Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Password security across the internet
New Posts  All Forums:Forum Nav:

Password security across the internet

post #1 of 12
Thread Starter 
Yesterday I read an article on Wired (Kill the Password: Why a String of Characters Can’t Protect Us Anymore) and it got me thinking about my passwords on the many sites I visit. The article pretty much says that the current way we use passwords isn't enough to protect our information online. But I took away 2 things for me to do right now to help make my information more secure.

1. Don't use the same password across multiple sites.
2. Look at how websites handle the 'forgotten password' problem.


First number one. I wrote down a quick list of all the websites I use that require a username and password. After only a few minuets I got up to 35 different sites. And I sure as hell don't use different passwords for each. I couldn't! It would be very difficult to remember 35 unique passwords.

A solution could be to use a password manager. I found an article from earlier this year on Gizmodo (Account Hacked? These Password Managers Keep Your Everything Safe) that listed a few of these password managers. I'm going to download and try both Last Pass and 1Password.

Now to talk about how all of these sites handle forgotten passwords. In the article the author had his apple account password stolen this way. And for some sites it's stupid easy to use this work around, especially if whomever is trying to access your account has access to your Facebook profile. For instance PayPal has questions like 'Who was your first roomate?' and 'What was the name of your first pet?' To make this process more secure I'd like to turn these answers into strings of random numbers and letters. But then I'm really screwed if I can't remember my main password and now these new 'passwords'.

Do you guys have any ideas on how to make your forgotten password questions more secure? I thought about using fake information and writing it down in two places and keeping one of these pieces of paper in my wallet. So in the even that forget my main password I can still access my account as long as I have my wallet with me. Not sure what to do if my wallet gets stolen.
post #2 of 12
I dunno about security questions, but I have a trick for using multiple passwords for every account. Just make a formula that incorporates the first letter of whatever website you're on, so you only have to remember one password, but your passwords are technically different across all your accounts.
    
CPUMotherboardGraphicsRAM
i7 4770k @ 4.1 Gigabyte Z87X-UD3H Asus Radeon 7850 DirectCU II 2x8GB Corsair Dominator Platinum 
Hard DriveHard DriveHard DriveCooling
Samsung 830 128GB (OS & Programs) WD Caviar Black 500GB (Games) Seagate Barracuda 750GB (Files) Corsair H100i with SP120 Quiet Fans 
OSMonitorKeyboardPower
Windows 10 Technical Preview HP 2311x 23" (Dual Monitors) Logitech MK520 Antec TP-650 
CaseMouseAudioOther
Fractal Design Define R4 Logitech M310 Asus Xonar DG Blue Yeti USB Mic 
OtherOtherOther
Line 6 POD Studio GX Wacom Bamboo Pen Logitech C910 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 4770k @ 4.1 Gigabyte Z87X-UD3H Asus Radeon 7850 DirectCU II 2x8GB Corsair Dominator Platinum 
Hard DriveHard DriveHard DriveCooling
Samsung 830 128GB (OS & Programs) WD Caviar Black 500GB (Games) Seagate Barracuda 750GB (Files) Corsair H100i with SP120 Quiet Fans 
OSMonitorKeyboardPower
Windows 10 Technical Preview HP 2311x 23" (Dual Monitors) Logitech MK520 Antec TP-650 
CaseMouseAudioOther
Fractal Design Define R4 Logitech M310 Asus Xonar DG Blue Yeti USB Mic 
OtherOtherOther
Line 6 POD Studio GX Wacom Bamboo Pen Logitech C910 
  hide details  
Reply
post #3 of 12
There are online and offline password managers. Offline ones store your data in an encrpyted database file which is usually portable.

No matter what, there will be a single or few points of failure.

Store your ID/passwords with online password managers.
Store the reset answers in an offline file (MAKE SURE TO STORE MULTIPLE COPIES!).
Now, you have to just remember two passwords.


If you want more security, you can get a Yubikey and integrate with LastPass for 2-factor authentication: http://www.yubico.com/products/yubikey-hardware/yubikey/

There's an OCN version even. thumb.gif
Edited by DuckieHo - 11/21/12 at 11:26am
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #4 of 12
Thread Starter 
Good stuff guys. Spritanium, I knew a guy who did a similar thing. For each website he would have a phrase pertaining to that website. So like for his bank his password would be something like 'makethatmoney'. Your method is a lot easier to use though.

