60 {{ upvoteCount | shortNum }}
60 {{ upvoteCount | shortNum }}

Do you use the same password for multiple accounts?

by Paul Myers
49 replies
Here's an excellent example of why that's a Very Bad Idea: Twitter Status - Reason #4132 for Changing Your Password

That entry also gives yet another reason to avoid doing business with people in the sketchier ends of the industry.


Paul
#accounts #multiple #password
  • Profile picture of the author Paul Myers
    Here's some more nastiness that can come from this practice:

    Creep gets your email address and password for one site, tests to see if the password also gets them into the email account. It does? Goes to Paypal and tries the combo. If that doesn't work, but an account exists for the address, they just do a password request, which is sent to the account they just got into.

    Repeat with Amazon.com. And banks local to your area. They might even know which you use, if you have anything linked to your Paypal account.

    Lots of things they can do with that sort of information...


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[1703462].message }}
    • Profile picture of the author Tam Chancellor
      Originally Posted by Paul Myers View Post

      Here's some more nastiness that can come from this practice:

      Creep gets your email address and password for one site, tests to see if the password also gets them into the email account. It does? Goes to Paypal and tries the combo. If that doesn't work, but an account exists for the address, they just do a password request, which is sent to the account they just got into.

      Repeat with Amazon.com. And banks local to your area. They might even know which you use, if you have anything linked to your Paypal account.

      Lots of things they can do with that sort of information...


      Paul


      I don't use the same password, but I have 4 that I rotate. It's a major
      PITA coming up with secure passwords...that I'll remember. This is
      definitely a wake up call!

      Tam
      Signature

      "Talking ain't doing." --Zoe Washburne

      "What you do speaks so loud I cannot hear what you say." - Ralph Waldo Emerson

      {{ DiscussionBoard.errors[1703623].message }}
      • Profile picture of the author Dennis Gaskill
        Originally Posted by Tam Chancellor View Post



        I don't use the same password, but I have 4 that I rotate. It's a major
        PITA coming up with secure passwords...that I'll remember. This is
        definitely a wake up call!

        Tam
        I just don't get that, Tam. Your password should never spell out a name or a real word. How hard it is to just make up random letters and numbers?

        dRdl39G3dxIZz2
        ug83b4Tg90sEl
        19Hqq4p9x2f2J

        I could do that all day. Keep track of your passwords in a Rolodex, or use Roboform. There are plenty of free password generators out there too. I don't use the same password for anything. Take it from someone who learned the hard way when my site was hacked, laziness with passwords can only lead to trouble.
        Signature

        Just when you think you've got it all figured out, someone changes the rules.

        {{ DiscussionBoard.errors[1703655].message }}
        • Profile picture of the author Paul Myers
          Dennis,

          It doesn't have to be a word to be easy to remember. Example:

          103NYY27ws!

          The odds of that password getting brute-forced are very low. (No, it's not one I use anywhere.) But, if you're a Yankees fan, you won't have trouble remembering it.


          Paul
          Signature
          .
          Stop by Paul's Pub - my little hangout on Facebook.

          {{ DiscussionBoard.errors[1703701].message }}
          • Profile picture of the author Dennis Gaskill
            Originally Posted by Paul Myers View Post

            Dennis,

            It doesn't have to be a word to be easy to remember. Example:

            103NYY27ws!

            The odds of that password getting brute-forced are very low. (No, it's not one I use anywhere.) But, if you're a Yankees fan, you won't have trouble remembering it.


            Paul
            lol - that is true Paul, but my password list prints out to four pages. It's a lot faster to make up random stuff - I don't try to remember them. I have a hard enough time remembering what day it is.
            Signature

            Just when you think you've got it all figured out, someone changes the rules.

            {{ DiscussionBoard.errors[1703728].message }}
        • Profile picture of the author Tam Chancellor
          Originally Posted by Dennis Gaskill View Post

          I just don't get that, Tam. Your password should never spell out a name or a real word. How hard it is to just make up random letters and numbers?

          dRdl39G3dxIZz2
          ug83b4Tg90sEl
          19Hqq4p9x2f2J

          I could do that all day. Keep track of your passwords in a Rolodex, or use Roboform. There are plenty of free password generators out there too. I don't use the same password for anything. Take it from someone who learned the hard way when my site was hacked, laziness with passwords can only lead to trouble.
          My passwords are are numbers and unique combinations of words that
          are related to my hobbies/obsessions. I would be very impressed if someone
          could figure out my passwords. I keep my passwords in a spreadsheet, but
          sometimes I'm away from my computer and need to access certain sites.
          There is no way in h-e double hockey sticks that I could remember something
          like your examples.

