passwords | General financial discussion | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
January 19, 2018
10:52 am
Bill
Member
Members
Forum Posts: 4024
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

I have a different password for every institution I have an online account with. I'd prefer to use the same password as much as possible for all institutions. Anyone have any thoughts on pros and cons? (And I'm guessing those agreements I click on "I agree" that I never read might say something about that - ?)

January 19, 2018
10:56 am
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

Any fine print I've read, just has you swearing you won't share your password with anyone else.

As for the actual password - almost every FI I've dealt with requires a unique User name and they have their own twist on passwords - all numeric, alpha-numeric, alpha-numeric with both lower and upper-case, alpha-numeric with both lower and upper-case, and a character.

January 19, 2018
11:27 am
Nehpets
Ontario
Member
Members
Forum Posts: 994
Member Since:
December 20, 2016
sp_UserOfflineSmall Offline

Bill said
I'd prefer to use the same password as much as possible for all institutions.  

The risk of doing so would come from the unlikely but possible event that one of your accounts is hacked or intercepted by a keystroke recorder.

The hacker would then try using your universal password to access any and all accounts the hacker might discover, depending on the source of the intrusion.

Current thinking recommends using the most secure form of unique password for every account you have...secure passwords should contain upper and lower case letters, along with numbers and unique characters such as $ & # etc.

The longer the password the better, perhaps 10 or 12 characters or longer, because the longer the password, the more difficult it is to crack.

Use a password generator and store your passwords in a reliable password manager or some form of password protected document such as a password protected Word Document that is regularly backed up.

Stephen

January 19, 2018
11:43 am
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

Nehpets said

The risk of doing so would come from the unlikely but possible event that one of your accounts is hacked or intercepted by a keystroke recorder.  

Bill, forget about that, and just carry on with what you're doing now.

January 19, 2018
1:02 pm
Bill
Member
Members
Forum Posts: 4024
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

Yeah, that's what I figured. It's a bit of a pain because I use (unique for every fi) passwords with random characters and I write them on a sheet I keep locked in a cabinet different than the one I've locked my user names in so I have to go get both every time I want to login somewhere (1st world problem, no different than other folks on here, I'm sure). Then I'm supposed to change them every few months or so. Plus once when I phoned an fi the csr wanted me to enter my password and I said I had to go get it and he said one of the conditions I agreed to when I set it up was I wouldn't write it down anywhere, I'm supposed to keep it in my head. For me, not such a good idea. He probably logged our conversation so if someone drains my account there they have a way to get out of covering the loss. Oh well.

January 19, 2018
2:10 pm
rhvic
Victoria, BC
Member
Members
Forum Posts: 496
Member Since:
May 28, 2013
sp_UserOfflineSmall Offline

One could have, for example, a string of say 12 characters which form the basis for most of your passwords - this string could be the same for all institutions. This string would be something memorable to you - a phrase, a set of often used numbers and letters, etc. Then, you could add to this string as a prefix, suffix, or to the middle, a set of characters which is unique for each individual institution.

So, remember the string you use for everything, and then just remember how you created the extra letters you used with that string which are unique to the institution you are now logging into.

NEVER use the exact same password for every institution! And if you do write the passwords down, careful where you put them!

Example - imagine your string is "1BigWhopper2" and you use it to log into institution XYZ by making the password 1BigWhopper2_XYZ. If you have to write this down to remember it, write only "1...2_XYZ" so no one else reading the paper knows the password.

January 19, 2018
3:22 pm
Nehpets
Ontario
Member
Members
Forum Posts: 994
Member Since:
December 20, 2016
sp_UserOfflineSmall Offline

Top It Up said
Bill, forget about that, and just carry on with what you're doing now.  

Top It Up, I must respectfully disagree with what I would characterize as irresponsible advice. Internet security is not something to be taken lightly, especially if someone may be "internet naive" as people who may lack a thorough understanding of potential online threats are the most vulnerable to being unwittingly victimized.

Using simple, or a unique password for more than one online account, especially if those accounts are online financial institutions, in the hands of a malicious intruder can be a recipe for disaster.

January 19, 2018
3:53 pm
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

"... event that one of your accounts is hacked or intercepted by a keystroke recorder"

REALLY . a keystroke recorder ...

I ain't buying what your selling.

January 19, 2018
9:03 pm
Joe
Member
Banned
Forum Posts: 207
Member Since:
June 3, 2015
sp_UserOfflineSmall Offline

Top It Up said
"... event that one of your accounts is hacked or intercepted by a keystroke recorder"

REALLY . a keystroke recorder ...

I ain't buying what your selling.  

Keystroke loggers are common in internet cafes in third world countries....usually installed by dodgy repeat customers and/or cafe operators. Furthermore, keyloggers can be remotely installed by unsecured wifi in common areas such as starbucks etc.

Tangerine....Canada's best bank. LBC.............Canada's 2nd best bank.
Hubert.....worst bank in Canada.

January 20, 2018
12:10 am
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

Still not buying it.

You're talking about circumstance and not the quality of password - if you're being picked off it makes no difference if you have a 4 character password or a 100 character password.