And thanks for the tip on Yubikey DuckieHo. I've never herd of it so I'll take a look at their website.
post #5 of 12
I've been using LastPass for quite some time now and that's what I would recommend. Even seasoned cryptologists recommend LastPass. I would suggest picking any security question(s) and letting LastPass generate the answers in the form of additional passwords. That would prevent anyone that knows you well from gaining access to your accounts.
Under The Radar
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD - Ryzen 7 1800X Asus - ROG Crosshair VI Hero Gigabyte - GeForce GTX 1080 Ti 11GB FE G.Skill - Flare X 32GB (4 x 8GB) DDR4-3200 
Hard DriveHard DriveOptical DriveCooling
Samsung - 850 Pro 512GB 2.5" SSD Western Digital - Black 6TB 3.5" 7200RPM HDD Asus - BW-12B1ST/BLK/G/AS Blu-Ray/DVD/CD Writer Corsair - H115i 104.7 CFM Liquid CPU Cooler 
OSMonitorMonitorKeyboard
Microsoft - Windows 10 Pro 64-bit Acer - G247HYL bmidx 23.8" 1080p 60Hz Acer - G247HYL bmidx 23.8" 1080p 60Hz Ducky - Shine 4 
PowerCaseMouseMouse Pad
EVGA - SuperNOVA P2 650W 80+ Platinum Certified... Corsair - Vengeance C70 (Black) ATX Mid Tower Cooler Master - Xornet Fellowes - Microban 
Audio
Realtek - ALC1220 - 7.1 Channel High Definition 
  hide details  
Reply
Under The Radar
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD - Ryzen 7 1800X Asus - ROG Crosshair VI Hero Gigabyte - GeForce GTX 1080 Ti 11GB FE G.Skill - Flare X 32GB (4 x 8GB) DDR4-3200 
Hard DriveHard DriveOptical DriveCooling
Samsung - 850 Pro 512GB 2.5" SSD Western Digital - Black 6TB 3.5" 7200RPM HDD Asus - BW-12B1ST/BLK/G/AS Blu-Ray/DVD/CD Writer Corsair - H115i 104.7 CFM Liquid CPU Cooler 
OSMonitorMonitorKeyboard
Microsoft - Windows 10 Pro 64-bit Acer - G247HYL bmidx 23.8" 1080p 60Hz Acer - G247HYL bmidx 23.8" 1080p 60Hz Ducky - Shine 4 
PowerCaseMouseMouse Pad
EVGA - SuperNOVA P2 650W 80+ Platinum Certified... Corsair - Vengeance C70 (Black) ATX Mid Tower Cooler Master - Xornet Fellowes - Microban 
Audio
Realtek - ALC1220 - 7.1 Channel High Definition 
  hide details  
Reply
post #6 of 12
Quote:
Originally Posted by PTrain View Post

Do you guys have any ideas on how to make your forgotten password questions more secure? I thought about using fake information and writing it down in two places and keeping one of these pieces of paper in my wallet. So in the even that forget my main password I can still access my account as long as I have my wallet with me. Not sure what to do if my wallet gets stolen.

How would one make the connection of something written on a piece of paper to you're forgotten password answer? Unless you wrote "My forgotten password answer for OCN is: ..... ". I would just write the answer or a hint to the answer and keep it in my wallet.

For passwords, I would use the piece of paper method as well. I usually write the password down and nothing else in a list. I use complex passwords such as dj3$sdd.Ls, for sites such as banking, paypal, ebay etc. So it's usually only about 4 hard passwords. For all other sites I use easier to remember passwords. After about a week or two I don't even need the paper, you'd be surprised how easy it is to remember long complex passwords after you've had type it in about 100 times at which point you can throw the piece of paper away. Rinse and repeat every couple of months.
Edited by nooboc2012 - 11/22/12 at 7:17pm
Bandaids
(15 items)
 
  
MotherboardGraphicsHard DriveOptical Drive
Asrock Z77 Extreme 6 GTX 580 WD 10EALX ASUS DRW 
CoolingOSMonitorMonitor
Havik 140 Windows 7 Ultimate ASUS VH228T Toshiba 32RV600A 
MonitorKeyboardPowerCase
Compaq S2021a Microsoft Wired Keyboard 600 Aero Cool Strike X 1100w Asus Antec 
MouseMouse PadAudio
Logitech MX518 Mionix Ensis 320 Creative 2.1 
  hide details  
Reply
Bandaids
(15 items)
 
  
MotherboardGraphicsHard DriveOptical Drive
Asrock Z77 Extreme 6 GTX 580 WD 10EALX ASUS DRW 
CoolingOSMonitorMonitor
Havik 140 Windows 7 Ultimate ASUS VH228T Toshiba 32RV600A 
MonitorKeyboardPowerCase
Compaq S2021a Microsoft Wired Keyboard 600 Aero Cool Strike X 1100w Asus Antec 
MouseMouse PadAudio
Logitech MX518 Mionix Ensis 320 Creative 2.1 
  hide details  
Reply
post #7 of 12
Thread Starter 
Quote:
Originally Posted by nooboc2012 View Post

How would one make the connection of something written on a piece of paper to you're forgotten password answer?