          After reading the articles referenced above...I realize that it's better to
          be safe that sorry.

          Tam
          Signature

          "Talking ain't doing." --Zoe Washburne

          "What you do speaks so loud I cannot hear what you say." - Ralph Waldo Emerson

          {{ DiscussionBoard.errors[1703720].message }}
          • Profile picture of the author Dennis Gaskill
            Originally Posted by Tam Chancellor View Post

            My passwords are are numbers and unique combinations of words that
            are related to my hobbies/obsessions. I would be very impressive if someone
            could figure out my passwords. I keep my passwords in a spreadsheet, but
            sometimes I'm away from my computer and need to access certain sites.
            There is no way in h-e double hockey sticks that I could remember something
            like your examples.

            After reading the articles referenced above...I realize that it's better to
            be safe that sorry.

            Tam
            Tam, as I understand it, a brute force attack uses combinations of dictionary words, names, and numbers to crack passwords like you described. It's done using software that just hammers passwords at a target. It's not like some guy is sitting around making guesses. You're free to use whatever you like, of course, but you may want to reconsider how secure your passwords really are.

            I used to use a letter substitution, for example, I'd add two places to a letter, like this:

            a = c
            b = d
            c = e

            ...and so on. So if I wanted to use my name for a password, it would be: fgppkuicumknn

            You'd think that would hard to crack, wouldn't you? It was cracked. Some of the password cracking tools have what is called a leet feature. That just means it does letter substitution like I was doing and it cracked my code. It cost me plenty...better safe than sorry I say.

            You don't have to remember your passwords. Software will do it for you, or simply printing them out and keeping the list will do the trick, or use a rolodex.

            What I do now is, for anything crucial, I ask how long a password can be and I use the maximum number of characters allowed and use upper case and lower case letters, numbers, and special characters if they're allowed. If someone can figure out a password like this: t#snV9r3*$x>eRG40oX!M^ ...then I at least know I did all I could to prevent it.
            Signature

            Just when you think you've got it all figured out, someone changes the rules.

            {{ DiscussionBoard.errors[1703751].message }}
            • Profile picture of the author Lawrh
              Dennis,

              Your two character shift would have been broken in seconds. Almost from the beginning of the 'Net a simple cipher for email was used with a 13 character shift, it is called ROT13. It is still used in Usenet clients to disguise offensive content. This kind of shifting is always taken into account.

              Also, your sample passwords do not contain any special characters. That could be a dangerous mistake. Adding special characters makes brute forcing exponentially more difficult.

              Oops, just noticed your last paragraph, you do use special characters, sorry.

              The Roboform password generator is a safer option. It is very difficult for humans to create something random enough to fend off a determined attack.
              Signature

              “Strategy without action is a day-dream; action without strategy is a nightmare.” – Old Japanese proverb -

              {{ DiscussionBoard.errors[1703800].message }}
              • Profile picture of the author Dennis Gaskill
                Originally Posted by Lawrh View Post

                Dennis,

                Your two character shift would have been broken in seconds. Almost from the beginning of the 'Net a simple cipher for email was used with a 13 character shift, it is called ROT13. It is still used in Usenet clients to disguise offensive content. This kind of shifting is always taken into account.
                Now he tells me!

                I admit I was pretty naive before my site was hacked. I didn't even know hackers had brute force tools, let alone tools with leet features. I never visited that world because I had zero interest in hacking or cracking anything. I was forced to learn about it when my site was hacked so I could do a better job of prevention.

                I even wrote a PDF about getting hacked and spent $200 for a press release to educate others. I got a few thousand new links from that, and that began my site's recovery in the engine rankings.
                Signature

                Just when you think you've got it all figured out, someone changes the rules.

                {{ DiscussionBoard.errors[1703841].message }}
                • Profile picture of the author Dan C. Rinnert
                  The password for your eMail address is your most important and often the most overlooked. People may make up difficult passwords for their banking info, but keep something super simple for their eMail address so they won't forget it.

