Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Advice on passwords from Which  (Read 1038 times)

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1692
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

4candles

  • Kitizen
  • ****
  • Posts: 2906
  • Not young enough to know everything
Re: Advice on passwords from Which
« Reply #1 on: January 31, 2020, 01:44:51 PM »

Aye - credit where it's due.
Logged
For every complex problem there is an answer that is clear, simple, and wrong.

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6328
Re: Advice on passwords from Which
« Reply #2 on: February 01, 2020, 06:54:03 PM »

thumbs up from me for this tidbit.

I did wonder if they would advise regurly changing passwords, and surprisingly they do not.

Quote
Should I change my passwords periodically and if so, how often?
No. That used to be the advice, but we now know that people tend to cycle increasingly weak passwords if theyíre forced to change them regularly. Best practice now is to have a strong password and only change it if you think itís been compromised in some way.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5189
Re: Advice on passwords from Which
« Reply #3 on: February 01, 2020, 10:12:09 PM »

I agree with some of what they say. 

But they donít really address a specific issue which is, the more passwords you have, the harder theyíll be to remember.   One solution to this is... avoid creating password protected services in the first place.   

If an online merchant from whom you are purchasing wonít let you check out as Ďguestí, buy from a different merchant.   

If BBC wonít let you use iPlayer without an account, donít use iPlayer.

And donít subscribe to Which?,  as thatíll mean yet another password.  ::)
Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 9107
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: Advice on passwords from Which
« Reply #4 on: February 02, 2020, 12:04:05 AM »

I find the create strong password function in newer releases of Safari very valuable - it means that the cost of maintaining many strong passwords is reduced greatly.
Logged

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1692
Re: Advice on passwords from Which
« Reply #5 on: February 02, 2020, 09:42:07 AM »

But they donít really address a specific issue which is, the more passwords you have, the harder theyíll be to remember.

I have well over 200 different passwords - some only used once or twice. But remembering them is not an issue - because I don't try to! As Which recommend I use a password manager (Keepass) so I only have to remember one password.
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5189
Re: Advice on passwords from Which
« Reply #6 on: February 02, 2020, 10:44:40 AM »

I have well over 200 different passwords - some only used once or twice. But remembering them is not an issue - because I don't try to! As Which recommend I use a password manager (Keepass) so I only have to remember one password.
Problems with password managers include

A) That they are a single point of failure if compromised.   For example, I do use Appleís iCloud keychain, which is super easy and really really secure.    But if my iCloud account were ever compromised, every single one of these accounts would effectively be hacked, in one foul swoop.

B) That the really really good machine-generated passwords it generates are impossible to remember.   So if I want to log in to such an account but I donít have my iPhone or other signed in iCloud device to hand, Iím stuffed.

So yes, password managers help to cope with masses of passwords.  But a better solution is still to simply avoid using services that require password protected accounts.  I use string passwords for banking, mail, etc.  But for an occasional purchase from an online retailer, I just check out as guest - or if they wonít let me, I find a different retailer.


Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 9107
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: Advice on passwords from Which
« Reply #7 on: February 02, 2020, 08:18:00 PM »

I hear 7lm. The convenience of having stored delivery addresses and stored credit card info is so great for me that I couldnít live without it. I hate all the hassle of filling the firms in and so for example amazon is my ideal with 1-click ordering and zero grief. I always create an account at every shop I use. I give bogus personal details for all the unnecessary things though, stuff that they have no right demanding. For example the password-reset questions have bogus ridiculous answers to them. The answers are unpredictable and are stored by me in case ever needed for actual password recoveries. Itís far more secure to always give bogus personal info though anyway. People have been ripped off and their identities stolen by evil family members; I seem to recall a woman whose evil sister had taken out bank loans or mortgages in her sisterís name.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6328
Re: Advice on passwords from Which
« Reply #8 on: February 02, 2020, 10:37:05 PM »

I agree with some of what they say. 

But they donít really address a specific issue which is, the more passwords you have, the harder theyíll be to remember.   One solution to this is... avoid creating password protected services in the first place.   

If an online merchant from whom you are purchasing wonít let you check out as Ďguestí, buy from a different merchant.   

If BBC wonít let you use iPlayer without an account, donít use iPlayer.

And donít subscribe to Which?,  as thatíll mean yet another password.  ::)

The idea is you dont remember them all, if they easy enough to remember, then they may well be too weak, use a password manager.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5189
Re: Advice on passwords from Which
« Reply #9 on: February 02, 2020, 11:14:40 PM »

The idea is you dont remember them all, if they easy enough to remember, then they may well be too weak, use a password manager.

You did notice reply #6 above?
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5189
Re: Advice on passwords from Which
« Reply #10 on: February 03, 2020, 12:20:06 AM »

I noticed that when completing the dreaded tax return, login via HMRCís Government Gateway nags me to set and remember (but keep secret) up a Ďrecovery wordí, to help regain access to my account if I forget my password. 

So far I have ignored the nagging.   Their logic fascinates me.   They are acknowledging that people have imperfect memories and may forget passwords, and thatís fair enough.   Yet they are dealing with this fact, that people may forget things, by asking them to remember an additional thing. :D
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6328
Re: Advice on passwords from Which
« Reply #11 on: February 03, 2020, 04:35:19 AM »

You did notice reply #6 above?

never said was perfect, but for sure the lesser evil.

note though I dont use "online" password managers.

Those memorable phrases are probably a weak link, e.g. mothers maiden name is commonly used, all family members will know the answer to that one, so would possibly be able to get access to accounts.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE