Join Australia's most dynamic and respected property investment community

How Safe are your passwords?.

Discussion in 'Living Room' started by willair, 23rd Jul, 2015.

  1. willair

    willair Well-Known Member Premium Member

    Joined:
    19th Jun, 2015
    Posts:
    1,688
    Location:
    Brisbane..
    Every now and again I get emails from someone from a Bank, but not from the Bank I have everything with about if because of some problem they want me to give them the data to help me out,sounds like kind people ,but from what people a lot smarter tell me ,a weak password with only 8 lower case letters can be blown out of the water within 52 seconds ,so the question is when and how often do you change your passwords,and how many letters numbers does one have to use to be safe,i always thought having 8 different letters numbers were safe,but it does not seem that way how does one effectively make passwords unbreakable?..
     
  2. Mombius Hibachi

    Mombius Hibachi Well-Known Member

    Joined:
    1st Jul, 2015
    Posts:
    492
    Hi Will, I use a program called Universal Password Manager, where I keep all my passwords.

    You can set it up to generate a password for you or enter existing ones if you prefer. Whenever I need to set up a new account, I just have it generate one for me. I don't even know what the password is!

    The only password I need to remember is the one to access the program, which I know by heart, since I access it (UPM) about 10 times a day.

    It's free and you can get it here: http://upm.sourceforge.net/
     
    MyArhidia and willair like this.
  3. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    1,647
    Location:
    Sydney
    It's not so much about making passwords unbreakable as limiting the damage that might occur if your account does somehow get compromised.

    1. use long random passwords. If you can remember your password it's not long enough or random enough.

    2. never use the same password on multiple sites. If one site gets hacked and they managed to somehow decrypt (or guess!) your password from the stolen database, then the worst that can happen is that you have one site compromised and not all of them.

    3. use a password manager so you don't have to remember your passwords.

    Personally, I use 1Password ... and generate a unique long random password for every website I have an account on.

    Some recommended reading:
     
    MyArhidia, cal and willair like this.
  4. willair

    willair Well-Known Member Premium Member

    Joined:
    19th Jun, 2015
    Posts:
    1,688
    Location:
    Brisbane..
    Mark Sim, thanks a lot for those links, it may also help other people out thanks..
    Good to see you on the new site Mark..
     
  5. Roosterman

    Roosterman Well-Known Member

    Joined:
    25th Jun, 2015
    Posts:
    53
    Location:
    Brisbane
    Yes, thanks to Mark and Simon. This is something I keep putting off, will sort it out now
     
  6. citystar

    citystar Well-Known Member

    Joined:
    19th Jun, 2015
    Posts:
    167
    Location:
    QLD
    I make sure my passwords are complex and difficult to bruteforce. When I setup the security questions for Forgot Your Password, I don't put true answers in as dozens of my family and friends know what my favourite movie is or the name of my first pet.
     
  7. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    1,647
    Location:
    Sydney
    citystar likes this.
  8. spludgey

    spludgey Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    679
    Location:
    Sydney
    "D5k883SitjatK17T", pretty secure, I reckon!

    I use the same password for everything, so if it was compromised, people would have access to all my data.
    My partner asked me the other day in front of our parents what it was and then got upset with me when I wouldn't tell her.
     
  9. Mombius Hibachi

    Mombius Hibachi Well-Known Member

    Joined:
    1st Jul, 2015
    Posts:
    492
    Same to you, my friend!
     
  10. chindonly

    chindonly Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    335
    Location:
    Brisbane
    Well, it used to be...
     
  11. skyfall

    skyfall Well-Known Member

    Joined:
    19th Jun, 2015
    Posts:
    94
    Location:
    Everywhere
    I also use one of those free programs ( keypass ) but now keep it on a computer I've disabled from the internet by physically removing the bluetooth/wifi thing which plugs into the motherboard. I learnt the hard way after my computer was hacked and they used my passwords from this program to steal $20k from a bank account. They also got into my PayPal and Commsec account and changed my email address.
     
  12. Coxy89

    Coxy89 Active Member

    Joined:
    18th Jun, 2015
    Posts:
    33
    Location:
    Australia
    [​IMG]
    XKCD to the rescue
     
  13. Ouga

    Ouga Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    372
    Location:
    "Trying is the first step towards failure" Homer
    ****, that sucks.
    Would you mind sharing which program you were using at the time?
     
  14. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    1,647
    Location:
    Sydney
    Coxy89 likes this.
  15. Ouga

    Ouga Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    372
    Location:
    "Trying is the first step towards failure" Homer
    Also, how safe would be an application like 1password if say your laptop was stolen or your computer hacked?
    Do you need to enter the master password each time the app uses the password to a website? If not, should your laptop/tablet get stolen, all content is accessible directly from the browser?
     
  16. HD_ACE

    HD_ACE Game-Changer Premium Member

    Joined:
    18th Jun, 2015
    Posts:
    449
    Location:
    Perth
    I use the same password for everything **********.
     
  17. legallyblonde

    legallyblonde Well-Known Member

    Joined:
    23rd Jun, 2015
    Posts:
    685
    Location:
    TAS
    I am terrible... All of my passwords except internet banking are saved on Chrome! I used a computer at uni recently and it took me three attempts to access my emails!
     
  18. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    1,647
    Location:
    Sydney
    I should be fine if you choose a sufficiently complex password that you WILL remember (it's the only one you must remember - if you forget it, there is NO way to get your passwords back - although most websites let you reset your passwords so long as you have access to the email address you registered with).

    1Password uses a pretty complex encryption system which is designed to be resistant to brute-force attack. Unless someone was able to guess your master password (because it was not sufficiently strong enough), then they are unlikely to be able to gain access to your 1Password data.

    More information here: 1Password data security | 1Password User Guide

    You need to enter the master password when you first load the application or first access it through a browser. There are timeouts which automatically lock the application too.

    2015-07-26_18-20-19.png

    So you do find yourself entering your master password fairly often - but that's the only password I have to enter, and I can type it pretty quickly due to muscle-memory.
     
    willair and Ouga like this.
  19. DanW

    DanW Well-Known Member

    Joined:
    26th Jun, 2015
    Posts:
    400
    Location:
    Sydney
    My password manager software got hacked :(

    Lastpass.

    They got the user names (email) of all users and the hashes of master passwords (useless). But didn't get into see details of accounts.

    However using the Username (email) , the hackers tried bruteforce attacks and broke into my steam games account. Luckily 2 stage verification saved me.

    Moral of the story don't use simple passwords, and always sign up for 2 stage login if allowed.
     
  20. rhinsor

    rhinsor Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    437
    Location:
    Perth
    I use the same password for any basic site I don't care if it gets hacked.
    Then I use about 10 different other passwords for about 50 things I need to log into.