                  If you use eMail addresses on your own domain, another trick is to use different addresses for different accounts (with different passwords, of course). That way, even if someone were to get into one account, they'd be reasonably sandboxed from your other accounts.
                  Signature

                  Dan's content is irregularly read by handfuls of people. Join the elite few by reading his blog: dcrBlogs.com, following him on Twitter: dcrTweets.com or reading his fiction: dcrWrites.com but NOT by Clicking Here!

                  Dan also writes content for hire, but you can't afford him anyway.
                  {{ DiscussionBoard.errors[1703868].message }}
              • Profile picture of the author oggobis
                Originally Posted by Lawrh View Post

                The Roboform password generator is a safer option. It is very difficult for humans to create something random enough to fend off a determined attack.
                Hi there Lawrh

                I start to have an image of you as security savvy ^^

                I have never use roboform, don't understand how it works. I afraid that there someone with program mastery can crack it. I'll take a look how it works. And if any people have bad experience with it.

                As myself, I save all my password in a document file. Protected with file locker software, so no one can ever view / access / edit it. Each passwords is different. It has combination of letter and number (no special character yet ).
                Signature
                Va' Dove Ti Porta Il Cuore
                ..Are you IM newbie? Let's share our journey on twitter
                ..What Mistake(s) Have You Made?
                ..How Do You Recognize Your Call?
                {{ DiscussionBoard.errors[1704171].message }}
                • Profile picture of the author Lawrh
                  Originally Posted by oggobis View Post

                  Hi there Lawrh

                  I have never use roboform, don't understand how it works. I afraid that there someone with program mastery can crack it. I'll take a look how it works. And if any people have bad experience with it.
                  Cracking Roboform isn't an issue. It defaults to AES encryption with the option to choose from DES, tripleDES, blowfish or RC6. Stick with AES, blowfish or RC6 and you're good.

                  The only possible weak point is the master password which you choose. The master password can be up to 49 characters long. You could create a really messy one and store it in a text file (encrypted) and copy and paste it. A little ingenuity with the master password can make cracking it infeasible.
                  Signature

                  “Strategy without action is a day-dream; action without strategy is a nightmare.” – Old Japanese proverb -

                  {{ DiscussionBoard.errors[1704226].message }}
                  • Profile picture of the author paradox_qu
                    Originally Posted by Lawrh View Post

                    Cracking Roboform isn't an issue. It defaults to AES encryption with the option to choose from DES, tripleDES, blowfish or RC6. Stick with AES, blowfish or RC6 and you're good.

                    The only possible weak point is the master password which you choose. The master password can be up to 49 characters long. You could create a really messy one and store it in a text file (encrypted) and copy and paste it. A little ingenuity with the master password can make cracking it infeasible.

                    But you have to realize that the biggest threat to passwords now a days isn't cracking. It is spyware, malware, and viruses. If someone installed a keylogger on your computer then it doesn't matter how well your password is encrypted.
                    {{ DiscussionBoard.errors[1704231].message }}
                    • Profile picture of the author Lawrh
                      Originally Posted by paradox_qu View Post

                      But you have to realize that the biggest threat to passwords now a days isn't cracking. It is spyware, malware, and viruses. If someone installed a keylogger on your computer then it doesn't matter how well your password is encrypted.
                      Which is why I suggested copy and paste to get into Roboform. Of course unlocking the local file is a risk. An alternative to this would be to have an unencrypted file known only to you, local or on the net, which you would copy and paste from. Perhaps the third line from a Shakespeare sonnet expressed in hexadecimal. If you're really paranoid write a brief text file and encrypt it with PGP, then open it in a text editor and strip out the PGP headers then save as a text file then use a block from somewhere in the file as your copy and paste password. Store it online, copy and paste from your browser.

                      Mustn't forget steganography, but that's another topic.

                      Maintaining good computer hygiene can mitigate a lot of this. I guess it just depends upon how valuable your data is and how paranoid you are.
                      Signature

                      “Strategy without action is a day-dream; action without strategy is a nightmare.” – Old Japanese proverb -

                      {{ DiscussionBoard.errors[1704272].message }}
                      • Profile picture of the author oggobis
                        Originally Posted by Lawrh View Post

                        Which is why I suggested copy and paste to get into Roboform. Of course unlocking the local file is a risk. An alternative to this would be to have an unencrypted file known only to you, local or on the net, which you would copy and paste from. Perhaps the third line from a Shakespeare sonnet expressed in hexadecimal. If you're really paranoid write a brief text file and encrypt it with PGP, then open it in a text editor and strip out the PGP headers then save as a text file then use a block from somewhere in the file as your copy and paste password. Store it online, copy and paste from your browser.

