12:39 pm
January 10, 2018
Bill , the strength of the password and having unique password for each Login ID, are a more important factors than frequency of password changes ( unless you suspect they may have been compromised ).
There has been a rethinking in IT Security in forcing people to perform regular password changes because of the difficulty in making massive password changes..
i.e. they end of using weaker passwords
You always have the option to occasionally go back to a very old account and update an existing password with a stronger password ( Alfa, Numeric, Upper & Lower case, Special Characters). This technique is a lot more manageable.
regards,
Wayno
1:43 pm
September 11, 2013
Wayno, that's good to know. My online passwords are strong as I use a random bunch of alpha, numeric and special characters for every one (except for some fi's like Tangerine that restrict you) and I refer to a written sheet as they're not remember-able words. Happy not to change them if no reason.
1:57 pm
May 22, 2015
Top It Up said
JUST read the specs and a review - "In this post-Edward Snowden world, people are much more conscious about the security and privacy of their data than ever before."
No offence, dude ... but that is supreme overkill PLUS Truecrypt was shrouded in suspicion and disappeared overnight - who were those bandits?
https://www.cloudwards.net/news/truecrypts-unexpect-closure-leaves-users-confused-3775/
Top It Up, everybody knows about that article and nothing new here ... There are replacements for Trucrypt out there but I'm still using it b/c I like it. YES, there could be security holes there since it is not maintained anymore, but I haven't found a better solution yet. BTW, do you have a better approach ?
4:35 pm
December 17, 2016
Potent LastPass exploit underscores the dark side of password managers
Developers are scrambling to fix flaw that allows theft, malicious code execution.
4:38 pm
December 17, 2016
lhsaid said
BTW, do you have a better approach ?
Yeah, plain old common sense
- don’t open every email that hits your inbox just because it looks interesting
- never use unsecured WIFI
- never take files off an unknown USB jump drive or hand out your returnable jump drive
- never download and open pdf, Word or jpeg files unless you’re 132% sure
- if you use a laptop in public places make damned sure it’s never left unattended and it’s password activated
- always back-up your files
- I travel a lot - I never take a laptop, I only travel with a smartphone and a tablet - I always purchase in-country data SIM cards for internet use. I NEVER, EVER use free WIFI at airports, train stations, hotels, coffee shops, restaurants, etc.
There are lots more, if you need me to write 'em down for you.
5:27 pm
April 6, 2013
Bill said
Thanks all, I appreciate the input. But my only question is about how often I should change my password. I've got some that I've used forever, some that I've changed every year or so, …
Changing one's password regularly reduces the window for someone else to discover and use the password. That can be done by
- capturing it unencrypted from you or your computer,
- capturing it encrypted as it travels across the Internet and cracking the encryption, or
- swiping a copy of, or a backup of, the password database from the financial institution's computers and cracking its encryption or hashing.
If one changes passwords yearly, then someone needs to do one of the above within the last year to compromise the passwords. #1 is possible. #2 and #3 are not likely within the last year.
I would change the passwords that are as old as those Canada Trust Johnny Cash ATM's! Those ATM's were decades ago.
Encryption algorithms, like 56-bit DES, used back then are now vulnerable to brute force attack using our faster computers today. #2 would be possible if someone had recorded your Internet traffic back then. #3 would be possible if someone now got a hold of old backup tapes or used computer drives from the financial institution.
6:41 pm
May 22, 2015
Top It Up said
Yeah, plain old common sense
- don’t open every email that hits your inbox just because it looks interesting
- never use unsecured WIFI
- never take files off an unknown USB jump drive or hand out your returnable jump drive
- never download and open pdf, Word or jpeg files unless you’re 132% sure
- if you use a laptop in public places make damned sure it’s never left unattended and it’s password activated
- always back-up your files
- I travel a lot - I never take a laptop, I only travel with a smartphone and a tablet - I always purchase in-country data SIM cards for internet use. I NEVER, EVER use free WIFI at airports, train stations, hotels, coffee shops, restaurants, etc.There are lots more, if you need me to write 'em down for you.
My question was much simpler than stating a page of obvious things, what app/SW tool would you use to encrypt 100s of passwords ? I just looked a VeraCrypt and it looks an interesting replacement to TrueCrypt, almost same...
