Mikeme
Member of DD Central
Posts: 428 
Likes: 331
|
Post by Mikeme on May 26, 2019 18:53:10 GMT
Just tried to login using saved password and invalid log in appeared. Tried first on my phone which previously had a "saved" password. I then tried on PC and phone using the correct passworf.... I think 99.9% sure. Logged out for 1 hour. Has the account been compromised?
|
|
Mikeme
Member of DD Central
Posts: 428
Likes: 331
|
Post by Mikeme on May 26, 2019 20:24:32 GMT
Thanks for the reply. I have logged in now. On my phone it has suddenly stopped remembering the password. I have 2 accounts and it was no problem but now have to put in the password. However on my PC it is still rembering them. But earlier it did not accept the saved password and as it was the 5th attempt logged me out for an hour. When I cam back straight in.
|
|
|
|
Post by wiseclerk on May 26, 2019 21:00:53 GMT
Are you saying you rely on your PC to know the password but you do not?  |
|
|
|
Post by westcountryfunder on May 27, 2019 8:58:05 GMT
Are you saying you rely on your PC to know the password but you do not? Given that many of us have numerous financial accounts, P2P, banks, etc., and bearing in mind the conventional advice that the same password on different sites is best avoided, then isn't that precisely why it is helpful to use a password manager such as LastPass? I suppose it is debatable whether that constitutes "relying on your PC to know the password", given that the same information can be obtained from any device with LastPass loaded thereon. However, I'm fascinated to know just how one can securely record numerous strong passwords without the help of a device or PC, or memorise them. Oh, and in the unlikely event that LastPass should go down, I backup the passwords periodically to an encrypted spreadsheet file on one of my devices, which I could access if necessary.
|
|
|
|
Post by investor1925 on May 28, 2019 13:59:20 GMT
I have all of my passwords on a spreadsheet which is on a memory stick & not on the computer anywhere.
I only ever plug it in if I can't remember any particular one
|
|
|
|
Post by bracknellboy on May 28, 2019 14:38:45 GMT
I'm not sure whether I reside in the dark ages or the enlightened sunny uplands of password management. For my personal stuff, I don't use a secure vault on my machine. I do have different passwords for pretty much every account login. Certainly for everything financial, and the majority of even retail site logins.
And I can work out how to engineer pretty much every one of them when I need to. Which is handy in a world of multiple personal devices or using someone else's laptop. The vagaries of online passwords means I sometimes have to resort to a record. That record contains no actual password information, just cryptic hints.
|
|
|
|
Post by westcountryfunder on May 28, 2019 14:56:51 GMT
I'm not sure whether I reside in the dark ages or the enlightened sunny uplands of password management. For my personal stuff, I don't use a secure vault on my machine. I do have different passwords for pretty much every account login. Certainly for everything financial, and the majority of even retail site logins.
And I can work out how to engineer pretty much every one of them when I need to. Which is handy in a world of multiple personal devices or using someone else's laptop. The vagaries of online passwords means I sometimes have to resort to a record. That record contains no actual password information, just cryptic hints.
Yeah, I've used that method in the past. Works OK, but in order to avoid duplication I found I had so many passwords and associated 'hints' that it was becoming confusing. I think the beauty of a password manager (I don't mean the standard offering built into your web browser) is it is easy to use, and you can use really long and complex passwords including special characters. "investor1925's" method using a memory stick has some merit, but I hope he doesn't lose the stick, and I hope it's encrypted!
|
|
|
|
Post by bracknellboy on May 28, 2019 15:12:57 GMT
I'm not sure whether I reside in the dark ages or the enlightened sunny uplands of password management. For my personal stuff, I don't use a secure vault on my machine. I do have different passwords for pretty much every account login. Certainly for everything financial, and the majority of even retail site logins.
And I can work out how to engineer pretty much every one of them when I need to. Which is handy in a world of multiple personal devices or using someone else's laptop. The vagaries of online passwords means I sometimes have to resort to a record. That record contains no actual password information, just cryptic hints.
Yeah, I've used that method in the past. Works OK, but in order to avoid duplication I found I had so many passwords and associated 'hints' that it was becoming confusing. I think the beauty of a password manager (I don't mean the standard offering built into your web browser) is it is easy to use, and you can use really long and complex passwords including special characters. "investor1925's" method using a memory stick has some merit, but I hope he doesn't lose the stick, and I hope it's encrypted! agreed on one point, but its less conducive to being able to use "on the go" as opposed to the machine where the pwd manager is. Although perhaps there are online password vaults I should consider to get over that problem ? Though the thought of storing all one's passwords in a vault on the cloud somewhere probably terrifies more.
I do use special chars - its where some logins don't support that I get an issue and have to resort to a record. But mostly I can mentally conjure them up on the fly as required. There isn't any absolute duplication, but there is of course systemic variation. But I think the risks associated with that are pretty low: if a password is cracked/stolen on one account, it can't simply be used to unlock another.
|
|
|
|
Post by vaelin on May 28, 2019 17:48:39 GMT
Yeah, I've used that method in the past. Works OK, but in order to avoid duplication I found I had so many passwords and associated 'hints' that it was becoming confusing. I think the beauty of a password manager (I don't mean the standard offering built into your web browser) is it is easy to use, and you can use really long and complex passwords including special characters. "investor1925's" method using a memory stick has some merit, but I hope he doesn't lose the stick, and I hope it's encrypted! agreed on one point, but its less conducive to being able to use "on the go" as opposed to the machine where the pwd manager is. Although perhaps there are online password vaults I should consider to get over that problem ? Though the thought of storing all one's passwords in a vault on the cloud somewhere probably terrifies more.
I do use special chars - its where some logins don't support that I get an issue and have to resort to a record. But mostly I can mentally conjure them up on the fly as required. There isn't any absolute duplication, but there is of course systemic variation. But I think the risks associated with that are pretty low: if a password is cracked/stolen on one account, it can't simply be used to unlock another.
Cloud-based password managers typically have robust security. They should use client-side encryption, meaning that the data is only decrypted once it lands on your machine. The upshot is that the company managing your password - whether it by LastPass, Bitwarden or whoever - cannot themselves access your passwords, so even if their systems are compromised your passwords are likely to be safe. The benefit of a password manager goes beyond storage. They typically offer a password generator, which is a random string of x length with y qualities. For example, here is a password I have just generated using my password manager: @xWXCikE7MIpjH!F^w9&.You never need to remember a password like that, and you never have to type it in. A password of that type is effectively unbreakable. However, human generated passwords are typically vulnerable to something called a dictionary attack. This is where a hacker will test the hash of your password (which is what web services store, rather than the password itself), against a dictionary of password patterns. You can crack maybe 30% of a services passwords that way (supposing their database is compromised). I<3Myd0G! is not a particularly safe password. So, if you want the advice of this software developer, it is to invest some time in looking at password managers. I can recommend Bitwarden.
|
|
|
|
Post by westcountryfunder on May 29, 2019 9:02:42 GMT
Can't argue with that. But then I was convinced anyway!
|
|