                        Mustn't forget steganography, but that's another topic.

                        Maintaining good computer hygiene can mitigate a lot of this. I guess it just depends upon how valuable your data is and how paranoid you are.
                        Is that English? Not sure what you're talking. Except the last paragraph. LOL.

                        OOT. Hey, have you ever heard this?
                        Philosophy without action is useless.
                        Action without philosophy is lethal weapon.
                        Soichiro Honda
                        Signature
                        Va' Dove Ti Porta Il Cuore
                        ..Are you IM newbie? Let's share our journey on twitter
                        ..What Mistake(s) Have You Made?
                        ..How Do You Recognize Your Call?
                        {{ DiscussionBoard.errors[1704298].message }}
  • Profile picture of the author MJ Sterling
    Good advice Paul.

    It's amazing how many people forget, or simply haven't been made aware of the basic security rules of the Internet.

    I'd also like to add this if I may:

    Change your password (each password) at least every six months and always include numbers or special characters in them. Use both upper and lower-case letters.

    Never use words that can be found in a dictionary or include any form of personal information in your passwords.
    {{ DiscussionBoard.errors[1703473].message }}
  • Profile picture of the author Lawrh
    Good advice, but sadly few will take it. Having worked as a system administrator for many years I long ago realized that people simply will not do anything to protect themselves until after something happens to them. Even then their "security awareness" will only last a couple of weeks.

    Security and convenience are inherently incompatible. Most users will not even consider the slightest inconvenience. No matter the cost to their business or their life in general. Until your computer can scan your DNA these exploits will continue to succeed. Sad.
    Signature

    “Strategy without action is a day-dream; action without strategy is a nightmare.” – Old Japanese proverb -

    {{ DiscussionBoard.errors[1703526].message }}
    • Profile picture of the author Sissy76
      Thanks for posting this Paul.

      It's easy to get lazy and stick with the same password for everything.

      There's lots of ways to keep a track of your different passwords, my sister uses a good old address book. You know, those old, antiquated physical books, with a cover on the outside and bound pieces of paper inside . It never leaves her computer desk.
      Then again, if anyone broke into her house and found it, they could go to town on her PC, and her life. Hopefully the diamonds and silverware will distract them.

      Cheers,
      Sissy
      {{ DiscussionBoard.errors[1703548].message }}
  • Profile picture of the author richman777
    I would suggest you assign a separate password for emails and financial accounts :-)
    Signature
    Tips and Tricks for Your Internet Based Home Business Success
    {{ DiscussionBoard.errors[1703669].message }}
  • Profile picture of the author DogScout
    Naw, mine are all different.
    Got them on sticky notes all over the computer
    and my pin carved in the Safeway checkout for my debit card
    made sure to use my pets and children,s names and birth dates
    as well as my school nic name and my graduation year

    If you don't want anyone to steal your identity, just miss a couple car payments, then no one will want it.
    Signature
    {{ DiscussionBoard.errors[1703696].message }}
  • Profile picture of the author zoobie
    Nope, I use a password manager to remember all my passwords and rarely they are same for each site.
    {{ DiscussionBoard.errors[1704203].message }}
    • Profile picture of the author paradox_qu
      Hey guys I actually made a video on password security a few days ago. I talked about how to pick a good password and why it isn't a good idea to use the same password for all your sites.

      {{ DiscussionBoard.errors[1704217].message }}
  • Profile picture of the author sbucciarel
    Banned
    I used the same very easy password for years. Then someone on here had their domains stolen from their registrar. That woke me up. I changed all my passwords to gibberish passwords like h29p4ri4fjero.

    I keep a notepad of all the passwords because there's no way I'd ever remember them.
    {{ DiscussionBoard.errors[1704246].message }}
  • Profile picture of the author oggobis
    @paradox_qu

    So what anti spyware-malware-virus are you using?

