Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this10:52 am
September 11, 2013
Offline
I have a different password for every institution I have an online account with. I'd prefer to use the same password as much as possible for all institutions. Anyone have any thoughts on pros and cons? (And I'm guessing those agreements I click on "I agree" that I never read might say something about that - ?)
10:56 am
December 17, 2016
Offline
Any fine print I've read, just has you swearing you won't share your password with anyone else.
As for the actual password - almost every FI I've dealt with requires a unique User name and they have their own twist on passwords - all numeric, alpha-numeric, alpha-numeric with both lower and upper-case, alpha-numeric with both lower and upper-case, and a character.
11:27 am
December 20, 2016
Offline
Bill said
I'd prefer to use the same password as much as possible for all institutions.
The risk of doing so would come from the unlikely but possible event that one of your accounts is hacked or intercepted by a keystroke recorder.
The hacker would then try using your universal password to access any and all accounts the hacker might discover, depending on the source of the intrusion.
Current thinking recommends using the most secure form of unique password for every account you have...secure passwords should contain upper and lower case letters, along with numbers and unique characters such as $ & # etc.
The longer the password the better, perhaps 10 or 12 characters or longer, because the longer the password, the more difficult it is to crack.
Use a password generator and store your passwords in a reliable password manager or some form of password protected document such as a password protected Word Document that is regularly backed up.
Stephen
11:43 am
December 17, 2016
Offline
Nehpets said
The risk of doing so would come from the unlikely but possible event that one of your accounts is hacked or intercepted by a keystroke recorder.
Bill, forget about that, and just carry on with what you're doing now.
1:02 pm
September 11, 2013
Offline
Yeah, that's what I figured. It's a bit of a pain because I use (unique for every fi) passwords with random characters and I write them on a sheet I keep locked in a cabinet different than the one I've locked my user names in so I have to go get both every time I want to login somewhere (1st world problem, no different than other folks on here, I'm sure). Then I'm supposed to change them every few months or so. Plus once when I phoned an fi the csr wanted me to enter my password and I said I had to go get it and he said one of the conditions I agreed to when I set it up was I wouldn't write it down anywhere, I'm supposed to keep it in my head. For me, not such a good idea. He probably logged our conversation so if someone drains my account there they have a way to get out of covering the loss. Oh well.
2:10 pm
May 28, 2013
Offline
One could have, for example, a string of say 12 characters which form the basis for most of your passwords - this string could be the same for all institutions. This string would be something memorable to you - a phrase, a set of often used numbers and letters, etc. Then, you could add to this string as a prefix, suffix, or to the middle, a set of characters which is unique for each individual institution.
So, remember the string you use for everything, and then just remember how you created the extra letters you used with that string which are unique to the institution you are now logging into.
NEVER use the exact same password for every institution! And if you do write the passwords down, careful where you put them!
Example - imagine your string is "1BigWhopper2" and you use it to log into institution XYZ by making the password 1BigWhopper2_XYZ. If you have to write this down to remember it, write only "1...2_XYZ" so no one else reading the paper knows the password.
3:22 pm
December 20, 2016
Offline
Top It Up said
Bill, forget about that, and just carry on with what you're doing now.
Top It Up, I must respectfully disagree with what I would characterize as irresponsible advice. Internet security is not something to be taken lightly, especially if someone may be "internet naive" as people who may lack a thorough understanding of potential online threats are the most vulnerable to being unwittingly victimized.
Using simple, or a unique password for more than one online account, especially if those accounts are online financial institutions, in the hands of a malicious intruder can be a recipe for disaster.
3:53 pm
December 17, 2016
Offline
"... event that one of your accounts is hacked or intercepted by a keystroke recorder"
REALLY . a keystroke recorder ...
I ain't buying what your selling.
9:03 pm
June 3, 2015
Offline
Top It Up said
"... event that one of your accounts is hacked or intercepted by a keystroke recorder"REALLY . a keystroke recorder ...
I ain't buying what your selling.
Keystroke loggers are common in internet cafes in third world countries....usually installed by dodgy repeat customers and/or cafe operators. Furthermore, keyloggers can be remotely installed by unsecured wifi in common areas such as starbucks etc.
Tangerine....Canada's best bank. LBC.............Canada's 2nd best bank.
Hubert.....worst bank in Canada.
12:10 am
December 17, 2016
Offline
Still not buying it.
