|
|
12-10-2017, 21:22
|
#61
|
Registered User
Join Date: Jul 2013
Location: Refit in Port Townsend, WA
Boat: 1984 Slocum 43
Posts: 425
|
Re: Passwords In A Paperless World
We use Dashlane.
|
|
|
13-10-2017, 17:53
|
#62
|
Registered User
Join Date: Oct 2007
Location: nh
Posts: 10
|
Re: Passwords In A Paperless World
i have been using a device called a RecZone Password safe and findn it easy to load info,add info, easy to search and delets, edit info.
|
|
|
13-10-2017, 20:31
|
#63
|
Registered User
Join Date: May 2008
Posts: 3,670
|
Re: Passwords In A Paperless World
A lot of the password suggestions are fighting the last war - not this one. Any 8 character password can be broken in a few minutes with a specially configured $1000 computer. Try this tester from Dashlane:
https://howsecureismypassword.net
Two factor security (where a code is sent to your phone when a new computer tries to login) is the biggest step forward in years. If a site offers it, ALWAYS use it. It makes it just about impossible for a guy to sit in Russia and break into your account if your phone is in your pocket in Ft. Lauderdale - even if your password is 1234.
Most hacks in the last few years are not by cracking passwords but tricking you into giving the hacker a password - called Phishing. A complicated password won't help if you hand it over. Never enter any information after clicking on an email link. Go to the site a different way (like a Google search).
|
|
|
13-10-2017, 21:12
|
#64
|
Registered User
Join Date: Sep 2012
Location: Northeast, USA
Boat: Luders 36
Posts: 237
|
Re: Passwords In A Paperless World
Quote:
Originally Posted by CarlF
A lot of the password suggestions are fighting the last war - not this one. Any 8 character password can be broken in a few minutes with a specially configured $1000 computer. Try this tester from Dashlane:
|
That only works if you are trying to guess a known password. If you only have three guesses at it before a time out occurs, game over, even a 60 second time out will take the few minutes to years or 100 of years. That is what the complicated passwords are about.
Two phase is way better, agreed, but why do I have to go through this every month with my bank that has not even had one missed guess?
Answer: it makes the company look better when they get hacked from within... once a hacker is in, he reverses the encryption algorithm and now knows everyone’s password. Or worse it was never encrypted in the first place so he just discovers the password. Now he has a list of passwords and emails to try at other establishments, no guessing to worry about. So he now takes his list that he got barnaclejoescheapboatparts.com and sees if they will work at Wells Fargo or Citibank. Fortunately barnacle joe did not force you to use eight characters and special letters and numbers like it did at Wells Fargo, so you just used a simple password. It fails when trying to get into your bank account. But a few people who were trying to make their lives easy, used their special password at joes, and then they are breached.
|
|
|
13-10-2017, 22:06
|
#65
|
Registered User
Join Date: Dec 2006
Location: Cruising
Boat: Privilege 39 Catamaran, Exit Only
Posts: 2,723
|
Re: Passwords In A Paperless World
Thank you to the people contributing to this thread. I am just converting to the paperless world, and all the suggestions are a great help. Lots of options.
I need to investigate iPhone and iPad apps that are used for encryption of data. To my knowledge, nothing on my phone is encrypted, or if it is, I did not realize that it was encrypted.
So the next phase is to figure out how to encrypt things on my iPhone and iPad.
|
|
|
13-10-2017, 22:40
|
#66
|
Registered User
Join Date: May 2008
Posts: 3,670
|
Re: Passwords In A Paperless World
JMan - absolutely agree about missed password counters. Even better, my iphone and ipad erase themselves if the screen unlock code is missed 10 times.
This erase feature combined with two factor is very secure. Even if someone steals my phone they can't unlock it to read the two-factor code. And if they have a website password, they can't get into the phone to use it. If they try a different computer, then the two factor code is needed.
Also agree that any important site (email accounts, banks, etc.) should always use a password that is not used anywhere else.
Also agree that some two factor systems are poorly designed or inconvenient. Almost all the new ones just send an SMS code. The code is only required if a new computer is used to login or an account change is requested - like trying to change the password. Except for these rare situations, no two factor code is required. I'd get after your bank to update their system.
|
|
|
14-10-2017, 04:52
|
#67
|
Registered User
Join Date: Apr 2004
Location: Southern Maine
Boat: Prairie 36 Coastal Cruiser
Posts: 3,282
|
Re: Passwords In A Paperless World
Quote:
Originally Posted by Jman
...Now he has a list of passwords and emails to try at other establishments, no guessing to worry about. So he now takes his list that he got barnaclejoescheapboatparts.com and sees if they will work at Wells Fargo or Citibank...
|
Any indication this has ever really happened?