    I use these (as I have researched these are one of the best at its field)
    `anti virus: avast 5 free
    `anti virus: SmadAV free (protection from local virus - it ally with comodo! wow )
    `firewall: comodo free (w/o antivirus, prevent crashing w/ avast)
    `IObit security 360 free
    `WinPatrol free
    `security updates from microsoft

    Always up to date. Don't have enough dough to buy paid version :p, so I use free edition as possible.
    Signature
    Va' Dove Ti Porta Il Cuore
    ..Are you IM newbie? Let's share our journey on twitter
    ..What Mistake(s) Have You Made?
    ..How Do You Recognize Your Call?
    {{ DiscussionBoard.errors[1704261].message }}
    • Profile picture of the author paradox_qu
      Originally Posted by oggobis View Post

      @paradox_qu

      So what anti spyware-malware-virus are you using?

      I use these (as I have researched these are one of the best at its field)
      `anti virus: avast 5 free
      `anti virus: SmadAV free (protection from local virus - it ally with comodo! wow )
      `firewall: comodo free (w/o antivirus, prevent crashing w/ avast)
      `IObit security 360 free
      `WinPatrol free
      `security updates from microsoft

      Always up to date. Don't have enough dough to buy paid version :p, so I use free edition as possible.
      Those are good and I'm glad to see you apply regular updates. Truthfully I don't run any of those because I'm a linux user.

      I'm glad to see that there are so many security nuts out there. Sometimes I feel like it is only me.
      {{ DiscussionBoard.errors[1704297].message }}
      • Profile picture of the author oggobis
        Originally Posted by paradox_qu View Post

        Those are good and I'm glad to see you apply regular updates. Truthfully I don't run any of those because I'm a linux user.

        I'm glad to see that there are so many security nuts out there. Sometimes I feel like it is only me.
        Linux!? No virus there? Hmm... perhaps I can start to use it.
        Is it user friendly? Can you live daily usual windows activity on linux? Sorry to ask so many question. Hehe...
        Signature
        Va' Dove Ti Porta Il Cuore
        ..Are you IM newbie? Let's share our journey on twitter
        ..What Mistake(s) Have You Made?
        ..How Do You Recognize Your Call?
        {{ DiscussionBoard.errors[1704310].message }}
        • Profile picture of the author paradox_qu
          @oggobis ya there are basicly no viruses on linux, and you dont have to worry about malware/spyware. The most user friendly linux is Ubuntu Home Page | Ubuntu

          You can try it you by running their live cd, it installs nothing on your computer and lets you try it out. (you have to remember that the live cd will be a little slow. IF you decide to install it it will be way faster)

          I use linux for everything. I do have window on this computer too but I haven't booted into it in over a year. (I need to run update when I do boot it though).

          I love linux because it is free, incredibly safe, and ubuntu is very user friendly. Also the package manager gives me instant access to tons of free software.
          {{ DiscussionBoard.errors[1704393].message }}
  • Profile picture of the author TristanPerry
    Nope, I have perhaps over 200 accounts now (e-mail accounts, website accounts, cPanel accounts, etc) and each use a different, unique password consisting of 12 characters containing numbers, letters and symbols (making each one practically impossible to guess). I then store these in an encrypted password bank with a master password.

    This may seem a little over-the-top, but it's our businesses we are talking about - not just a little account somewhere.

    The reason I now use this password policy is that a few years ago I used a fairly secure password (16 characters long; numbers, letters and symbols) which I had remembered and I used it on about 50 sites at the same time.

    I was thinking "Hah, it's a secure password; it won't be guessed"

    Well I was right in that respect... it wouldn't be guessed..

    However one day one of the sites I had registered with got hacked and the hacker published the database details (including the password hash, etc) online.

    Doh!

    Even though the password was encrypted, it still isn't very good to have that password floating around online!

    So since then I've been using the above password system which I feel is much more secure
    Signature
    Plagiarism Guard - Protect Against Content Theft
    {{ DiscussionBoard.errors[1704271].message }}
  • Profile picture of the author George Wright
    Thanks for the alert Paul.

    This is another good reason to have the extra protection of the PayPal Cell Phone Security Key. When activated when you try to log in to your account PayPal sends you a 6 digit key, unique at each log in, that you have to enter in addition to your ID and password.

    George Wright P.S. for those without cells or who don't want to use their cell phone for this PayPal will send you a digital key for $5. It generates a unique sign in code each time you log in.
    Signature
    "The first chapter sells the book; the last chapter sells the next book." Mickey Spillane
    {{ DiscussionBoard.errors[1704412].message }}
  • Profile picture of the author Ralf Skirr
    I guess most of the people use the same password for many logins because they are to lazy to keep records of their logins.

