guy, however, would leave the info for me on the wall of his office, where he had a periodic table of the elements. On his desk would be a piece of paper with one word. Using the periodic table I could figure out his pw. Fun and games for all.
 
I am confused what is the difference between me telling my computer to "save this password" and having lastpass remember it? I don't want all of my passwords to already be filled in when someone accesses a saved site?.
There are many ways that you can setup lastpass, including that it won't fill in anything unless you are signed in to lastpass. You can also require lastpass to confirm with your password before filling out a website. There are a lot of settings. You can also set it to logoff lastpass after x minutes, so you need to log back into lastpass if you leave your computer idle.
.
Thanks Eric, I will look more into it
.
Here is why you shouldn't use the same password for all websites... (from http://xkcd.com/792/)
Good luck.
password_reuse.png

 
I had my Gmail account hacked just this week. They basically procured my contacts and sent out a junk email under my name suggesting to them I had discovered a new secret to sexual prowess.
Ask DW and you'll no this isn't true.
Fortunately, Google blocked the emails and none were sent out. I had to answer a few security questions and reset my password. Google offered no explanation as to how this happened.
 
I am confused what is the difference between me telling my computer to "save this password" and having lastpass remember it? I don't want all of my passwords to already be filled in when someone accesses a saved site?.
There are many ways that you can setup lastpass, including that it won't fill in anything unless you are signed in to lastpass. You can also require lastpass to confirm with your password before filling out a website. There are a lot of settings. You can also set it to logoff lastpass after x minutes, so you need to log back into lastpass if you leave your computer idle.
.
Thanks Eric, I will look more into it
.
Here is why you shouldn't use the same password for all websites... (from http://xkcd.com/792/)
Good luck.
password_reuse.png

.
Interesting.
 
I had my Gmail account hacked just this week. They basically procured my contacts and sent out a junk email under my name suggesting to them I had discovered a new secret to sexual prowess.
Ask DW and you'll no this isn't true.
Fortunately, Google blocked the emails and none were sent out. I had to answer a few security questions and reset my password. Google offered no explanation as to how this happened..
Proud Texan said:
I had my Gmail account hacked just this week. They basically procured my contacts and sent out a junk email under my name suggesting to them I had discovered a new secret to sexual prowess.
Ask DW and you'll no this isn't true.
Fortunately, Google blocked the emails and none were sent out. I had to answer a few security questions and reset my password. Google offered no explanation as to how this happened.
You're not the only one. I got an email from a guest with the same amazing info.
 
I always worry that someone will hack lastpass and then what would I do? Mint.com also generates that fear in me..
toddburme said:
I always worry that someone will hack lastpass and then what would I do? Mint.com also generates that fear in me.
Well, there you go then> http://www.bloomberg.com/news/2011-05-05/lastpass-says-hackers-may-have-stolen-passwords-for-1-25-million-customers.html
 
Speaking of hackers... this morning while I had my cell phone in my pocket, my sister received a text from my # (also in sent txt list) a text with a link T-U-T tv - luckily she does not have internet on her phone. I need to call my carrier to see how that was able to be done.
 
What nearly caught my aunt was an email from a friend saying he was stranded in XXX and could she electronic transfer some money to him as he was caught short. This is dead easy to do in the uk if you have internet banking and is a free service. She called him to see if he was ok and it turns out he was fine but all his contacts had got this email! They were only asking for about $50 so a lot of people could have thought it was real and sent it.
 
I always worry that someone will hack lastpass and then what would I do? Mint.com also generates that fear in me..
toddburme said:
I always worry that someone will hack lastpass and then what would I do? Mint.com also generates that fear in me.
Well, there you go then> http://www.bloomberg.com/news/2011-05-05/lastpass-says-hackers-may-have-stolen-passwords-for-1-25-million-customers.html
.
Yup. And the company is doing an very orderly force people to change their passwords, which is embarassing enough if your slogan is "the last password you will need to remember". On the other hand, they caught it quickly. They didn't hide it. They acted very proactively. And it was only the master passwords. The individual passwords are safe.
If you don't want to use LastPass, there are other programs that don't centrally store your password like keepass. Does the same thing but it's locally stored. And if you were using LastPass, you can export all your passwords to Keepass.
Personally, I'm staying with Lastpass. It's just so convenient. I am waiting my turn so that I can change my password, even if I wasn't one of the passwords that was taken, just for extra security.
 
Speaking of hackers... this morning while I had my cell phone in my pocket, my sister received a text from my # (also in sent txt list) a text with a link T-U-T tv - luckily she does not have internet on her phone. I need to call my carrier to see how that was able to be done..
copperhead said:
Speaking of hackers... this morning while I had my cell phone in my pocket, my sister received a text from my # (also in sent txt list) a text with a link T-U-T tv - luckily she does not have internet on her phone. I need to call my carrier to see how that was able to be done.
Was your bluetooth on?
 
Back
Top