We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

Password safety; Storing passwords on sites


Laurence WM

Likes # 0

Realistically, what are the dangers with passwords? They can be quite a nuisance.

Should every password I have be different?

How safe is it to store passwords on sites?

Is it safe to stay permanently logged into sites, for instance prominent email sites such as Hotmail?

Thanks a lot, Laurence

Like this post
johndrew

Likes # 1

There are many articles with regard to passwords both in PCA magazine and on the internet; most are worth reading and will answer your questions fully.

Basically passwords are like your credit/debit card PIN but where your PIN allows direct access to your cash a password allows access to your life. If a hacker gets your password you will find that you have said, ordered, bought, sold or done any manner of things. If it is the password to your PC anything stored there may well be accessible - including your bank account.

Every password should be different.

I'm not sure what you mean "store passwords on sites".

If you choose to stay logged onto a site you should have confidence in the security of that site. Many stay logged into PCA for example but I doubt if many would stay logged into Hotmail as you could end up sending any number of mails all over the world including any you have saved.

Have a read of these:

Item 1.

Item 2.

Item 3.

Item 4.

Check your password security here.

Like this post
Nontek

Likes # 0

johndrew

Thanks for that last link - apparently my hotmail password would take 98Million years to crack!! That's reassuring.

Like this post
Forum Editor

Likes # 0

"apparently my hotmail password would take 98Million years to crack!!"

Or half an hour.

That's the thing with passwords - if you're trying to crack one you can simply get lucky.

Like this post
johndrew

Likes # 0

As the FE says - especially with modern technology - hackers can crack passwords fairly quickly so regular changing of important ones is essential even if you think it will take 98 million years to achieve. And they can leave their PC to do it whilst they have a coffee!!

Like this post
Laurence WM

Likes # 0

Thanks a lot John,

The articles are useful, especially Item 3 from lifehacker.com.

By 'storing passwords on sites' I mean when I log into a site (with Firefox) a box comes down and asks me whether I would like it to remember the password for this site. Is this safe?

You write: 'If you choose to stay logged onto a site you should have confidence in the security of that site.' How can I tell whether or not to have this confidence? Should I not have confidence in the major email sites - Yahoo, Gmail etc. - but have confidence in sites that belong to reputable organisations such as shopping chains?

Does how often you use a site influence the chances of your account being hacked into?

Does anyone know what proportion of internet users do get their accounts hacked into?

Would using Linux diminish the security risks?

Thanks very much indeed, Laurence

Like this post
wee eddie

Likes # 1

A couple of thoughts:

Does changing your Password on a regular basis make it more difficult to crack?

No: If the person trying to crack your Password does not know what it is in the first place, it doesn't matter if it is the same Password you had for the last 5 years or the one you changed yesterday.

Does the inclusion of random symbols make a Password harder to crack?

Yes, however, unless the person trying to access your files is very pressed for time, the Symbols may delay him/her for up to 20 minutes, depending upon the Software he is using to crack the Password.

What your password must be capable of doing is deterring the casual thief. Not doing this is is the equivalent of leaving the back door open and/or the key under the mat.

Your password must be unique to you and be difficult to guess without an intimate knowledge of your personal life. So the Dogs name or your Mistresses address may not be not sufficient, however mixing the two together may easily be sufficiently difficult to guess.

I like a Clerical friend's solution. He picks a line in a favorite Psalm and then uses the first letters of each word in that line, so his helpful hint is the Psalm number followed by the line number: e.g. 234. He has also used Hymns in the same way and his first attempt was the opening lines of the Marriage Service.

My own is the Number of one of my early Cars and the Girlfriend that was current at that time. Many Cars, many Girlfriends. Easy hint e.g. MGA

Like this post
johndrew

Likes # 1

When using Firefox and you are asked if you want to remember the password it is saved on your PC not online. As a result it is as safe as your PC is secure. What it allows is for you to log into the site when you revisit it without the need to type all your password details in.

As for confidence in remaining logged into a site, it depends on you to a greater extent but also on the type of site. For example I remain logged into a number of sites I visit (such as PCA) as the likelihood of anyone wanting to gain access to my account and the details held by them is minimal. Sites where I purchase items and a greater level of detail (such as credit card details) may be held I log out from regardless of the encryption they use. I know my details can still be hacked from these sites, but because I remain logged out it makes it more difficult to see if I have been recently active. Whether right or wrong I think it is a good thing to log off from any site where a hacker may gain a level of control causing a loss to the registered user.

I doubt the amount of personal usage of a site will cause an increase in the risk of hacking on a personal basis as hackers tend to go for volume of details that can be sold on or used.

The proportion of internet users who do get their accounts hacked into is like asking how long a piece of string is. Hacking is going on all the time across a range of sites. Many people use more than one site and if, say, two of the sites used by a single person are hacked then the figures of how many people start to get distorted.

Whether Linux is more secure than any other OS is now an open question. It was at one time, but with popularity come risks and Linux is becoming quite popular. All operating systems have their vulnerabilities and those considered by the hacker to be better targets (most users/most lucrative/easiest to access?) are likely to suffer the most.

Using good password character combinations (see wee eddie's post above), avoiding suspect sites by using McAfee SiteAdvisor or WOT, a decent anti-virus program backed up with antimalware and common sense in PC/site usage are your best defence in personal terms. There is little you can do about a site itself unless you refuse to use it.

Like this post
Laurence WM

Likes # 0

Thank you very much indeed, John, for this very helpful and full answer.

If a random hacker does hack into your account somewhere, what are they likely to do with it?

Thanks again, Laurence

Like this post
johndrew

Likes # 0

If a random hacker does hack into your account somewhere, what are they likely to do with it?

It depends on what is stolen. Most likely your passwords will be used (or sold on to be used) in criminal acts where possible, your e-mail sold to spammers and if you lost bank details - especially to an online account - well you know this anyway.

Like this post
mole1944

Likes # 0

my passwords are kept encrypted on a pen drive in my safe at home,no one on the net can then hack into them and there fairly safe (Sorry for the pun),as a thought isn,t it time to do away with passwords and go to biometrics,try replicating your finger or eye print.i have 60 or so assorted passwords and it would make my life sooo much easier going onto sites.and yes i know you can get fingerprint scanners

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

5 reasons not to wait for the Apple Watch: Why you shouldn't buy the iWatch

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How Emotional Debt is damaging digital design

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room