    Years ago I had one standard password for everything.

    Then I tried some excel lists, but somehow they got messed up and it really was uncomfortable to open excel everytime a login was needed.

    What finally saved me and makes me use separate passwords for each account was Roboform. It's probably the greates time saver I have. I'd rather hand code my web sites than managing logins with spreadsheets again.

    Password Manager, Form Filler, Password Management | RoboForm

    Ralf
    {{ DiscussionBoard.errors[1704425].message }}
  • Profile picture of the author Kishor Karsan
    I Def use different passwords for different accounts.....to use the same password for many accounts is just plain stupid and you are just inviting hackers out there

    regards

    Kishor
    {{ DiscussionBoard.errors[1704531].message }}
  • Profile picture of the author khtm
    I'm surprised nobody has mentioned this yet -

    LastPass.com

    Seriously. Install it, use it, love it.
    {{ DiscussionBoard.errors[1706181].message }}
  • Profile picture of the author Mark Riddle
    I find it best to hack peoples twitter accounts and use their passwords on my accounts that way no-one will tie my password to any of my info :rolleyes: :confused:

    Yes Tongue firmly planted in my cheek.

    I keep my passwords on a note pad.

    NO Not the one on the computer.

    a REAL NOTE PAD Paper and lines!

    I use a graphical input device such as a pencil to create an indelible marking on the paper.

    Mark Riddle
    Signature
    Today isn't Yesterday, - Products are everywhere if your eyes are Tuned!
    {{ DiscussionBoard.errors[1706423].message }}
    • Profile picture of the author Kay King
      I also write passwords down - in a spiral bound address book purchased on sale for a buck several years ago (talk about getting your money's worth out of a purchase!). I have roboform but the notebook is easy to carry if I'm traveling and was invaluable when my hard drive crashed.

      I repeat some passwords on sign up sites, forums, etc - but on website cpanels, web hosting, and any money accounts I use complex generated passwords for safety with each one unique to the site.

      kay
      Signature
      Saving one dog will not change the world - but the world changes forever for that one dog
      ***
      2024 Patriot's Award for Service to Veterans
      {{ DiscussionBoard.errors[1706513].message }}
  • Profile picture of the author Mili_D
    It's really crazy but I never have the same pass words every password that I have ever had has always represented something in a different language whether that will be word or numbers I would write all my password in a old school rough book so no one will ever think about look for my password there. Lol also I thinking of installing lastpass see if this helps me.
    {{ DiscussionBoard.errors[1707141].message }}
  • Profile picture of the author Lawrh
    Originally Posted by ProductCreator View Post

    Problem with Roboform is that if a keylogger is installed on your system and the entry password is captured, then the hackers can get access to every single password you have!
    Use the Windows on screen keyboard or post 25.
    Signature

    “Strategy without action is a day-dream; action without strategy is a nightmare.” – Old Japanese proverb -

    {{ DiscussionBoard.errors[1707340].message }}
    • Profile picture of the author Jeff Henshaw
      Writing down in a notebook at home. What if your house burns down or the notebook is stolen?
      Make three hand written copies of your details (nothing digital).

      1. First one hidden near your computer, but in a safe place.

      2. Second one kept in a hidden fireproof safe.

      3. Third one kept in a secure off site location.

      Number 1 most vulnerable BUT how many people who break into your office or house are looking for names and passwords???

      If stolen, would the thieves even know what the contents were, meant, or what to do with them??

      The above hand written system might seem a pain in the butt - but - it takes very little time to implement. Let's face facts - how many secure sites needing user names and passwords do you sign up for each day?

      Not flipping many I'll bet.

      Unless one is specifically going to be targeted by off line thieves who want to steal online information (pretty unlikely for most Warriors, don't you think?), then using 1, 2 and 3 above is as secure as any IRS, FBI, MI5 and/or so on government linked secure archive. Off line stuff can't be hacked.

      Let's be frank, one could hardly use a computer located perhaps miles away, to hack into and open grandma's knicker drawer, could one? and who on the forum would want to play with Gran's underwear?

