Password Security & Implications?

[smogsy]

Hi all,

I personally do not use any password managers & think that password managers are a a very bad idea. However i use my brain to create unique password combinations for every single site/service.

upon doing so i have found that sites that should have very high security infrastructure is lacking. For Example

Some Banks
Does not allow Symbols

Paypal
has max limit for 13 characters when creating a password
But using their login service Through a site to purchase an item allows 13+?
essentially locking people's accounts.

Many other services
Have Different A-Z 0-9 Limits.
Length Limits

I know this down to how they encrypt the data, Or NOT in some cases.

my questions are:
Should Banks be forced to support symbols? as they increase security ten fold

Should their be a global standard any Payment site should follow?
Eg
Character limit 25
Characters allowed All, Including Symbols
Must use SHA-256bit encryption

Just curious on your thoughts

 

[smogsy]

very true, but you cant use that on almost any site as length limit is so low. most site only allow 12-16

 

[smogsy]

Out of interest why do you think Password Managers are a very bad idea? Anyone with enough access to your system to see the password database when its open is probably already in a position to see what your typing anyway so you're still insecure even without the password manager.

But to answer your question, it does annoy me when sites have rules for secure passwords especially when the rules sometimes mean they ban a good password while allowing an insecure one. I generate a unique 40 character password for each site, made up of just lower and upper case letters. One site disallowed one of those passwords, but let me have "password0" because the requirement was that a password must have at least 1 number. I don't think any rules should be enforced with regards to what password you chose. Let people use whatever password they want but have notices about "We strongly advise that you pick a password with 2 symbols, 1 number" etc. Algorithms used for encryption are already standardized in industry I think, or they should be.

because managing passwords with another piece of software seems pretty flawed to me. your securing a password with another password when you boil it down to the root.

yes you can have a master secure password,
One Extreme example

Hacking group takes over X password manager, updates it to listen to master password entry.

Next time you enter your master password, every password is affected.

yes this is an extreme example, but to me its very much like putting all your eggs in one basket to me.

lose the middleman & use your brain as your password manager? its not hard. I use Muscle Memory

i would like universal password rules though as an example

Password max of 30 Characters
Any Letter/Number/Symbol
Must have a Number
must use 2 factor authentication