How internet security conscious are you?

As someone who thinks and talks about security pretty much all day, everyday. Yes, Im fairly conscious of the risks
 
mrbell1984 said:
It's all well enough making passwords harder to crack but because of this people have to write them down making them wrote down in plain text...
Click to expand...

But you can't say this behavior is 100% down to the fact that they have to use a complex password, it's often down to general human nature/laziness/unwillingness to change etc.

We are creatures of habit, as has been mentioned previously people have a 'favourite' password they just stick incremental numbers on each month.

Remembering a 'complex' password is not particularly hard to do. People make it hard, like to whinge etc.

I've not had to write a single password down in x years, I'm not special, I have no photographic or even a very good memory!

Also when your place of work implemented this was there any user awareness or education issued at the same time detailing the reasons why, with maybe some examples/demonstrations?

At a company event at one particular employer we ran a little workshop/booth running some cracking software to demonstrate how easy/quick it was to crack a weak password which went down well.
 
Last edited:
asim18 said:
Though this type of plain text password emailing is a problem if your email account is compromised, just as much as other methods of password resetting.
Click to expand...

Erm, email is sent as plain text. Doesn't take much 'skillz' to fish a password out of a plaintext email, does it?

Also if your damn password is salted and hashed they won't be able to send it to you as plaintext! If it comes to you as plain text in an email I would put money on them storing it as plaintext or as a very simple and easily broken hash.
 
Last edited:
mrbell1984 said:
It's all well enough making passwords harder to crack but because of this people have to write them down making them wrote down in plain text...
.
Click to expand...

No they don't. First they can use mnemonics and remember complex passwords or a system like what I use, 1Password, and not even have to bother remembering passwords. All I need to remember and keep secure is one master password.
 
I try and be as secure as possible. I use the four words plus some additional punctuation for logins etc and try not to use the same one on different sites.

I'm also amazed at the work of some of the OCUK detectives in past threads! How does that work? I've tried to stay as anonymous on this forum as possible, but what info am I leaving behind? How is this info found out?
 
illuz said:
If I knew there was a flaw, I would not use it no. I certainly don't tick the "save my billing information for future reference" when buying stuff online...

Good tip: If you use "I have forgotten my password" and they send you the password you used at first in an email, that's a clear indicator they've stored it in plaintext and not hashed - I recommend you use a completely random password for sites like this! If someone hacks it, they've got your password plaintext...
Click to expand...

Didn't Tesco do exactly that?
 
You must log in or register to reply here.
Back
Top Bottom