Oh yea I agree. I'm not worrying about someone stealing my wallet to access my overclock account. Or any account for that matter, so I agree that writing your forgotten password answers down on a piece of paper isn't a bad idea.
I just don't like the fact that if you had access to my facebook account (or more likely any of my friend's accounts) and therefore can see my profile you can find the answers to many of the pre-made 'forgotten password' questions that appear on other websites.


Also I've been using lastpass for a few days and I like it. It's simple to use and non intrusive. I'll be using this for a few months to see how I like it.
post #8 of 12
Quote:
Originally Posted by PTrain View Post

Quote:
Originally Posted by nooboc2012 View Post

How would one make the connection of something written on a piece of paper to you're forgotten password answer?

Oh yea I agree. I'm not worrying about someone stealing my wallet to access my overclock account. Or any account for that matter, so I agree that writing your forgotten password answers down on a piece of paper isn't a bad idea.
I just don't like the fact that if you had access to my facebook account (or more likely any of my friend's accounts) and therefore can see my profile you can find the answers to many of the pre-made 'forgotten password' questions that appear on other websites.


Also I've been using lastpass for a few days and I like it. It's simple to use and non intrusive. I'll be using this for a few months to see how I like it.

lastpass is pretty good.. and also for 'forgotten password' questions, i answer by just randomly hitting keys and dont even know what the answers are my self lol
Going to be chaep
(16 items)
 
Wife's Rig
(12 items)
 
 
CPUMotherboardGraphicsRAM
i7-3770k Gigabyte GA-Z77X-UP5 TH MSI GTX460 G.Skill TridentX 2400 2 x 4GB 
Hard DriveHard DriveOptical DriveCooling
Plextor M5p 128GB 2 x WD 500GB Blues LG Prolimatech Megahalems Rev C 
CoolingOSMonitorPower
Arctic F12 CO PWM x 2 Push/Pull Windows 7 64 bit Ultimate LG IPS235V Corsair AX850 
Case
Coolermaster HAF 912 advanced (Asia version) 
CPUMotherboardGraphicsRAM
I5-3570K Gigabyte Z68X-UD3H-B3 Inno3D Ichill GTX660 8GB G.Skill RipjawsX 1600 
Hard DriveHard DriveOptical DriveCooling
Samsung 830 128GB WD black 500GB Liteon Coolermaster Hyper 212+ EVO 
OSMonitorPowerCase
Win 7 ultimate Samsung Syncmaster 932gwe+ OCZ ZT series 550W Coolermaster 410 
CPUMotherboardRAMHard Drive
1.67Ghz Atom stock 1GB DDR2 2 x 500GB Western Digital Cavier Blacks [RAID 1] 
CoolingOSPowerCase
stock DSM3.2 [built on linux] stock stock 
OtherOther
Synology DX510 Expansion unit 5 x 1TB WD Cavier Blacks in a RAID 6 
  hide details  
Reply
Going to be chaep
(16 items)
 
Wife's Rig
(12 items)
 
 
CPUMotherboardGraphicsRAM
i7-3770k Gigabyte GA-Z77X-UP5 TH MSI GTX460 G.Skill TridentX 2400 2 x 4GB 
Hard DriveHard DriveOptical DriveCooling
Plextor M5p 128GB 2 x WD 500GB Blues LG Prolimatech Megahalems Rev C 
CoolingOSMonitorPower
Arctic F12 CO PWM x 2 Push/Pull Windows 7 64 bit Ultimate LG IPS235V Corsair AX850 
Case
Coolermaster HAF 912 advanced (Asia version) 
CPUMotherboardGraphicsRAM
I5-3570K Gigabyte Z68X-UD3H-B3 Inno3D Ichill GTX660 8GB G.Skill RipjawsX 1600 
Hard DriveHard DriveOptical DriveCooling
Samsung 830 128GB WD black 500GB Liteon Coolermaster Hyper 212+ EVO 
OSMonitorPowerCase
Win 7 ultimate Samsung Syncmaster 932gwe+ OCZ ZT series 550W Coolermaster 410 
CPUMotherboardRAMHard Drive
1.67Ghz Atom stock 1GB DDR2 2 x 500GB Western Digital Cavier Blacks [RAID 1] 
CoolingOSPowerCase
stock DSM3.2 [built on linux] stock stock 
OtherOther
Synology DX510 Expansion unit 5 x 1TB WD Cavier Blacks in a RAID 6 
  hide details  
Reply
post #9 of 12
KeePass isn't bad either, if you don't need the browser integration and like a PortableApp.
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
post #10 of 12
Can i dip my toe in here for a minute and ask a question real quick?

Since we are talking about passwords, what's the final verdict on password strength? Is a long password the best kind? And if it's "the longer the better", can someone get away with a really long password that isn't complex?

If I have a string of words that is easy for me to remember but without overly complex numbers and different caps, is that "good enough"?
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Password security across the internet