Let's say you do get picked off, again chances of which are slim to nil - he still has to defeat security questions and account alerts to gain full access to your account.

January 20, 2018
5:25 am
Bill
Member
Members
Forum Posts: 4024
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

Thanks, Joe. Luckily for me I don't go to 3rd world countries, internet cafes or coffee shops, and I only ever access my accounts from one wired-connection desktop in my house.

January 20, 2018
7:46 am
Nehpets
Ontario
Member
Members
Forum Posts: 994
Member Since:
December 20, 2016
sp_UserOfflineSmall Offline

To become better acquainted with the facts surrounding the real threats and issues of this topic, a Google search with the keywords passwords identity theft will return enough articles from reliable sources that provide insights into how to best protect oneself.

January 20, 2018
7:51 am
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

I'm all for security, it's when it devolves into silliness and overkill that I start rolling the eyes.

Hell, I've read where people have up to 20 characters for their smartphone passcode - well if you think you need 20, ya' probably should actually have 27.

YET for more absolute silliness, is the absolute silliness surrounding the absolute need for RFID protection in your wallet for those chip-enabled credit cards - talk about not understanding the concept.

The same people who talk of having their FI disable the contactless pay feature on their credit and debit cards are usually the same people who happily swipe their magnetic stripe cards at POS terminals in the US - oh yeah.

OH, and just for the record, I have a $5.99 productivity App, on my tablet, that just ignores password protected MS Word documents and password protected Adobe pdfs, and just opens them freely - no questions asked!

January 20, 2018
9:19 am
pepierre
Newbie
Members
Forum Posts: 2
Member Since:
January 20, 2018
sp_UserOfflineSmall Offline

Some people use Norton Identity Safe. It automatically inserts user names and passwords. IBM Security Trusteer Rapport can also protect most banking sites. Are there any concerns with such a procedure?

January 29, 2018
5:00 am
Bill
Member
Members
Forum Posts: 4024
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

How often should I change an account's online password? I know each agreement has different requirements (I've ignored them) but I'm thinking more from a security point of view, what's best for that? I'm asking the IT experts here. (I'm still using the same TD Trust ABM password I originally set up when they brought in the Johnny Cash machines, never had a whiff of an issue.) P.S. I never access my accounts except from one computer in my house.

January 29, 2018
7:10 am
Brimleychen
Member
Members
Forum Posts: 258
Member Since:
September 5, 2013
sp_UserOfflineSmall Offline

Bill said
...
P.S. I never access my accounts except from one computer in my house.  

sf-smile

I also only use one home computer for banking only. Never use it for other browsing.

For the passwords, I have a few versions by following different rules to make the passwords.

I don’t like those suggestions using random passwords. I like to use those common term to easy remember by using a rule.

How about Bitcoin2017At20K:-)

January 29, 2018
10:04 am
Nehpets
Ontario
Member
Members
Forum Posts: 994
Member Since:
December 20, 2016
sp_UserOfflineSmall Offline

Bill said
How often should I change an account's online password?  

Bill,

You're exercising due diligence in exploring these questions about computer and internet security.

I would urge you to read this CNET article The guide to password security (and why you should care) and make up your own mind as to what makes sense for your situation.

The article shares the view that password complexity is your best defense against intrusion, not necessarily frequent changes of the password, unless you have good reason to suspect your password or identity information was compromised as in the recent hacks of Equifax and other major organizations.

January 29, 2018
11:01 am
lhsaid
Member
Members
Forum Posts: 166
Member Since:
May 22, 2015
sp_UserOfflineSmall Offline

Bill, I'm using Truecrypt for this. And, I've installed a similar app called EDS that opens Truecrypt files on my Android phone. I can check/update my passwords anywhere I go on my phone or my PC.
Truecrypt is not supported/maintained anymore but EDS app supports Truecrypt files.

January 29, 2018
11:09 am
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

lhsaid said
Bill, I'm using Truecrypt for this. And, I've installed a similar app called EDS that opens Truecrypt files on my Android phone. I can check/update my passwords anywhere I go on my phone or my PC.
Truecrypt is not supported/maintained anymore but EDS app supports Truecrypt files.  

JUST read the specs and a review - "In this post-Edward Snowden world, people are much more conscious about the security and privacy of their data than ever before."

No offence, dude ... but that is supreme overkill PLUS Truecrypt was shrouded in suspicion and disappeared overnight - who were those bandits?

https://www.cloudwards.net/news/truecrypts-unexpect-closure-leaves-users-confused-3775/

January 29, 2018
11:54 am
Bill
Member
Members
Forum Posts: 4024
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

Thanks all, I appreciate the input. But my only question is about how often I should change my password. I've got some that I've used forever, some that I've changed every year or so, never had a hint of an issue anywhere since I started all this with ING way back when it started up, so I'm just wondering, from a security point of view, if I should leave well enough alone or still regularly change them up. Between my spouse and I we've got about 35 different banking passwords so it takes some time to change them all. I use no tech except for my home computer, no phone, no other connected devices.

No permission to create posts

Please write your comments in the forum.