|
|
11-10-2017, 19:48
|
#31
|
Moderator
Join Date: May 2008
Location: cruising SW Pacific
Boat: Jon Sayer 1-off 46 ft fract rig sloop strip plank in W Red Cedar
Posts: 21,184
|
Re: Passwords In A Paperless World
Warning: Heresy follows...
For us who live aboard at anchor 95% of the time, and generally in low crime areas, what is really wrong with writing down passwords on a bit of paper which is kept separate from the computer? There's a small chance of a breakin and theft of the laptop, but not so much of a chance that the thief will search the boat, looking for that bit of paper, one that he does not even know exists?
So far, I've not done this, but after reading all the above posts, I think it a reasonable solution to a vexing problem.
Jim
__________________
Jim and Ann s/v Insatiable II, lying Port Cygnet Tasmania once again.
|
|
|
11-10-2017, 20:03
|
#32
|
Moderator Emeritus
Join Date: Oct 2013
Location: Jacksonville/ out cruising
Boat: Island Packet 38
Posts: 31,351
|
Passwords In A Paperless World
God, I guess I’m a cave man, I have about three passwords that I use for everything, I have one or two sites like my Military pay site that requires a new one ever so often, and I have not really figured out how to handle that.
I had never really given it much thought to be truthful, I never knew there were programs for it.
|
|
|
11-10-2017, 20:24
|
#33
|
Registered User
Join Date: Aug 2011
Location: Petersburg, AK
Boat: Outremer 50S
Posts: 4,229
|
Re: Passwords In A Paperless World
Jim,
nothing wrong if you only have a few - my personal database has well over 100 and my work database about five times as many. One suggestion, do as suggested above and write down hints rather than passwords:
Hint:Where my daughter lives
Password:Sydney lives in Fremantle near Perth
A64,
As long as you don't care about anything being stolen, no worries. All depends on whether or not you're talking about any sites that have your personal information, credit card info, etc. None of those should ever have a shared password. But the crap websites that force you to have an account - share away, just be certain your shared password has no relation with your more secure passwords, and make certain the sites really don't have any information you want kept safe. (I know some security mavens will get on me about that stance, but the reality is we have a lot of passwords these days that lock up things that don't need to be locked).
|
|
|
12-10-2017, 00:31
|
#34
|
Registered User
Join Date: Sep 2008
Location: On the boat, somewhere in Australia.
Boat: Swanson 42 & Kelly Peterson 44
Posts: 9,137
|
Re: Passwords In A Paperless World
Quote:
Originally Posted by Suijin
I have two algorithms for all of my passwords. One is for passwords I don't change often or at all, the other for those I change monthly (finances, email, identity stuff). It's easier for me than storing them somewhere with cryptic hints.
|
Exactly what I do. 25 years of IT Management and I have never seen a better system.
__________________
Refitting… again.
|
|
|
12-10-2017, 02:08
|
#35
|
Registered User
Join Date: Apr 2017
Posts: 60
|
Re: Passwords In A Paperless World
Listen to my method !
Store the passwords anywhere, on a paper, in plain sight on the coffee table or in digital format.
The thing is, the initial part of the password is the same for all passwords and only you know.
For example:
Passwords
Bank 1: pumpkin9
Bank2: radio4
Those are the passwords for those banks. Those are written down in paper, anyone could see them but the real password for bank1 is Televisionpumpkin9 and the password for Bank2 is Televisionradio4. You see? The word Television only is known to you, that you never write it down, that is the only thing common in all passwords but that you never write it down.
|
|
|
12-10-2017, 02:51
|
#36
|
Senior Cruiser
Join Date: Mar 2003
Location: Thunder Bay, Ontario - 48-29N x 89-20W
Boat: (Cruiser Living On Dirt)
Posts: 49,362
|
Re: Passwords In A Paperless World
Re: Locks, Passwords, etc.