4:29 am
December 17, 2016
6:00 am
December 17, 2016
Bill, as to be expected, I haven't read anything here, or anywhere else for that matter, that presents any kind of argument for changing what you're already doing for your own password security - stay the course.
For the record, I use the same 4-digit code I was given with my first ATM card almost 40 years ago. In fact I like it so much I use it for my home security code, my 2 credit cards, on my smartphone, on my tablet, even the keyless entry at the cabin (the entry requires a minimum 8-digit code so I enter it twice) ... talk about 4-digits that are hardwired in the brain - it's a beauty.
8:08 am
September 11, 2013
Top It Up, that confirms my experience and view too. I'm pretty sure fi online security isn't set up so that the average person has to do the encryption or other tech procedures some folks here are doing. They just want you to safeguard from others your client id and your password and to use the usual mainstream virus, etc protection and common sense procedures re the devices you use.
3:58 pm
January 29, 2018
Top It Up said
Potent LastPass exploit underscores the dark side of password managers
Developers are scrambling to fix flaw that allows theft, malicious code execution.
Every month we find articles like this one. However, in general, they are sensationalist. Password-managers will face flaws as any other system. However, they are the best solution so far, because they fix these problems in a matter of days. Also, they are the first to alert the entire community to change the master password if there is any suspicion that the database was compromised (different from other companies such as Yahoo, Equifax, Uber, etc).
If you are concerned about these flaws, just have 2-factor authentification or/and a flash drive as an extra key. This way you added another barrier to the hacker.
There is no perfect system against hackers. However, Password Manager + 2-Factor Authentification + General security best practices will protect you against 99% of problems.
If you want to organize your financial privacy, here is a relevant interview with a specialist:
https://radicalpersonalfinance.com/461-how-to-protect-your-financial-privacy-and-keep-your-accounts-secure-interview-with-justin-carroll-from-the-complete-privacy-and-security-podcast/
4:51 pm
December 17, 2016
kallie said
If you want to organize your financial privacy, here is a relevant interview with a specialist:
https://radicalpersonalfinance.com/461-how-to-protect-your-financial-privacy-and-keep-your-accounts-secure-interview-with-justin-carroll-from-the-complete-privacy-and-security-podcast/
After reading this silliness, I'll pass on this so-called specialist -
Show me your bank statement, and I’ll tell you who you are.
How much could I learn about you knowing where you shop, where you get your morning coffee, where you fill up your car, where you eat your lunch and what kind of shops you visit? All this information can paint quite an accurate picture of you – there’s no reason to offer it up on a silver plate.
Use cash whenever you can – it’s not so hard to get used to (again).
5:37 pm
January 10, 2018
Top It Up said
...For the record, I use the same 4-digit code I was given with my first ATM card almost 40 years ago. In fact I like it so much I use it for my home security code, my 2 credit cards, on my smartphone, on my tablet, even the keyless entry at the cabin (the entry requires a minimum 8-digit code so I enter it twice) ... talk about 4-digits that are hardwired in the brain - it's a beauty.
I find it very surprising that you would reuse the same password..
5:42 pm
December 17, 2016
9:16 am
January 29, 2018
Top It Up said
After reading this silliness, I'll pass on this so-called specialist -
For the record, I use the same 4-digit code I was given with my first ATM card almost 40 years ago.
After reading your comments on the thread, I see that you are a resistant person moved by inertia. There is nothing we can do in this case. Good luck.
9:28 am
December 17, 2016
"... I see that you are a resistant person moved by inertia"
COOL!
I'm a common sense person not pulled along by malarky - your specialist believes we should all move back to cash when clearly the world is light years past that.
4-digit codes are incredibly secure in today's environment PROVIDED you're not one of those silly 0123, 0000, or 1111 types.
7:46 am
October 27, 2013
I have something like 100 online sites that I need user names and passwords for. It simply makes no sense to have 100 different passwords, so I use a Password Manager (generator) for many of them, and then half a dozen personally selected passwords I can remember for those sites which won't accept the 'setting' of a password by a Password Manager.
FWIW, it is length of password that matters more than the combination of characters.....provided one does not use well known phrases and things like ABC123 for their passwords.
Many sites will lock one out if there is more than 3 attempts and/or will ask security questions. I also never access sensitive sites in a public place or unsecured WiFi so I simply don't worry about repetitive use of passwords across sites. That is good enough for me.
Please write your comments in the forum.