Stupid Password Tricks

Scott Catron

True Artisan
Super Moderator
I get it. Good passwords=better security. But with the password rules on some sites, I'm never going to remember the password. So I'll send an email to myself with the the site and password so I can look it up. How safe is that?

This is one example:

Password must be:
At least 8 characters.
Must contain all of the following:
Upper case letters (A-Z)
Lower case letters (a-z)
Numbers (0-9)
Symbols (# @ &, etc)
At least one symbol should be present within the first 7 characters.
 
B

bigqman

Steven Wright says it best, Scott! Password = theme and variations on our kids names and birthdays. How safe is that? Drive our poor IT folks nuts with such an approach!
 
P

PaulJSmith

I suspect most people do something similar. I do. Mine is almost always some variation of the same theme; whether or not it involves capitals, numbers, or special characters, that's pretty much the extent of variations for me.

The ones that get my underwear bunched are the sites that have specific requirements, but don't bother sharing those requirements with you until after your first failed attempt. :mad: I can frequently be seen flailing my arms and exclaiming, "You could have just told me that upfront!"
 

Miner

Forum Moderator
Leader
Admin
I have used the following approach for several years and find that it works well:

1. Start with a sentence that you can easily remember. It's even better if you can associate it with the site.
Example: There is nothing impossible to him who will try.

2. Take the first letter from each word:
tinithwwt

3. Change some to special characters where it makes sense (e.g., i = 1 or ! or |, to = 2, o = 0, a = @, and = &, s = $, per = %)
t1n|2hww

4. Change a few letters to caps.
t1N|2hwwT

You now have a strong password that is relatively easy to remember.
 
Last edited:

normzone

Trusted Information Resource
My gripe is sites that don't inform you up front that you cannot re-use a password that you used a few iterations ago, until after you've entered it twice and updated all their security questions, THEN they let you know that's not permitted.

GIDEP is worse - they won't let you use something that is a derivative of an earlier password, but they won't tell you that. You have to talk to tech support in order to learn that if you used [thatdamnpassword] long ago and are now trying to use [anotherdamnpassword] now, that the system will not permit it.

If you need to hack my systems, you can begin with curses - my patience is wearing thin ... :bonk:
 

Marc

Fully vaccinated are you?
Leader
.... So I'll send an email to myself with the the site and password ....
True very recent story - Wore out a couple pair of jeans so I went online and ordered 2 pair. Emails back and forth confirming and all that including delivery by UPS information. About 11.30 of the morning of the expected delivery date I got an email from (supposedly) UPS saying they could not deliver. The email had 2 attachments, said to print them out and take them to my local US store to pick up the package. So - I opened one attachment and it was a weird template for something in Word. It was then I knew it was some type of malware. I had been had. Luckily I was on a Mac and nothing happened. UPS delivered the package a couple of hours later.

As luck would have it I was reading an article on Ars about the Podestra failure. One of the commenters there, in response to someone talking about email security, said: "If you want to find out about email security, get a WoW account. Make a character, get some game points, some good weapons and such, and then email password and account information to yourself. It won't take long and your account will be hacked."

The guys point was an email which passes through a couple of nodes has a good chance of being intercepted and read.

I'm not a paranoid sort until recently. The UPS email to me could have been "luck", but it freaked me out a bit. I was expecting a UPS delivery that day and low and behold I get a spear phishing email.

Food for thought...
 

normzone

Trusted Information Resource
Have you tried to use a password manager?

No, I've not. I guess I'm old school - I only recently got comfortable with writing down logins and passwords - I always felt it should be pure memory, but those days are past.

Let me guess ... a password manager is a tool that correlates all that stuff for you, and you use a ... password - to engage with it. Not a bad idea ...

:lol:
 

JeantheBigone

Quite Involved in Discussions
This trick has worked well for me:

Remember a life event, like

I got married September 6

Igm-S06

My father died August 10

mFdAug10!

Easy to remember and reasonably strong.
 

Ronen E

Problem Solver
Moderator
True very recent story - Wore out a couple pair of jeans so I went online and ordered 2 pair. Emails back and forth confirming and all that including delivery by UPS information. About 11.30 of the morning of the expected delivery date I got an email from (supposedly) UPS saying they could not deliver. The email had 2 attachments, said to print them out and take them to my local US store to pick up the package. So - I opened one attachment and it was a weird template for something in Word. It was then I knew it was some type of malware. I had been had. Luckily I was on a Mac and nothing happened. UPS delivered the package a couple of hours later.

As luck would have it I was reading an article on Ars about the Podestra failure. One of the commenters there, in response to someone talking about email security, said: "If you want to find out about email security, get a WoW account. Make a character, get some game points, some good weapons and such, and then email password and account information to yourself. It won't take long and your account will be hacked."

The guys point was an email which passes through a couple of nodes has a good chance of being intercepted and read.

I'm not a paranoid sort until recently. The UPS email to me could have been "luck", but it freaked me out a bit. I was expecting a UPS delivery that day and low and behold I get a spear phishing email.

Food for thought...

I use Gmail and their phishing / spam filters are quite effective. So effective that once in a while they spam-flag an important message I'm waiting for. So here I am, browsing the spam folder ever so often. Who knows how many real, important messages I've missed over the years... took me a while to get into the habit of monitoring the spam folder.
 
Top Bottom