Unfortunately, if anyone (you) can get in, so can someone else.
The only ultimate security is when nobody can get in.
Do the best you can (some good ideas here), then worry (if you’re trying to secure very important stuff).
__________________
Gord May
"If you didn't have the time or money to do it right in the first place, when will you get the time/$ to fix it?"
|
|
|
12-10-2017, 03:25
|
#37
|
Registered User
Join Date: Feb 2013
Location: Bumping around the Caribbean
Boat: Valiant 40
Posts: 4,625
|
Re: Passwords In A Paperless World
The most secure password is the one that you change regularly. Keeping the same password for an extended period of time is a recipe for disaster.
It's like brushing your teeth. It's just good security hygiene. Yes it's a pain, but look at it this way; changing your financial passwords once a month for a year still takes less time than one trip to a physical bank. Convenience has a price, but it's often less than the benefit.
|
|
|
12-10-2017, 05:43
|
#38
|
Registered User
Join Date: May 2014
Location: Key West, FL
Boat: Morgan Out Island 415
Posts: 911
|
Re: Passwords In A Paperless World
If they want my financial account information it's easier for them to steal that from Equifax than trying to figure out my password.
|
|
|
12-10-2017, 07:45
|
#39
|
Registered User
Join Date: Apr 2004
Location: Southern Maine
Boat: Prairie 36 Coastal Cruiser
Posts: 3,111
|
Re: Passwords In A Paperless World
Quote:
Originally Posted by Suijin
The most secure password is the one that you change regularly. Keeping the same password for an extended period of time is a recipe for disaster.
|
How so?
If you follow all the other advice; don't use the same password in multiple places, use a secure password, and don't share it with anyone, what's the difference?
If your password is stolen, the damage is already done. Changing the password 90 days later, or even 30, still gives the bad guys plenty of time to take what they want.
If your password is not stolen, then it's just as secure as the day you set it up.
I see too many systems where the password requirements go beyond common sense, to the point of pure silliness. Forcing people to write passwords down doesn't improve security, it weakens it.
Most of the "big" hacks we've heard about were accomplished via authorized users who are tricked into divulging their passwords. No amount of password complexity will prevent this.
One last thought: Most hacks are against a system, not an individual. The bad guys don't go to every bank in the world to see if your personal password works there, too. They go after all accounts at the bank they hacked. The only way using the same password in multiple places is bad is if someone is personally targeting YOU, and has some idea where all your accounts are.
|
|
|
12-10-2017, 08:33
|
#40
|
Registered User
Join Date: Dec 2006
Location: Cruising
Boat: Privilege 39 Catamaran, Exit Only
Posts: 2,723
|
Re: Passwords In A Paperless World
We were forced to change the passwords every 90 days on government accounts, and I don't think it increased security doing that.
While I was employed with the Indian Health Service, the only account compromised during my tenure was the Health and Human Services database that had all of the HHS employees information. It seems to me that hackers are going after the big fish.
On a more personal level, most of the time individuals get hacked, it seems to be the result of a low level phishing expedition.
I don't know much about computer security, but it seems to me that if there is malware on your computer that does key stroke logging, they will get your passwords anyway when you type them in. I have the feeling that a person needs to have a computer/tablet/smart phone that is totally clean and never cruises the internet or opens email so you are sure there is no key stroke logging software sending your passwords into cyberspace.
I have one I-pad that I don't use to cruise the world wide web or use to check emails, and hopefully it will never get any malware on board. I use that one to log in to things that are really important like financial accounts.
|
|
|
12-10-2017, 08:40
|
#41
|
Registered User
Join Date: Dec 2014
Posts: 600
|
Re: Passwords In A Paperless World
I put most on notepad text file on a USB
It doesn't look like a USB and is easily hidden
__________________
'give what you get, then get gone'
|
|
|
12-10-2017, 08:46
|
#42
|
Registered User
Join Date: Nov 2016
Location: Columbus, OH
Boat: '86 Catalina 25, swing keel
Posts: 77
|
Re: Passwords In A Paperless World
Quote:
Originally Posted by Dsanduril
One other thing, passwords really shouldn't be pass words - they should be pass phrases. Length is your friend. No less than the person who wrote the NIST standards on passwords and complexity recently apologized publicly and said that complexity (special characters, numbers, etc.) in a short password was not the right way to go, length was the key.
