We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Beginners' Tech Help


It's free to register, to post a question or to start / join a discussion


 

Password safety; Storing passwords on sites


Laurence WM

Likes # 0

Realistically, what are the dangers with passwords? They can be quite a nuisance.

Should every password I have be different?

How safe is it to store passwords on sites?

Is it safe to stay permanently logged into sites, for instance prominent email sites such as Hotmail?

Thanks a lot, Laurence

Like this post
johndrew

Likes # 1

There are many articles with regard to passwords both in PCA magazine and on the internet; most are worth reading and will answer your questions fully.

Basically passwords are like your credit/debit card PIN but where your PIN allows direct access to your cash a password allows access to your life. If a hacker gets your password you will find that you have said, ordered, bought, sold or done any manner of things. If it is the password to your PC anything stored there may well be accessible - including your bank account.

Every password should be different.

I'm not sure what you mean "store passwords on sites".

If you choose to stay logged onto a site you should have confidence in the security of that site. Many stay logged into PCA for example but I doubt if many would stay logged into Hotmail as you could end up sending any number of mails all over the world including any you have saved.

Have a read of these:

Item 1.

Item 2.

Item 3.

Item 4.

Check your password security here.

Like this post
wee eddie

Likes # 1

A couple of thoughts:

Does changing your Password on a regular basis make it more difficult to crack?

No: If the person trying to crack your Password does not know what it is in the first place, it doesn't matter if it is the same Password you had for the last 5 years or the one you changed yesterday.

Does the inclusion of random symbols make a Password harder to crack?

Yes, however, unless the person trying to access your files is very pressed for time, the Symbols may delay him/her for up to 20 minutes, depending upon the Software he is using to crack the Password.

What your password must be capable of doing is deterring the casual thief. Not doing this is is the equivalent of leaving the back door open and/or the key under the mat.

Your password must be unique to you and be difficult to guess without an intimate knowledge of your personal life. So the Dogs name or your Mistresses address may not be not sufficient, however mixing the two together may easily be sufficiently difficult to guess.

I like a Clerical friend's solution. He picks a line in a favorite Psalm and then uses the first letters of each word in that line, so his helpful hint is the Psalm number followed by the line number: e.g. 234. He has also used Hymns in the same way and his first attempt was the opening lines of the Marriage Service.

My own is the Number of one of my early Cars and the Girlfriend that was current at that time. Many Cars, many Girlfriends. Easy hint e.g. MGA

Like this post
johndrew

Likes # 1

When using Firefox and you are asked if you want to remember the password it is saved on your PC not online. As a result it is as safe as your PC is secure. What it allows is for you to log into the site when you revisit it without the need to type all your password details in.

As for confidence in remaining logged into a site, it depends on you to a greater extent but also on the type of site. For example I remain logged into a number of sites I visit (such as PCA) as the likelihood of anyone wanting to gain access to my account and the details held by them is minimal. Sites where I purchase items and a greater level of detail (such as credit card details) may be held I log out from regardless of the encryption they use. I know my details can still be hacked from these sites, but because I remain logged out it makes it more difficult to see if I have been recently active. Whether right or wrong I think it is a good thing to log off from any site where a hacker may gain a level of control causing a loss to the registered user.

I doubt the amount of personal usage of a site will cause an increase in the risk of hacking on a personal basis as hackers tend to go for volume of details that can be sold on or used.

The proportion of internet users who do get their accounts hacked into is like asking how long a piece of string is. Hacking is going on all the time across a range of sites. Many people use more than one site and if, say, two of the sites used by a single person are hacked then the figures of how many people start to get distorted.

Whether Linux is more secure than any other OS is now an open question. It was at one time, but with popularity come risks and Linux is becoming quite popular. All operating systems have their vulnerabilities and those considered by the hacker to be better targets (most users/most lucrative/easiest to access?) are likely to suffer the most.

Using good password character combinations (see wee eddie's post above), avoiding suspect sites by using McAfee SiteAdvisor or WOT, a decent anti-virus program backed up with antimalware and common sense in PC/site usage are your best defence in personal terms. There is little you can do about a site itself unless you refuse to use it.

Like this post
Terry Brown

Likes # 1

One of the best ways to protect yourself is to delete your browing history when you close the browser / shut the computer down.

I also suggest (On win XP):

Open Control Panel

Internet Options

Select Privacy

Select Advanced

Click override automatic cookie handling

Accept first party cookies (Tick)

Block 3rd party cookies (tick)

This will help to stop other unothorised party loading cookies for use when they feel like it.

I keep my passwords on a USB stick in email form, so I just open the email and copy/paste the revelant infomation, and do not store any passwords on my harddrive.

Maybe I go over the top, but I believe what is mine stays mine!.

Terry

Like this post
Forum Editor

Likes # 1

"Does anyone know what proportion of internet users do get their accounts hacked into?"

It's a tiny figure.

The amount of concern that's expressed about password hacking is far in excess of the actual risk involved. Hackers are after bigger fry, like a nice juicy server that's stacked with e-commerce transactional data. They're not remotely interested in the average home user.

The biggest risk, as far as ordinary people are concerned is...the ordinary people themselves. Those who allow their browser to save passwords for auto-entry, and those who keep a file somewhere on their hard drive labelled 'Passwords' - you might be surprised at how many people actually do that. Otherwise, the riskiest policy is using the name of your wife, your child, or your dog/cat, or something equally easy to crack.

Go for decent alpha-numeric passwords that aren't dictionary words, and you're about as safe as you need to be. A password such as w0ffl1b0ffl1 is easily remembered and difficult enough to crack.

Like this post
Laurence WM

Likes # 0

Many thanks for all this advice, everyone.

Thanks in particular to Terry for the detailed suggestion, to Forum Editor for a useful perspective, and to John for initial answers.

Laurence

Like this post
Laurence WM

Likes # 0

Thank you very much indeed, John, for this very helpful and full answer.

If a random hacker does hack into your account somewhere, what are they likely to do with it?

Thanks again, Laurence

Like this post
johndrew

Likes # 0

If a random hacker does hack into your account somewhere, what are they likely to do with it?

It depends on what is stolen. Most likely your passwords will be used (or sold on to be used) in criminal acts where possible, your e-mail sold to spammers and if you lost bank details - especially to an online account - well you know this anyway.

Like this post
mole1944

Likes # 0

my passwords are kept encrypted on a pen drive in my safe at home,no one on the net can then hack into them and there fairly safe (Sorry for the pun),as a thought isn,t it time to do away with passwords and go to biometrics,try replicating your finger or eye print.i have 60 or so assorted passwords and it would make my life sooo much easier going onto sites.and yes i know you can get fingerprint scanners

Like this post
Nontek

Likes # 0

johndrew

Thanks for that last link - apparently my hotmail password would take 98Million years to crack!! That's reassuring.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Netflix to introduce price increase: New subcribers to start with

IDG UK Sites

Apple financial results: iPhones, iPads & Macs sales for Apple's Q2 2014, plus shares to split

IDG UK Sites

Twitter - not news

IDG UK Sites

See Moo Studios' new animated advert for Blue Moon beer