Stupid Password Tricks

Scott Catron

True Artisan
Super Moderator
#1
I get it. Good passwords=better security. But with the password rules on some sites, I'm never going to remember the password. So I'll send an email to myself with the the site and password so I can look it up. How safe is that?

This is one example:

Password must be:
At least 8 characters.
Must contain all of the following:
Upper case letters (A-Z)
Lower case letters (a-z)
Numbers (0-9)
Symbols (# @ &, etc)
At least one symbol should be present within the first 7 characters.
 
Elsmar Forum Sponsor
B

bigqman

#2
Steven Wright says it best, Scott! Password = theme and variations on our kids names and birthdays. How safe is that? Drive our poor IT folks nuts with such an approach!
 
P

PaulJSmith

#3
I suspect most people do something similar. I do. Mine is almost always some variation of the same theme; whether or not it involves capitals, numbers, or special characters, that's pretty much the extent of variations for me.

The ones that get my underwear bunched are the sites that have specific requirements, but don't bother sharing those requirements with you until after your first failed attempt. :mad: I can frequently be seen flailing my arms and exclaiming, "You could have just told me that upfront!"
 

Miner

Forum Moderator
Staff member
Admin
#4
I have used the following approach for several years and find that it works well:

1. Start with a sentence that you can easily remember. It's even better if you can associate it with the site.
Example: There is nothing impossible to him who will try.

2. Take the first letter from each word:
tinithwwt

3. Change some to special characters where it makes sense (e.g., i = 1 or ! or |, to = 2, o = 0, a = @, and = &, s = $, per = %)
t1n|2hww

4. Change a few letters to caps.
t1N|2hwwT

You now have a strong password that is relatively easy to remember.
 
Last edited:

normzone

Trusted Information Resource
#5
My gripe is sites that don't inform you up front that you cannot re-use a password that you used a few iterations ago, until after you've entered it twice and updated all their security questions, THEN they let you know that's not permitted.

GIDEP is worse - they won't let you use something that is a derivative of an earlier password, but they won't tell you that. You have to talk to tech support in order to learn that if you used [thatdamnpassword] long ago and are now trying to use [anotherdamnpassword] now, that the system will not permit it.

If you need to hack my systems, you can begin with curses - my patience is wearing thin ... :bonk:
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#7
.... So I'll send an email to myself with the the site and password ....
True very recent story - Wore out a couple pair of jeans so I went online and ordered 2 pair. Emails back and forth confirming and all that including delivery by UPS information. About 11.30 of the morning of the expected delivery date I got an email from (supposedly) UPS saying they could not deliver. The email had 2 attachments, said to print them out and take them to my local US store to pick up the package. So - I opened one attachment and it was a weird template for something in Word. It was then I knew it was some type of malware. I had been had. Luckily I was on a Mac and nothing happened. UPS delivered the package a couple of hours later.

As luck would have it I was reading an article on Ars about the Podestra failure. One of the commenters there, in response to someone talking about email security, said: "If you want to find out about email security, get a WoW account. Make a character, get some game points, some good weapons and such, and then email password and account information to yourself. It won't take long and your account will be hacked."

The guys point was an email which passes through a couple of nodes has a good chance of being intercepted and read.

I'm not a paranoid sort until recently. The UPS email to me could have been "luck", but it freaked me out a bit. I was expecting a UPS delivery that day and low and behold I get a spear phishing email.

Food for thought...
 

normzone

Trusted Information Resource
#8
Have you tried to use a password manager?
No, I've not. I guess I'm old school - I only recently got comfortable with writing down logins and passwords - I always felt it should be pure memory, but those days are past.

Let me guess ... a password manager is a tool that correlates all that stuff for you, and you use a ... password - to engage with it. Not a bad idea ...

:lol:
 

JeantheBigone

Quite Involved in Discussions
#9
This trick has worked well for me:

Remember a life event, like

I got married September 6

Igm-S06

My father died August 10

mFdAug10!

Easy to remember and reasonably strong.
 

Ronen E

Problem Solver
Staff member
Moderator
#10
True very recent story - Wore out a couple pair of jeans so I went online and ordered 2 pair. Emails back and forth confirming and all that including delivery by UPS information. About 11.30 of the morning of the expected delivery date I got an email from (supposedly) UPS saying they could not deliver. The email had 2 attachments, said to print them out and take them to my local US store to pick up the package. So - I opened one attachment and it was a weird template for something in Word. It was then I knew it was some type of malware. I had been had. Luckily I was on a Mac and nothing happened. UPS delivered the package a couple of hours later.