You're talking about circumstance and not the quality of password - if you're being picked off it makes no difference if you have a 4 character password or a 100 character password.
Let's say you do get picked off, again chances of which are slim to nil - he still has to defeat security questions and account alerts to gain full access to your account.
5:25 am
September 11, 2013
Offline
Thanks, Joe. Luckily for me I don't go to 3rd world countries, internet cafes or coffee shops, and I only ever access my accounts from one wired-connection desktop in my house.
7:46 am
December 20, 2016
Offline
To become better acquainted with the facts surrounding the real threats and issues of this topic, a Google search with the keywords passwords identity theft will return enough articles from reliable sources that provide insights into how to best protect oneself.
7:51 am
December 17, 2016
Offline
I'm all for security, it's when it devolves into silliness and overkill that I start rolling the eyes.
Hell, I've read where people have up to 20 characters for their smartphone passcode - well if you think you need 20, ya' probably should actually have 27.
YET for more absolute silliness, is the absolute silliness surrounding the absolute need for RFID protection in your wallet for those chip-enabled credit cards - talk about not understanding the concept.
The same people who talk of having their FI disable the contactless pay feature on their credit and debit cards are usually the same people who happily swipe their magnetic stripe cards at POS terminals in the US - oh yeah.
OH, and just for the record, I have a $5.99 productivity App, on my tablet, that just ignores password protected MS Word documents and password protected Adobe pdfs, and just opens them freely - no questions asked!
9:19 am
January 20, 2018
Offline
Some people use Norton Identity Safe. It automatically inserts user names and passwords. IBM Security Trusteer Rapport can also protect most banking sites. Are there any concerns with such a procedure?
5:00 am
September 11, 2013
Offline
How often should I change an account's online password? I know each agreement has different requirements (I've ignored them) but I'm thinking more from a security point of view, what's best for that? I'm asking the IT experts here. (I'm still using the same TD Trust ABM password I originally set up when they brought in the Johnny Cash machines, never had a whiff of an issue.) P.S. I never access my accounts except from one computer in my house.
7:10 am
September 5, 2013
Offline
Bill said
...
P.S. I never access my accounts except from one computer in my house.
I also only use one home computer for banking only. Never use it for other browsing.
For the passwords, I have a few versions by following different rules to make the passwords.
I don’t like those suggestions using random passwords. I like to use those common term to easy remember by using a rule.
How about Bitcoin2017At20K:-)
10:04 am
December 20, 2016
Offline
Bill said
How often should I change an account's online password?
Bill,
You're exercising due diligence in exploring these questions about computer and internet security.
I would urge you to read this CNET article The guide to password security (and why you should care) and make up your own mind as to what makes sense for your situation.
The article shares the view that password complexity is your best defense against intrusion, not necessarily frequent changes of the password, unless you have good reason to suspect your password or identity information was compromised as in the recent hacks of Equifax and other major organizations.
11:01 am
May 22, 2015
Offline
Bill, I'm using Truecrypt for this. And, I've installed a similar app called EDS that opens Truecrypt files on my Android phone. I can check/update my passwords anywhere I go on my phone or my PC.
Truecrypt is not supported/maintained anymore but EDS app supports Truecrypt files.
11:09 am
December 17, 2016
Offline
lhsaid said
Bill, I'm using Truecrypt for this. And, I've installed a similar app called EDS that opens Truecrypt files on my Android phone. I can check/update my passwords anywhere I go on my phone or my PC.
Truecrypt is not supported/maintained anymore but EDS app supports Truecrypt files.
JUST read the specs and a review - "In this post-Edward Snowden world, people are much more conscious about the security and privacy of their data than ever before."
No offence, dude ... but that is supreme overkill PLUS Truecrypt was shrouded in suspicion and disappeared overnight - who were those bandits?
https://www.cloudwards.net/news/truecrypts-unexpect-closure-leaves-users-confused-3775/
11:54 am
September 11, 2013
Offline
Thanks all, I appreciate the input. But my only question is about how often I should change my password. I've got some that I've used forever, some that I've changed every year or so, never had a hint of an issue anywhere since I started all this with ING way back when it started up, so I'm just wondering, from a security point of view, if I should leave well enough alone or still regularly change them up. Between my spouse and I we've got about 35 different banking passwords so it takes some time to change them all. I use no tech except for my home computer, no phone, no other connected devices.
Please write your comments in the forum.