      Well some might - we'll see from any reply posts

      IMHO, 1, 2 and 3 are primitive but the most secure for the small business entrepreneur.

      Just my thoughts,
      Jeff.
      {{ DiscussionBoard.errors[1707479].message }}
  • Profile picture of the author JohnMcCabe
    I use a combination of Roboform for things like site log-ins and passwords. For stuff like database usernames/passwords, etc. I go the paper route.

    Maybe I'm over-thinking this, but I'll use the same username/password at times for groups of sites, like bookmarking sites. If someone does crack it, they get a dead-end email address and a few throwaway accounts on bookmark sites, etc.

    I do have a question for the real security geeks (that's a compliment)...

    Is letting Windows or a browser "remember" passwords one way of thwarting key-loggers and such, or does it just speed up the typing process?
    {{ DiscussionBoard.errors[1707369].message }}
    • Profile picture of the author Lawrh
      Originally Posted by JohnMcCabe View Post

      Is letting Windows or a browser "remember" passwords one way of thwarting key-loggers and such, or does it just speed up the typing process?
      It's not really a good idea to use Windows and security in the same sentence. Browsers aren't much better, although the updates come quicker. Dedicated third party password tools are always better. Mind you if you go online there will always be some risk. Though with common sense (I know it's an oxymoron) most threats are less of a problem than the hysteria would have you believe.
      Signature

      “Strategy without action is a day-dream; action without strategy is a nightmare.” – Old Japanese proverb -

      {{ DiscussionBoard.errors[1707403].message }}
    • Profile picture of the author paradox_qu
      Originally Posted by JohnMcCabe View Post

      Is letting Windows or a browser "remember" passwords one way of thwarting key-loggers and such, or does it just speed up the typing process?
      Letting a browser like firefox save passwords is a very risky thing. There are all kinds of utilities that decrypt stored firefox password like FirePasswordViewer. Also if someone steals your laptop or has access to your computer (like at work) they can use firefox itself to see all your passwords. Letting firefox/browser or windows store your passwords is a convenience feature. If your computer is compromised in anyway it is very easy for the hacker to get all your stored passwords.

      If you want to store your passwords on your computer is would recommend one of the programs already mentioned. But like said before, these programs have one fault, the master password.
      {{ DiscussionBoard.errors[1707447].message }}
      • Profile picture of the author Dennis Gaskill
        Originally Posted by paradox_qu View Post

        Letting a browser like firefox save passwords is a very risky thing. There are all kinds of utilities that decrypt stored firefox password like FirePasswordViewer. Also if someone steals your laptop or has access to your computer (like at work) they can use firefox itself to see all your passwords. Letting firefox/browser or windows store your passwords is a convenience feature. If your computer is compromised in anyway it is very easy for the hacker to get all your stored passwords.

        If you want to store your passwords on your computer is would recommend one of the programs already mentioned. But like said before, these programs have one fault, the master password.
        That answer leads to another question... I do let Firefox keep some passwords for me, nothing critical, but a few are semi-important. If I wanted to get rid of all the login details Firefox is keeping, does clearing them from the Saved Passwords dialog actually clear them, or does it just remove them from my view? If it doesn't really remove them so they can't be retrieved, how does one get rid of them completely?
        Signature

        Just when you think you've got it all figured out, someone changes the rules.

        {{ DiscussionBoard.errors[1707777].message }}
    • Profile picture of the author Ralf Skirr
      Originally Posted by JohnMcCabe View Post

      I use a combination of Roboform for things like site log-ins and passwords. For stuff like database usernames/passwords, etc. I go the paper route.
      You could use the notes field of Roboform. Or make a passcard for the PhpMyadmin login.

      Ralf
      {{ DiscussionBoard.errors[1707739].message }}
  • Profile picture of the author jacktackett
    Thanks Paul - good stuff.

    I also highly recommend folks not link their main personal accounts to Paypal. If you're running a business it should be linked to your business checking account. That way if someone does hack paypal - all their going to drain is your business account, and not your personal checking and all the accounts they're linked to.

    You should also have all important backups copied offsite as well - and not just computer/business stuff. A safety deposit box is not that expensive folks.

    best,
    --Jack
    Signature
    Let's get Tim the kidney he needs!HELP Tim
    Mega Monster WSO for KimW http://ow.ly/4JdHm


    {{ DiscussionBoard.errors[1707843].message }}

Trending Topics