Community home

BandOfBrothers · ‎13-09-2015

Hi.

After reading the media piece titled "How to pick the perfect password" from BBC Tech News found here I thought I'd both share the link and bring this to the eForum members to digest.

Excerpt " On Tuesday, the UK government agency GCHQ published new password guidance designed to "improve security, while improving the usability of systems.

Its report challenged some common ideas about passwords and security. So how do you choose, and just as importantly remember, the perfect password? Many websites demand complex passwords with a mixture of upper and lower case letters, numbers and symbols.

The GCHQ report suggested complex passwords may actually be counterproductive, because people often write them down or reuse the same one on many websites."

My Thoughts :

This prompted me to think how often I personally change the Passwords I use and how often I change them. And if any were duplicated for others places.

One option I use is called 1Password "1Password creates strong, unique passwords for every site, remembers them all for you, and logs you in with a single tap."

Also my 'iCloud Keychain' comes into play to remember my Passwords for me making it easier to log into places.

Another Excerpt from the link says ""Passwords are rarely cracked by brute force. They are mostly captured through phishing and malware, and with those attacks it does not matter how long or complex your password is." which brings a little balance to the piece.

Like many others I also follow general advice not to perform actions such as Internet Banking / using PayPal on Public WiFi.

How do you choose to protect yourself.

Picture courtesy of the BBC Tech Page.

Current Phone >

Samsung Galaxy s²³ Ultra 512gb Phantom Black.

hrym · ‎15-09-2015

The things nobody's mentioned here are site security, phishing and back-door hacks.

You can have the best password in the world but, if the site you use it on doesn't encrypt it truely securely, it might as well be "password".

Phishing, and especially, spear-phishing attacks can get the password of site staff. Find the right one and you take on all their privileges with no further effort and may even be able to see user passwords, or change them to something else. And, of course, users themselves can be phished.

Back-door hacks don't require the user password, but get in via other means and change user data. Some email services seem particularly prone to this, but whether security has been bypassed or someone's been phished internally, we'll never know. If someone does get hold of your email account, the worst thing you can do is change any other passwords because the hacker will then get the reset emails and can choose something of their own - they don't even have to work out what sites you may use and hope you've used the same password as your email account. In relation to that, make sure that your recovery email address is on a different service so that doesn't get intercepted too!

Finally, there's two-stage authentication. This usually requires you to enter a code sent to a phone. As long as the hacker doesn't have access to this, they're locked out. A landline is less convenient, but pretty much impossible to steal.