passwords | Page 2 | General financial discussion | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
January 29, 2018
12:39 pm
Wayno
Member
Members
Forum Posts: 100
Member Since:
January 10, 2018
sp_UserOfflineSmall Offline

Bill , the strength of the password and having unique password for each Login ID, are a more important factors than frequency of password changes ( unless you suspect they may have been compromised ).
There has been a rethinking in IT Security in forcing people to perform regular password changes because of the difficulty in making massive password changes..
i.e. they end of using weaker passwords

You always have the option to occasionally go back to a very old account and update an existing password with a stronger password ( Alfa, Numeric, Upper & Lower case, Special Characters). This technique is a lot more manageable.

regards,

Wayno

January 29, 2018
1:43 pm
Bill
Member
Members
Forum Posts: 4024
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

Wayno, that's good to know. My online passwords are strong as I use a random bunch of alpha, numeric and special characters for every one (except for some fi's like Tangerine that restrict you) and I refer to a written sheet as they're not remember-able words. Happy not to change them if no reason.

January 29, 2018
1:57 pm
lhsaid
Member
Members
Forum Posts: 166
Member Since:
May 22, 2015
sp_UserOfflineSmall Offline

Top It Up said

JUST read the specs and a review - "In this post-Edward Snowden world, people are much more conscious about the security and privacy of their data than ever before."

No offence, dude ... but that is supreme overkill PLUS Truecrypt was shrouded in suspicion and disappeared overnight - who were those bandits?

https://www.cloudwards.net/news/truecrypts-unexpect-closure-leaves-users-confused-3775/  

Top It Up, everybody knows about that article and nothing new here ... There are replacements for Trucrypt out there but I'm still using it b/c I like it. YES, there could be security holes there since it is not maintained anymore, but I haven't found a better solution yet. BTW, do you have a better approach ?

January 29, 2018
2:16 pm
kallie
Member
Members
Forum Posts: 4
Member Since:
January 29, 2018
sp_UserOfflineSmall Offline

Just to add my 2 cents to the thread.

I use LastPass for managing my passwords and Authy for 2-factor Authentification. Very convenient and easy to set up.

I like the family account from LastPass. You can setup an emergency access if something happens to you.

January 29, 2018
4:35 pm
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

Potent LastPass exploit underscores the dark side of password managers

Developers are scrambling to fix flaw that allows theft, malicious code execution.

https://arstechnica.com/information-technology/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/

January 29, 2018
4:38 pm
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

lhsaid said

BTW, do you have a better approach ?  

Yeah, plain old common sense

- don’t open every email that hits your inbox just because it looks interesting
- never use unsecured WIFI
- never take files off an unknown USB jump drive or hand out your returnable jump drive
- never download and open pdf, Word or jpeg files unless you’re 132% sure
- if you use a laptop in public places make damned sure it’s never left unattended and it’s password activated
- always back-up your files
- I travel a lot - I never take a laptop, I only travel with a smartphone and a tablet - I always purchase in-country data SIM cards for internet use. I NEVER, EVER use free WIFI at airports, train stations, hotels, coffee shops, restaurants, etc.

There are lots more, if you need me to write 'em down for you.

January 29, 2018
5:27 pm
Norman1
Member
Members
Forum Posts: 7198
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

Bill said
Thanks all, I appreciate the input. But my only question is about how often I should change my password. I've got some that I've used forever, some that I've changed every year or so, …

Changing one's password regularly reduces the window for someone else to discover and use the password. That can be done by

  1. capturing it unencrypted from you or your computer,
  2. capturing it encrypted as it travels across the Internet and cracking the encryption, or
  3. swiping a copy of, or a backup of, the password database from the financial institution's computers and cracking its encryption or hashing.

If one changes passwords yearly, then someone needs to do one of the above within the last year to compromise the passwords. #1 is possible. #2 and #3 are not likely within the last year.

I would change the passwords that are as old as those Canada Trust Johnny Cash ATM's! Those ATM's were decades ago.

Encryption algorithms, like 56-bit DES, used back then are now vulnerable to brute force attack using our faster computers today. #2 would be possible if someone had recorded your Internet traffic back then. #3 would be possible if someone now got a hold of old backup tapes or used computer drives from the financial institution.

January 29, 2018
6:41 pm
lhsaid
Member
Members
Forum Posts: 166
Member Since:
May 22, 2015
sp_UserOfflineSmall Offline

Top It Up said

Yeah, plain old common sense

- don’t open every email that hits your inbox just because it looks interesting
- never use unsecured WIFI
- never take files off an unknown USB jump drive or hand out your returnable jump drive
- never download and open pdf, Word or jpeg files unless you’re 132% sure
- if you use a laptop in public places make damned sure it’s never left unattended and it’s password activated
- always back-up your files
- I travel a lot - I never take a laptop, I only travel with a smartphone and a tablet - I always purchase in-country data SIM cards for internet use. I NEVER, EVER use free WIFI at airports, train stations, hotels, coffee shops, restaurants, etc.

There are lots more, if you need me to write 'em down for you.  

My question was much simpler than stating a page of obvious things, what app/SW tool would you use to encrypt 100s of passwords ? I just looked a VeraCrypt and it looks an interesting replacement to TrueCrypt, almost same...

January 30, 2018
4:29 am
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

I'm still trying to process why an individual has 100s of passwords that need encrypting.

January 30, 2018
4:43 am
lhsaid
Member
Members
Forum Posts: 166
Member Since:
May 22, 2015
sp_UserOfflineSmall Offline

Top It Up said
I'm still trying to process why an individual has 100s of passwords that need encrypting.  