As luck would have it I was reading an article on Ars about the Podestra failure. One of the commenters there, in response to someone talking about email security, said: "If you want to find out about email security, get a WoW account. Make a character, get some game points, some good weapons and such, and then email password and account information to yourself. It won't take long and your account will be hacked."

The guys point was an email which passes through a couple of nodes has a good chance of being intercepted and read.

I'm not a paranoid sort until recently. The UPS email to me could have been "luck", but it freaked me out a bit. I was expecting a UPS delivery that day and low and behold I get a spear phishing email.

Food for thought...
I use Gmail and their phishing / spam filters are quite effective. So effective that once in a while they spam-flag an important message I'm waiting for. So here I am, browsing the spam folder ever so often. Who knows how many real, important messages I've missed over the years... took me a while to get into the habit of monitoring the spam folder.
 
Thread starter Similar threads Forum Replies Date
R Do you agree with "There are no stupid questions" statement? Coffee Break and Water Cooler Discussions 40
T Taking Multiple Certifications within 2 weeks - Crazy, Stupid or Wise Professional Certifications and Degrees 5
J Calibration and Customer 'Requirements' - Something Stupid Beyond Belief General Measurement Device and Calibration Topics 40
SteelMaiden Stupid Criminal Tricks Coffee Break and Water Cooler Discussions 1
M Cal 133 flammability standard - Medical Devices - Stupid Customer Tricks 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
Howard Lee No Stupid Questions!!!! Coffee Break and Water Cooler Discussions 53
G Acronym KISS - Keep It Simple, Stupid Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 9
Wes Bucey Does your company do something this stupid? World News 86
G Using ASCII Codes - Split from "Stupid criminal of the week" thread After Work and Weekend Discussion Topics 13
G Stupid criminal of the week Funny Stuff - Jokes and Humour 17
R Stupid Responses to CARs - Long Term Corrections or Root Causes Problem Solving, Root Cause Fault and Failure Analysis 47
Marc Stupid Security Winners Coffee Break and Water Cooler Discussions 1
B Stupid Company Tricks 101 Coffee Break and Water Cooler Discussions 21
A Stupid Question of the Day - Start at section 4 or section 5? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
H Should I mention machine/Equipment password In SOP? Qualification and Validation (including 21 CFR Part 11) 4
Marc Latest Password Breaches - January 2019 World News 5
D Use of password managers on validated computer systems (21 CFR Part 11) Medical Information Technology, Medical Software and Health Informatics 2
D SQL Server Username and Password Excel .xls Spreadsheet Templates and Tools 3
P HIPAA Privacy - Login password or USB Access key? Other US Medical Device Regulations 3
I 21 CFR PART 11 Password and User Name Requirements Software Quality Assurance 3
S Read Only & Password Protected - Sufficient to Control Documents under 4.2.3? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
M The definition of the word Invalid as in "Password Invalid" Coffee Break and Water Cooler Discussions 7
optomist1 How to Delete a Powerpoint File Password After Work and Weekend Discussion Topics 3
Q 21 CFR Part 11 Password Requirement for a Web Service Software Quality Assurance 6
B Does anyone know if there is a way to password protect a folder? After Work and Weekend Discussion Topics 2
Richard Regalado Information Security Joke on Password Management Funny Stuff - Jokes and Humour 4
K Can a document approval be in the form of password? Document Control Systems, Procedures, Forms and Templates 22
N Quality Records - Password and Anti-virus Protection Records and Data - Quality, Legal and Other Evidence 3
kedarg6500 Protection of Records in soft copies - Password needed? Records and Data - Quality, Legal and Other Evidence 4
V Control of Forms - Do the blank forms need to be Password Protected? Document Control Systems, Procedures, Forms and Templates 19
F Is self-serve password reset for Windows considered for validation under CFR Part 11 Qualification and Validation (including 21 CFR Part 11) 2
V SPC XL 2000 add-in for Excel.xls - Password Excel .xls Spreadsheet Templates and Tools 6
Marc Attribute Gage R&R Spreadsheet - Needs Password Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 7
C Ford Q1 Assessment Spreadsheet password Customer and Company Specific Requirements 3
K Tips 'n Tricks for getting a Job in the early 21st Century Career and Occupation Discussions 1
J Using purchased "Training Doc" (TQS) software - Tips/Tricks Training - Internal, External, Online and Distance Learning 7
6 ISO 14001 - Registration (Certification) Audit Tips and Tricks ISO 14001:2015 Specific Discussions 13
SteelMaiden SharePoint 2007 - tips, tricks or tools? After Work and Weekend Discussion Topics 5
Wes Bucey The Job Hunt - Tips & Tricks & Traps Career and Occupation Discussions 13

Similar threads

Top Bottom