Think "The qu!ck br0wn Fox jumped over the lazy dog"
|
Heard this on NPR a couple weeks ago and it has prompted me to rethink how I approach passwords and usernames.
I have tried to move away from using an email or my name or anything obvious as a username. I suggest using something such as your first boats name or a nickname for your kid..... but nothing that would be found in any of your social or electronic history.
Passwords....i like the consistent algorithm method (it's also approved by the Catholic Church) and then change it up for financials....
|
|
|
12-10-2017, 08:48
|
#43
|
Registered User
Join Date: Dec 2014
Posts: 600
|
Re: Passwords In A Paperless World
Quote:
Originally Posted by maxingout
We were forced to change the passwords every 90 days on government accounts, and I don't think it increased security doing that.
|
It was discovered recently that an Australian defence supplier had been hacked over a period of 4 months. Turns out they hadnt changed passwords in over a year. Passwords like admin for admin and guest for guest. Data on among other things F35 was compromised.
Defence Force hacked: Top secret technical information stolen
Quote:
Originally Posted by maxingout
While I was employed with the Indian Health Service, the only account compromised during my tenure was the Health and Human Services database that had all of the HHS employees information. It seems to me that hackers are going after the big fish.
On a more personal level, most of the time individuals get hacked, it seems to be the result of a low level phishing expedition.
|
thats true, usually email exploits, more worrying stolen laptops and browser based password saves.
Only online bank with what you are prepared to lose
__________________
'give what you get, then get gone'
|
|
|
12-10-2017, 08:49
|
#44
|
Registered User
Join Date: Aug 2009
Location: Ontario, Canada
Boat: Challenger 32 1974
Posts: 523
|
Re: Passwords In A Paperless World
I have a standard password that is easy to remember
e.g.
MyNameisFred
THEN
an easy to remember number such as your house/apt number converted to symbols.....e.g. 123 becomes !@#....789 becomes &*(
THEN
an easy to remember i.d. for the site e.g. your office site could be WORK
THEN.....and this is the big THEN.....add the all together and you get
MyNameisFred!@#WORK
OR e.g. your bank could be
MyNameisFred!@#BANK ,,,,,,etc etc
Every site has a different password but is easy to remember..and really hard to crack
Bill
Quote:
Originally Posted by maxingout
How are people storing passwords who are out cruising?
I don't think storing passwords on digital devices is a great idea because if the device is somehow hacked, all the passwords could be stolen.
I am uncomfortable with writing them down on paper and leaving them on the yacht.
The best thing I have been able to come up with is to have one book with the account log ins, and a separate book that has the passwords for those accounts set up in a way that nobody would think that the two books are related in any way.
Maybe I am overlooking a simpler and more secure way of storing passwords.
What are people doing to keep their passwords secure while out cruising? Where do they store those passwords?
|
|
|
|
12-10-2017, 09:04
|
#45
|
Registered User
Join Date: Sep 2010
Location: Boat in Greece
Boat: Lagoon 400
Posts: 1,432
|
Re: Passwords In A Paperless World
I have a file on my PC that contains all passwords. This file is encrypted and needs access rights (mine). All I remember is the procedure to open this one particular file.
__________________
Mark, S/Y Bat-Yam
|
|
|
|
|
Thread Tools |
Search this Thread |
|
|
Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Advertise Here
Recent Discussions |
|
|
|
|
|
|
|
|
|
|
|
|
Vendor Spotlight |
|
|
|
|
|