My gut says the bad guys are really looking to hack into the system that already contains what they want (financially or politically). Not the individual account of Joe Boater who may or may not have an account at any one of millions of banks worldwide. Seems it would be a LOT of work, repeated for each individual user, to scan the world for rare related account with the same password AND user ID.
|
|
|
14-10-2017, 05:31
|
#68
|
Registered User
Join Date: Dec 2015
Location: Annapolis
Boat: Moody 54
Posts: 44
|
Re: Passwords In A Paperless World
I suggest generating a common stem that you like and meets all requirements such as "good4us!" and add the capital initial of the company at the beginning. Now you have a capital letter, a number, and a character. Then technically all your passwords are different, and you only need to remember the stem and if you need the ! at the end or not.
|
|
|
14-10-2017, 07:17
|
#69
|
Registered User
Join Date: Apr 2011
Location: Saskatoon, Canada & Eastern Caribbean
Boat: Lagoon 420
Posts: 437
|
Re: Passwords In A Paperless World
We use Lastpass with a very secure password to get in that database.
The layout of the app is very good to use and keeps things well organized.
__________________
Wherever we want to go, we go. That's what a ship is you know - it's not just a keel and a hull and a deck and sails, that's what a ship needs. But what a ship is...really is, is freedom. ~Johnny Depp as Capt. Jack Sparrow
|
|
|
14-10-2017, 10:51
|
#70
|
Registered User
Join Date: May 2015
Location: St. Augustine, FL
Boat: 1978 Lancer 30 MkIV
Posts: 150
|
Re: Passwords In A Paperless World
For those using threes for "E's" and such, there is a library of common substitutions that hackers/crackers use consistently. The password that is difficult or even impossible for a human to guess, much less remember, is one that is simple for a computer to guess. IMO in this day & age, 8-12 character passwords of mumbojumbo makes for poor security.
Key components to a good, secure passphrase is randomness, length & ability to recall.
Food for thought:
|
|
|
14-10-2017, 12:06
|
#71
|
cruiser
Join Date: Jan 2017
Boat: Retired from CF
Posts: 13,317
|
Re: Passwords In A Paperless World
|
|
|
14-10-2017, 12:27
|
#72
|
Registered User
Join Date: Dec 2006
Location: Cruising
Boat: Privilege 39 Catamaran, Exit Only
Posts: 2,723
|
Re: Passwords In A Paperless World
|
|
|
14-10-2017, 13:06
|
#73
|
Registered User
Join Date: May 2009
Location: Massachusetts
Boat: 40' Silverton Aftcabin with twin Crusaders
Posts: 1,791
|
Re: Passwords In A Paperless World
Quote:
Originally Posted by Dsanduril
One other thing, passwords really shouldn't be pass words - they should be pass phrases. Length is your friend. No less than the person who wrote the NIST standards on passwords and complexity recently apologized publicly and said that complexity (special characters, numbers, etc.) in a short password was not the right way to go, length was the key.
Think "The qu!ck br0wn Fox jumped over the lazy dog"
|
Yes indeed! The bank where I have a CC (only own one CC) recently required new passwords with both lower and upper case letters, number and a special character symbol.
So I called the bank to complain about their requirement. I was very politely told that was necessary and if I didn't like it to go elsewhere. AHOLES!
|
|
|
14-10-2017, 13:17
|
#74
|
Registered User
Join Date: May 2009
Location: Massachusetts
Boat: 40' Silverton Aftcabin with twin Crusaders
Posts: 1,791
|
Re: Passwords In A Paperless World
I thought things were getting out of control when I finally had to use an accountant for taxes. Now people are telling me they need a service for passwords?????
ENOUGH
|
|
|
14-10-2017, 13:43
|
#75
|
Registered User
Join Date: Jun 2016
Location: Australia
Boat: Milkraft 60 ex trawler
Posts: 4,651
|
Re: Passwords In A Paperless World
Quote:
Originally Posted by Dsanduril
One other thing, passwords really shouldn't be pass words - they should be pass phrases. Length is your friend. No less than the person who wrote the NIST standards on passwords and complexity recently apologized publicly and said that complexity (special characters, numbers, etc.) in a short password was not the right way to go, length was the key.
Think "The qu!ck br0wn Fox jumped over the lazy dog"
|
And do you keep the same pass phrase for everything or do you have to remember a book?
|
|
|
|
|
Thread Tools |
Search this Thread |
|
|
Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Advertise Here
Recent Discussions |
|
|
|
|
|
|
|
|
|
|
|
|
Vendor Spotlight |
|
|