65 replies to this topic

[Dom]

Evans, on 01 February 2013 - 11:03 AM, said:

Well I just write down all my passwords and keep them at my desk.
Surely the chance of a burglary at my home for my passwords is far too small not to do so. And I can't remember new passwords for the life of me...

I do the same thing. I do not keep them on a text document on my computer - I write them on a piece of paper and shove it in my desk drawer. My passwords are always unique, containing capital letters, periods (if allowed), numbers and never contain actual words.
The downside is I can never remember them...

[Volkon]

Use a common word, shake it up a bit, bang, strong password. One I've retired from the past was H@ll0w33n for example. Easy to remember, complex to crack.Better yet is to stick two unrelated words together and do that. Gr@p35h@rk (gr@pe shark) is catchy and easier to remember than it looks.

Edited by Volkon, 01 February 2013 - 07:52 PM.

[ilr]

I've been online gaming since Diablo1 and have never once been "phished" or had an account brute-forced/Hijacked despite being well 'above the Radar' when it comes to web-presence.  Have had a lot of friends get theirs jacked who were much lower under the radar than I am.  So I know it's not "luck" and it's definitely not just password quality or complexity.  So I just groan and lose a bit more patience everytime Blizzard or Anet's made me bend over backwards so they can protect these Internet n00bs/scrubs who keep getting theirs jacked despite following all this "awesome advice" from security consultants or whoever they copy paste all these assumptions about hackers from.....   Those same kinds of fools will still be getting theirs jacked in a year or two so this is just another waste of time.

I know how Hackers operate but at the same time I'm not divulging my secrets (it's not even that complicated, it's actually 2 or 3 really simply principles to live by) and risking exposure to the ones who honestly are just looking for the next challenge ... and Kudos to the ones who do, they really embody the spirit of human excellence as opposed to the sad soulless ****s who are just jacking accounts for Bots & Gold Selling.

Edited by ilr, 01 February 2013 - 11:49 PM.

[Zadaa]

Try keping a book/notepad/excelsheet/anyotherwritingthingy and store all your passwords there. I have a common theme to my password and so chaning isn't a big deal. But for those with frail or poor memories, try keeping a storage system like this. It will keep the stress of remembering off your mind and it requires no effort. It may take 10 sec fifteen even if you are inexperienced with writing or typing. So there is no reson to complain about having a hard time remembering. And if changing your password is "the end of the world" to you, I don't think the internet is the place for you.

[Enchanted Krystal]

zephylynx, on 01 February 2013 - 05:29 PM, said:

I've driven a car for over 10 years without a fatal accident. I never have to worry about car crashes.

This kind of logic confounds me greatly....

Makes sence to me, what's so confusing?
If you are a good/safe driver, then yes, you will have nothing to worry about & stand a good chance of not having a crash in the future. Same with passwords, make a good one or use Keepass, never use the same password twice & you will stand a good chance of not getting hacked in the future.

I am just saying, why do I have to change my passowrd....cause Anet want's me to. Not because it's not safe, not because I am at risk of getting hacked, simply because it predates their Blacklist.

Mine has been changed & I can see why Anet think it's a good thing, but the choice should be left to the user IMO.  Doom on them if they get hacked using a basic/common/communal password.

I am really liking this Keepass, I was a little dubious at first but I can see myself using this program a lot as my memmory really blows.

[Reverse Ghost]

Volkon, on 01 February 2013 - 07:52 PM, said:

Use a common word, shake it up a bit, bang, strong password. One I've retired from the past was H@ll0w33n for example. Easy to remember, complex to crack.Better yet is to stick two unrelated words together and do that. Gr@p35h@rk (gr@pe shark) is catchy and easier to remember than it looks.

The problem is, these brute-force algorithms take these things into account now because they're so common. It would not take too much longer to brute H@ll0w33n than Halloween. All they have to do is let the program know some very common substitutions. @ or 4 = a or A, 0 = o or O, etc. These substitutions are almost always vowels. Basically, brute force programs know about 1337 speak and know how to get around it.

On another note, when a person is "forced" into using a number for their password, the vast majority choose 1. When "forced" to add a special character, the majority choose !. These statistics make it pretty easy for brute-force programs to effectively attack.

Anyway I didn't want to go off on a big thing here. Just trying to help

Evans, on 01 February 2013 - 12:51 PM, said:

Hmm, as useful as that sounds, isn't such a program susceptible to hacking? I mean I expect the most assaults to my electronic information to come from the web. As such a little notebook with all your passwords, which you can still put aside in a discreet place, cannot be accessed by the usual suspects. How safe is a program like KeePass against those who have a real interest in getting your information?

It's true that storing all your passwords on paper leaves them available to friends or family, or whoever can reach them, but it isn't very hard to put them in a secure place and if you don't mention the existence of such a document, who would go through your private stuff looking for it. Furthermore, who would have the chance of doing so? I don't know who tries to access my pc from over the internet, but I do know who I let into my office room.

No, you're right. It's going to be different for people, depending on their situation. If you have really good control over your office room and never flash those papers near a window, you'll probably be perfectly safe. Unless you happen to get a keylogger on your computer. Then typing those passwords every time would be a risk.

Whereas, using a program like KeePass where the passwords are never typed out would be more secure against a keylogger but less secure against someone gaining access to your database file. But if you use a strong master password and enable a key file (which you might keep on a USB drive), you are pretty damn safe from that. Even if someone got access to your master password and your database file, they could still not open your database without that key file.

You can check out some tips and cool information here: http://www.geeksengi.../keepass-2.html