Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Advice on passwords from Which  (Read 3340 times)

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 2054
Logged
Broadband and Line rental: Zen Unlimited Fibre 2, Mobile: Vodaphone
Router: Fritz!Box 7530

4candles

  • Kitizen
  • ****
  • Posts: 3297
  • Not young enough to know everything
Re: Advice on passwords from Which
« Reply #1 on: January 31, 2020, 01:44:51 PM »

Aye - credit where it's due.
Logged
To err is human - to purr feline
Zen FTTC 40/10 + Digital Voice   FRITZ!Box 7530

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Advice on passwords from Which
« Reply #2 on: February 01, 2020, 06:54:03 PM »

thumbs up from me for this tidbit.

I did wonder if they would advise regurly changing passwords, and surprisingly they do not.

Quote
Should I change my passwords periodically and if so, how often?
No. That used to be the advice, but we now know that people tend to cycle increasingly weak passwords if they’re forced to change them regularly. Best practice now is to have a strong password and only change it if you think it’s been compromised in some way.
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Advice on passwords from Which
« Reply #3 on: February 01, 2020, 10:12:09 PM »

I agree with some of what they say. 

But they don’t really address a specific issue which is, the more passwords you have, the harder they’ll be to remember.   One solution to this is... avoid creating password protected services in the first place.   

If an online merchant from whom you are purchasing won’t let you check out as ‘guest’, buy from a different merchant.   

If BBC won’t let you use iPlayer without an account, don’t use iPlayer.

And don’t subscribe to Which?,  as that’ll mean yet another password.  ::)
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Advice on passwords from Which
« Reply #4 on: February 02, 2020, 12:04:05 AM »

I find the create strong password function in newer releases of Safari very valuable - it means that the cost of maintaining many strong passwords is reduced greatly.
Logged

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 2054
Re: Advice on passwords from Which
« Reply #5 on: February 02, 2020, 09:42:07 AM »

But they don’t really address a specific issue which is, the more passwords you have, the harder they’ll be to remember.

I have well over 200 different passwords - some only used once or twice. But remembering them is not an issue - because I don't try to! As Which recommend I use a password manager (Keepass) so I only have to remember one password.
Logged
Broadband and Line rental: Zen Unlimited Fibre 2, Mobile: Vodaphone
Router: Fritz!Box 7530

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Advice on passwords from Which
« Reply #6 on: February 02, 2020, 10:44:40 AM »

I have well over 200 different passwords - some only used once or twice. But remembering them is not an issue - because I don't try to! As Which recommend I use a password manager (Keepass) so I only have to remember one password.
Problems with password managers include

A) That they are a single point of failure if compromised.   For example, I do use Apple’s iCloud keychain, which is super easy and really really secure.    But if my iCloud account were ever compromised, every single one of these accounts would effectively be hacked, in one foul swoop.

B) That the really really good machine-generated passwords it generates are impossible to remember.   So if I want to log in to such an account but I don’t have my iPhone or other signed in iCloud device to hand, I’m stuffed.

So yes, password managers help to cope with masses of passwords.  But a better solution is still to simply avoid using services that require password protected accounts.  I use string passwords for banking, mail, etc.  But for an occasional purchase from an online retailer, I just check out as guest - or if they won’t let me, I find a different retailer.


Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Advice on passwords from Which
« Reply #7 on: February 02, 2020, 08:18:00 PM »

I hear 7lm. The convenience of having stored delivery addresses and stored credit card info is so great for me that I couldn’t live without it. I hate all the hassle of filling the firms in and so for example amazon is my ideal with 1-click ordering and zero grief. I always create an account at every shop I use. I give bogus personal details for all the unnecessary things though, stuff that they have no right demanding. For example the password-reset questions have bogus ridiculous answers to them. The answers are unpredictable and are stored by me in case ever needed for actual password recoveries. It’s far more secure to always give bogus personal info though anyway. People have been ripped off and their identities stolen by evil family members; I seem to recall a woman whose evil sister had taken out bank loans or mortgages in her sister’s name.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Advice on passwords from Which
« Reply #8 on: February 02, 2020, 10:37:05 PM »

I agree with some of what they say. 

But they don’t really address a specific issue which is, the more passwords you have, the harder they’ll be to remember.   One solution to this is... avoid creating password protected services in the first place.   

If an online merchant from whom you are purchasing won’t let you check out as ‘guest’, buy from a different merchant.   

If BBC won’t let you use iPlayer without an account, don’t use iPlayer.

And don’t subscribe to Which?,  as that’ll mean yet another password.  ::)

The idea is you dont remember them all, if they easy enough to remember, then they may well be too weak, use a password manager.
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Advice on passwords from Which
« Reply #9 on: February 02, 2020, 11:14:40 PM »

The idea is you dont remember them all, if they easy enough to remember, then they may well be too weak, use a password manager.

You did notice reply #6 above?
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Advice on passwords from Which
« Reply #10 on: February 03, 2020, 12:20:06 AM »

I noticed that when completing the dreaded tax return, login via HMRC’s Government Gateway nags me to set and remember (but keep secret) up a ‘recovery word’, to help regain access to my account if I forget my password. 

So far I have ignored the nagging.   Their logic fascinates me.   They are acknowledging that people have imperfect memories and may forget passwords, and that’s fair enough.   Yet they are dealing with this fact, that people may forget things, by asking them to remember an additional thing. :D
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Advice on passwords from Which
« Reply #11 on: February 03, 2020, 04:35:19 AM »

You did notice reply #6 above?

never said was perfect, but for sure the lesser evil.

note though I dont use "online" password managers.

Those memorable phrases are probably a weak link, e.g. mothers maiden name is commonly used, all family members will know the answer to that one, so would possibly be able to get access to accounts.
Logged
 

anything