Jump to content
The mkiv Supra Owners Club

Password security

Chiefgroover

By Chiefgroover
in Off Topic

 Share

Recommended Posts

DamanC Newbie

DamanC

Posted
Posted

You certainly need to know what you are doing :)

 

Passwords are the easiest and simplest ways into things. A simple password cracker is all that is needed there. People that use stupid passwords like "supra" for a supra forum need shooting! Alphanumeric with upper and lower case passwords are the way to go avoiding words that are found in dictionary's and thesaurus's.

 

Next easiest way would be things like key loggers to obtain access routes and again passwords. These normally come in the form of Virus's/malware, unless intentionally installed.

 

If you can get your head round these techniques you are 20% there :)

Link to comment
Share on other sites
The-Plethora Newbie

The-Plethora

Posted
Posted

Had a few attacks where I work. The first time we create an account or someone forgets their password we change it to Password01 and it will ask them to change it the very first time they log on, no matter how often you tell them you still get people changing it to Password02!

 

It does not have to be hard to create a tough password that wont be guessed easily, I have used a word followed by typing a memorable number such as a phone number with the shift key held down.

That way for example something like "password72936106284" becomes "password&"(£^!)^"*$" not something people are likely to guess plus its easy to remember.:)

Link to comment
Share on other sites
RedM Newbie

RedM

Posted
Posted

What are the experts thoughts on using 'live' cds for 'secure' work online.

 

I do my online banking after booting a Linux distribution from a CD image. That plus a good set of passcodes feels a lot more secure than having to use a potentially compromised computer.

Link to comment
Share on other sites
Abz Newbie

Abz

Posted
Posted

I'd recommend regular password changes, only to many times have I seen people use the same password for numbers of years! They then use only that one password for everything, then when signing up for a webpage or offer they again use the same password. If this is a bogus site or pretty unknow\they get hacked, with that one password they have access to all your accounts.

 

Change it & as mentioned by Daman & The-Plethora use a secure one with Capital letters & Symbols. :)

Link to comment
Share on other sites
stevie_b Apprentice

stevie_b

Posted
Posted
What are the experts thoughts on using 'live' cds for 'secure' work online.

 

I do my online banking after booting a Linux distribution from a CD image. That plus a good set of passcodes feels a lot more secure than having to use a potentially compromised computer.

 

Until the experts come along, I'll give my thoughts :) :

 

Using a live CD surely closes off a lot of the potential security risks, assuming the CD image is uncompromised (a reasonable assumption, much more reasonable than assuming a HDD-based OS is uncompromised :)). Hackers would need to resort to watching ethernet traffic (not feasible if the bank's website uses properly set up SSL I guess, which every bank should be doing), or relying on weak passwords (another loophole which you've closed).

 

It really annoys me when websites put certain constraints in place on passwords. Insisting on a mix of alphabetic, numeric and symbols is fine, but some insist that your password is between 6 and 10 characters long for example: seems pointless to me, and actually weakens the security a little bit.

Link to comment
Share on other sites
caseys Newbie

caseys

Posted
Posted

As said earlier nothing is 100% secure

 

Never use a public computer for anything requiring a password, nor any computer that is not securely locked away as someone can put a keylogger physically on the keyboard connection and hardly any security software or encryption will help you then.

 

Ideally don't write down any passwords, where possible use as many different passwords as you can and a mix of numbers, lower and upper case letters and symbols.

 

Oh and if any of your passwords are a word or name wih a number or a number replacing a word you're just again leaving yourself open to social engineering.

Link to comment
Share on other sites
robin Newbie

robin

Posted
Posted

A number of banks now only ask for certain letters from a password in no particular order in an effort to defeat key logging.

 

Most of it is common sense. I know people who are big team supporters and make sure everyone knows who. Then they use a secret question and answer like.. what's my favourite football team.

Link to comment
Share on other sites
stevie_b Apprentice

stevie_b

Posted
Posted
Oh and if any of your passwords are a word or name wih a number or a number replacing a word you're just again leaving yourself open to social engineering.

 

Most of it is common sense. I know people who are big team supporters and make sure everyone knows who. Then they use a secret question and answer like.. what's my favourite football team.

 

I suspect many people leave themselves open to social engineering.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. You might also be interested in our Guidelines, Privacy Policy and Terms of Use.