Beginners' Tech Help
It's free to register, to post a question or to start / join a discussion
Password safety; Storing passwords on sites
Likes # 0
Posted February 14, 2013 at 2:31PM
Realistically, what are the dangers with passwords? They can be quite a nuisance.
Should every password I have be different?
How safe is it to store passwords on sites?
Is it safe to stay permanently logged into sites, for instance prominent email sites such as Hotmail?
Thanks a lot, Laurence
Likes # 1
Posted February 14, 2013 at 3:58PM
There are many articles with regard to passwords both in PCA magazine and on the internet; most are worth reading and will answer your questions fully.
Basically passwords are like your credit/debit card PIN but where your PIN allows direct access to your cash a password allows access to your life. If a hacker gets your password you will find that you have said, ordered, bought, sold or done any manner of things. If it is the password to your PC anything stored there may well be accessible - including your bank account.
Every password should be different.
I'm not sure what you mean "store passwords on sites".
If you choose to stay logged onto a site you should have confidence in the security of that site. Many stay logged into PCA for example but I doubt if many would stay logged into Hotmail as you could end up sending any number of mails all over the world including any you have saved.
Have a read of these:
Check your password security here.
Likes # 0
Posted February 14, 2013 at 4:09PM
johndrew
Thanks for that last link - apparently my hotmail password would take 98Million years to crack!! That's reassuring.
Likes # 0
Posted February 14, 2013 at 4:19PM
"apparently my hotmail password would take 98Million years to crack!!"
Or half an hour.
That's the thing with passwords - if you're trying to crack one you can simply get lucky.
Likes # 0
Posted February 14, 2013 at 8:08PM
As the FE says - especially with modern technology - hackers can crack passwords fairly quickly so regular changing of important ones is essential even if you think it will take 98 million years to achieve. And they can leave their PC to do it whilst they have a coffee!!
Likes # 0
Posted Today at 12:17PM
Thanks a lot John,
The articles are useful, especially Item 3 from lifehacker.com.
By 'storing passwords on sites' I mean when I log into a site (with Firefox) a box comes down and asks me whether I would like it to remember the password for this site. Is this safe?
You write: 'If you choose to stay logged onto a site you should have confidence in the security of that site.' How can I tell whether or not to have this confidence? Should I not have confidence in the major email sites - Yahoo, Gmail etc. - but have confidence in sites that belong to reputable organisations such as shopping chains?
Does how often you use a site influence the chances of your account being hacked into?
Does anyone know what proportion of internet users do get their accounts hacked into?
Would using Linux diminish the security risks?
Thanks very much indeed, Laurence
Likes # 1
Posted Today at 1:24PM
A couple of thoughts:
Does changing your Password on a regular basis make it more difficult to crack?
No: If the person trying to crack your Password does not know what it is in the first place, it doesn't matter if it is the same Password you had for the last 5 years or the one you changed yesterday.
Does the inclusion of random symbols make a Password harder to crack?
Yes, however, unless the person trying to access your files is very pressed for time, the Symbols may delay him/her for up to 20 minutes, depending upon the Software he is using to crack the Password.
What your password must be capable of doing is deterring the casual thief. Not doing this is is the equivalent of leaving the back door open and/or the key under the mat.
Your password must be unique to you and be difficult to guess without an intimate knowledge of your personal life. So the Dogs name or your Mistresses address may not be not sufficient, however mixing the two together may easily be sufficiently difficult to guess.
I like a Clerical friend's solution. He picks a line in a favorite Psalm and then uses the first letters of each word in that line, so his helpful hint is the Psalm number followed by the line number: e.g. 234. He has also used Hymns in the same way and his first attempt was the opening lines of the Marriage Service.
My own is the Number of one of my early Cars and the Girlfriend that was current at that time. Many Cars, many Girlfriends. Easy hint e.g. MGA
Likes # 0
Posted Today at 2:46PM
When using Firefox and you are asked if you want to remember the password it is saved on your PC not online. As a result it is as safe as your PC is secure. What it allows is for you to log into the site when you revisit it without the need to type all your password details in.
As for confidence in remaining logged into a site, it depends on you to a greater extent but also on the type of site. For example I remain logged into a number of sites I visit (such as PCA) as the likelihood of anyone wanting to gain access to my account and the details held by them is minimal. Sites where I purchase items and a greater level of detail (such as credit card details) may be held I log out from regardless of the encryption they use. I know my details can still be hacked from these sites, but because I remain logged out it makes it more difficult to see if I have been recently active. Whether right or wrong I think it is a good thing to log off from any site where a hacker may gain a level of control causing a loss to the registered user.
I doubt the amount of personal usage of a site will cause an increase in the risk of hacking on a personal basis as hackers tend to go for volume of details that can be sold on or used.
The proportion of internet users who do get their accounts hacked into is like asking how long a piece of string is. Hacking is going on all the time across a range of sites. Many people use more than one site and if, say, two of the sites used by a single person are hacked then the figures of how many people start to get distorted.
Whether Linux is more secure than any other OS is now an open question. It was at one time, but with popularity come risks and Linux is becoming quite popular. All operating systems have their vulnerabilities and those considered by the hacker to be better targets (most users/most lucrative/easiest to access?) are likely to suffer the most.
Using good password character combinations (see wee eddie's post above), avoiding suspect sites by using McAfee SiteAdvisor or WOT, a decent anti-virus program backed up with antimalware and common sense in PC/site usage are your best defence in personal terms. There is little you can do about a site itself unless you refuse to use it.
