Online Password security discussion

Status
Not open for further replies.

manveruppd

manveruppd

manveruppd

Associate
Joined
24 Feb 2004
Posts
1,083
Location
Leeds/Cyprus
Obviously, it's safest to have a different password for everything (I'm talking about stuff like Paypal, Steam, any corporation that holds your credit card details obviously, not minor things like forums where you won't lose anything much except your dignity if they're compromised) so that if one account is compromised, you won't lose everything.

But then the problem for me is that I keep forgetting them if I have a different one for each site. The last 3 times I had to log into Steam, for instance (I've got my login credentials saved, but once every few weeks it asks me to re-enter my password for some reason), I ended up having to reset my password, and it got me thinking - what if the email address I had registered on Steam had been compromised, and clicking "reset my password" had just sent the hackers a free gift of hundreds of £s worth of games?

That got me to delete every email in my account that contained my login credentials for any website I'm on. I thought that the best compromise might be to keep a little book to write them down in, and keep that safe somewhere, low tech as it sounds, as the likelihood of my flat being burgled is (slightly) lower than of my Gmail account being hacked.

So what's your favourite method for remembering things and keeping them safe? Do you have the same password for every site? Do you rely on your browser remembering them for you (and need to reset them whenever that info has been cleared)? Or do you just have superhuman brains and remember them all by heart? :)
 
I use a few different passwords depending on which sites/services I'm using.

For sites that my family might be interested in I use one series of passwords that won't be used for anything else. That way I can share the passwords with them without worrying about giving away the password to something more private.

For pretty much everything else I have a series of passwords that I won't share with anyone.

Then I have a series of passwords for dodgy sites (interpret that however you like). These will bear no resemblance to any of the passwords in the previous two categories. These sites will be linked to unused email accounts. That way I don't need to worry too much about someone gaining access to my account as it's not connected to anything important.


Obviously, if someone wanted to break into my accounts I'm sure they could but I think this system makes it a little bit trickier.



The only time I have trouble remembering passwords is when a site insists I use X amount of letters/numbers/symbols/upper case/lower case characters. It just makes it harder to pick something memorable.
 
A handful of different passwords depending on how important something is.
I wouldnt use the same password on my steam account as i would on a forum.
 
tntcoder said:
Keepass + Dropbox is as good as anything :) Assuming your master password is good enough.
Click to expand...

Yep, been using this combo for a year or so now. Keepass clients are available for all platforms, so PC and Android app ensure I always have access to the master file on Dropbox.
 
I used to have one or two passwords over multiple places but now I always, ALWAYS have a unique password for every new account I make. It's only forum logins where I've kept the same one really.

I do have a system where passwords now are as long and unique as I can get but the make up of each is essentially the same.

I hate places which place stupid limits on password like having no symbols or "must be between X to X characters long". The more restrictive the terms, the more I forget what ridiculously easy password I added in!

Banks seem to be guilty of doing that, but they have the "memorable information" phrases and questions on top of that.
 
tntcoder said:
Keepass + Dropbox is as good as anything :) Assuming your master password is good enough.
Click to expand...

interesting, I'll look into that! I assume that the master file is encrypted securely enough that it's unlikely that a piece of malware that crawls your hard disk for passwords would be able to break it?
 
Kemik said:
You'd hope so :p
Click to expand...

Awww.... :( So it's not?

That's kinda why I was thinking of "write them down, keep it safe" instead. Of course then you'd have to type them in so you're exposing yourself to keyloggers, so I guess neither paper nor electronic storage is safe :(
 
Here's the problem I have with passwords, I don't want to remember a different password for each website but I also don't want to lose all of my accounts if one website is compromised. I'm also not a fan of 'putting all my eggs in one basket' or copying and pasting passwords from lists as it is time consuming and cannot be accessed from everywhere, so here is my solution:

Firstly I pick a word, the more vowels the better
saxophone
then change it in a memorable way by adding something
saxomaphone
then replace a's e's o's and i's with numbers
s4x0m4ph0n3
this is quite common though so shift the numbers forward or backwards so if I shifted them forward 1 you would end up with
s5x1m5ph1n4
now you have quite a secure password but you can't use it for all sites so simply add a word or abbreviation of the website so for example OCUK would be appended as 1CUK so you end up with
s5x1m5ph1n41cuk

It is surprisingly easy to get used to typing the password and easy enough to remember to append the right site's name.

Obviously it is not 100% foolproof but it is secure and the password cannot be automatically used to log into other websites if one site is compromised.
 
Last edited:
Status
Not open for further replies.
Back
Top Bottom