Soldato
- Joined
- 10 Jun 2010
- Posts
- 5,158
- Location
- Scotland
I thought Google Mail would have been secure? No?
Protect you Apple ID, I mean it!
- Thread starter zYx
- Start date
I thought Google Mail would have been secure? No?
The Apple Store, last time I checked at least, works on generated and completely unsecure session IDs. Meaning, if you link someone to the log in page, and they log in with that link, you are then in their account. Ridiculous. I don't know if it works the other way (they log in then link you to a page that uses the ID on the site).
So make sure you don't do these...and make sure you haven't been linked.
So make sure you don't do these...and make sure you haven't been linked.
The problem is buddy, when if you log into your account then so can someone else theoretically.
Say I run a small blog for tech news and you signup with it. I take your email address and a password and don't store it very securely. A few weeks later someone steals that database and unlocks all the passwords in it.
They would have your email account (perhaps a gmail) and a password. If that is the same password as the one you have used for your gmail then I could just log in as you, see which other websites you have signed up with and reset all the password and wait on your gmail for those password reset emails to roll in.
Literally every password system on the web relies on a simple idea of only you knowing your password. It could be completely secure from googles security view point but a correct password is a correct password and I would be allowed in.
Using a separate password for all your logins is the safest way to go as you won't find anyone hacking your valuable accounts as all those websites will have good security (at least you would hope so).
I use a handy free little program called KeePass, no way could I remember a password like that in my head.
EDIT: There's a mac version also, look up 'KeepassX'
+1, also use KeePass to generate and store all of my passwords. Windows, Mac, iOS and Android versions available. Keep the password file on Dropbox and you have access everywhere.
I've found it easy over the years to create passwords as i add to original ones creating long ones that are stuck in my brain. Years ago I started with numbers & a word but over the years more & more words are added creating one big **** of a password that i remember, Works for me. 
Associate
- Joined
- 13 Aug 2010
- Posts
- 397
i removed my credit card from the account a long time ago, if i ever want to buy anything i just buy a voucher from tescos and load it up, they can only nick £15 then not thousands!
Soldato
- Joined
- 4 Jan 2004
- Posts
- 20,802
- Location
- ¯\_(ツ)_/¯
I just remove my card details from my account instead. If someone does hack into my account they can't really buy anything anyway since no card details are held on there. Secondly and most importantly, it stops me buying random silly apps! If I do find a particular app I want to buy, I just put my card details in, buy it, then remove them again.
For years I use a program that generate random, but pronuncable passwords; that way you eventually "learn" them as you use them, and I end up remembering quite a few now for websites/accounts I use often.
I put them all into a "vault" application I wrote many years ago that uses 4096 bits encryption, because, well, I don't necessarily trust a third party developer to keep all my password either
Example password I generate (with the phonetics) AgadFequean9 (Ag-ad-Fe-quean-NINE)
I put them all into a "vault" application I wrote many years ago that uses 4096 bits encryption, because, well, I don't necessarily trust a third party developer to keep all my password either
Example password I generate (with the phonetics) AgadFequean9 (Ag-ad-Fe-quean-NINE)
I've been using 1Password on a trial for a few days now and love it I'd love to change all my passwords to a 16 character generated password BUT...
What happens when you're using someone elses computer and you need to login? Obviously - there is no way I'm going to remember 16 characters... What do you guys do?
I'd love to change all my passwords to a 16 character generated password BUT...What happens when you're using someone elses computer and you need to login? Obviously - there is no way I'm going to remember 16 characters... What do you guys do?
KeePass downloads (for iOS/OSX amongst others) here http://keepass.info/download.html
I've been using 1Password on a trial for a few days now and love it
What happens when you're using someone elses computer and you need to login? Obviously - there is no way I'm going to remember 16 characters... What do you guys do?
Use memorable passwords and then variations of them.
So for example, maybe you want a secure 16 digit password for your online shops. Use the lyrics for a song, a date, the name of a pet, punctuation and case sensitivity.
Song lyrics: There is a house in New Orleans (house of the rising sun).
Date: 1066
Pet: Doug
Punctuation: !#)
Case sensitivity
and you get = TiaHiNO66!#)dOug
For other online stores use variations of the above. Example: dOug)#!66TiaHiNO and so on so forth. Keep the password the same, just mix and mash the order. The password is always the same so it's drilled into your head. Only the order changes.
For less important passwords, use a shorter string with a similar scheme and mix and mash. Use them enough and you'll retain them like phone numbers.
At least that's what I do. I have a 12 string password for my online shops (which is about 8 - 10 stores) and use variations of the same string. For less important logins, like this forum, a junk email account and twitter stuff, I use a longer string, but it's simpler and doesn't use case sensitivity.
I've been using 1Password on a trial for a few days now and love it
What happens when you're using someone elses computer and you need to login? Obviously - there is no way I'm going to remember 16 characters... What do you guys do?
I carry my iPhone which has the 1password app so I can look up the passwords there or I log onto my dropbox using the web interface and there's a 1password front end there as well.