Simple, each website, each bank has a different password. Even if you only have,let 's say, 10, there is no way I can remember them all.

January 30, 2018
6:00 am
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

Bill, as to be expected, I haven't read anything here, or anywhere else for that matter, that presents any kind of argument for changing what you're already doing for your own password security - stay the course.

For the record, I use the same 4-digit code I was given with my first ATM card almost 40 years ago. In fact I like it so much I use it for my home security code, my 2 credit cards, on my smartphone, on my tablet, even the keyless entry at the cabin (the entry requires a minimum 8-digit code so I enter it twice) ... talk about 4-digits that are hardwired in the brain - it's a beauty.

January 30, 2018
8:08 am
Bill
Member
Members
Forum Posts: 4024
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

Top It Up, that confirms my experience and view too. I'm pretty sure fi online security isn't set up so that the average person has to do the encryption or other tech procedures some folks here are doing. They just want you to safeguard from others your client id and your password and to use the usual mainstream virus, etc protection and common sense procedures re the devices you use.

January 30, 2018
3:58 pm
kallie
Member
Members
Forum Posts: 4
Member Since:
January 29, 2018
sp_UserOfflineSmall Offline

Top It Up said
Potent LastPass exploit underscores the dark side of password managers

Developers are scrambling to fix flaw that allows theft, malicious code execution.

https://arstechnica.com/information-technology/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/

Every month we find articles like this one. However, in general, they are sensationalist. Password-managers will face flaws as any other system. However, they are the best solution so far, because they fix these problems in a matter of days. Also, they are the first to alert the entire community to change the master password if there is any suspicion that the database was compromised (different from other companies such as Yahoo, Equifax, Uber, etc).

If you are concerned about these flaws, just have 2-factor authentification or/and a flash drive as an extra key. This way you added another barrier to the hacker.

There is no perfect system against hackers. However, Password Manager + 2-Factor Authentification + General security best practices will protect you against 99% of problems.

If you want to organize your financial privacy, here is a relevant interview with a specialist:
https://radicalpersonalfinance.com/461-how-to-protect-your-financial-privacy-and-keep-your-accounts-secure-interview-with-justin-carroll-from-the-complete-privacy-and-security-podcast/

January 30, 2018
4:51 pm
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

kallie said

If you want to organize your financial privacy, here is a relevant interview with a specialist:
https://radicalpersonalfinance.com/461-how-to-protect-your-financial-privacy-and-keep-your-accounts-secure-interview-with-justin-carroll-from-the-complete-privacy-and-security-podcast/  

After reading this silliness, I'll pass on this so-called specialist -

Show me your bank statement, and I’ll tell you who you are.

How much could I learn about you knowing where you shop, where you get your morning coffee, where you fill up your car, where you eat your lunch and what kind of shops you visit? All this information can paint quite an accurate picture of you – there’s no reason to offer it up on a silver plate.

Use cash whenever you can – it’s not so hard to get used to (again).

January 30, 2018
5:37 pm
Wayno
Member
Members
Forum Posts: 100
Member Since:
January 10, 2018
sp_UserOfflineSmall Offline

Top It Up said
...For the record, I use the same 4-digit code I was given with my first ATM card almost 40 years ago. In fact I like it so much I use it for my home security code, my 2 credit cards, on my smartphone, on my tablet, even the keyless entry at the cabin (the entry requires a minimum 8-digit code so I enter it twice) ... talk about 4-digits that are hardwired in the brain - it's a beauty.  

I find it very surprising that you would reuse the same password..

January 30, 2018
5:42 pm
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

WHY - first and foremost you gotta' crack the code - and good luck with that.

January 31, 2018
9:16 am
kallie
Member
Members
Forum Posts: 4
Member Since:
January 29, 2018
sp_UserOfflineSmall Offline

Top It Up said
After reading this silliness, I'll pass on this so-called specialist -
For the record, I use the same 4-digit code I was given with my first ATM card almost 40 years ago.

After reading your comments on the thread, I see that you are a resistant person moved by inertia. There is nothing we can do in this case. Good luck.sf-wink

January 31, 2018
9:28 am
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

"... I see that you are a resistant person moved by inertia"

COOL!

I'm a common sense person not pulled along by malarky - your specialist believes we should all move back to cash when clearly the world is light years past that.

4-digit codes are incredibly secure in today's environment PROVIDED you're not one of those silly 0123, 0000, or 1111 types.

February 20, 2018
7:46 am
AltaRed
BC Interior
Member
Members
Forum Posts: 3145
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

I have something like 100 online sites that I need user names and passwords for. It simply makes no sense to have 100 different passwords, so I use a Password Manager (generator) for many of them, and then half a dozen personally selected passwords I can remember for those sites which won't accept the 'setting' of a password by a Password Manager.

FWIW, it is length of password that matters more than the combination of characters.....provided one does not use well known phrases and things like ABC123 for their passwords.

Many sites will lock one out if there is more than 3 attempts and/or will ask security questions. I also never access sensitive sites in a public place or unsecured WiFi so I simply don't worry about repetitive use of passwords across sites. That is good enough for me.

February 20, 2018
4:13 pm
mmlt
Member
Members
Forum Posts: 168
Member Since:
February 4, 2017
sp_UserOfflineSmall Offline

I don't worry about passwords so much if I am able to use 2FA. Preferably google auth, authy, or the less secure Sms.
Sadly, not many banks have 2fa options.
UFA via Yubikey or other is the best option but still not implemented much.

No permission to create posts

Please write your comments in the forum.