Complex Passwords

  • Are these really necessary? It seems like every time I go to the forums I have to reset the password after being told I used too many attempts. If nothing else could the password rules be posted somewhere easy to find so people like myself can figure out just what aspect of the password we altered to appease the gods of security practices this time? Thanks!

    Sent from my 0PM92 using Tapatalk

  • seriously? Have you read any news of late? Yahoo MoDaCo any of that mean anything to you?

    When you register to any site with any details, over time you will probably provide some VERY private details, real name, real address, email address, equipment you own, etc etc

    All of that can become available to the hackers when they 'guess' your simple password, they then glean the fact that you have used the same username and passwords on multiple sites and you can bet one of them will be the one that provides them with the details they need, either financial or social, and then you are compromised.

    Due to the way people use social networks today, the lack of thought as to how and why that information is stored is stunning.

    Don't think this is true? Then check if you have ever provided any of the following to a 'non serious' site

    Real name

    Real Address

    Date of Birth

    Name of family members, animals, schools

    Details of purchases, with the type of cards used

    Holiday locations and times

    Travel details

    Food preferences

    With VERY little effort, you can build the profile of people using a combination of the above and then steal / impersonate / defraud

    If you have issues with passwords, then consider using a quality password manager or check out this page for help Password Haystacks

    Some of the easiest ways to socially hack someone is to watch when they enter a password and due to 'reasons' get it wrong so many times that they either say it as they type it or type it so slow that it so easy to see..

    And YES the hack part of my username is for a reason

    3 NUC's, 3 Pi's, Android Beelink R38, Odroid C2, 2 original XboX's and now a Amlogic T95m S905 2/8

  • Yeah because an app with all your passwords doesn't spell a single point of failure at all..

    Look I get it. Best practices are best practices for a reason. Security is a mindset not a bolt-on widget. We must all practice CONSTANT VIGILANCE!!!

    Yet all I am is a poster on a forum, not a developer or anyone important. I use a more secure password for other stuff than I do with my bank (actually I avoid online banking) and my email--at least I DID until forums started demanding complex passwords and I started dipping into my more secure passwords just so I'd remember them... Want to bet I'm not alone with that there? I'd happily bet that demanding more security in places that doesn't really need it has WEAKENED security as people start reusing their more complex passwords with a false sense of security leading to more single points of failure incidents.

    If nothing else it'd be a helpful reminder to have the password rules near the login page so people could refresh their memories. Some how I just don't think there's much security in resetting the passwords to sites before every post or that creeping disaster in the making that is having the browser save more and more passwords...

    Sent from my 0PM92 using Tapatalk

  • Totally agree with what you are saying here, passwords are THE stupidest method currently used, but technically the easiest to accomodate

    3 NUC's, 3 Pi's, Android Beelink R38, Odroid C2, 2 original XboX's and now a Amlogic T95m S905 2/8