...how is everyone managing their passwords and online security? Curious.

 

for financial sites, I have a different password for each; written down in a black book, locked in a cabinet at the office.

some sites ask to change every six months; thats why the need for the book.

 

I have two or three words passwords, using numbers, caps and special characters if allowed. I Also have them written down in a safe, just in case I forget, and I do forget.

I try to randomly change my passwords every few months. They are all different. Sometimes I will stare at the computer screen for 10 minutes trying to remember my password, just ending up resetting it and remembering it afterwards, ohhh yeahhhh, dumbass

I don't log in to my bank/credit card accounts from anywhere, only my from trusted computers. I don't even use my iPhone to connect to banks, etc.

PS Most financial sites I use, even email and facebook, all require an authentication code which is send to my phone via txt. So if a computer is not recognized, you must enter the code to proceed. Neat feature.

 

For an IT guy I am terrible at password management, I have two that I rotate between, both not that secure. Maybe Ill work on that today.

 

^^^^

Yes, I suck too... Really need to start using a digital wallet, like 1Passowrd, which I already have. Don't want want it to store my keys to Dropbox.

 

This is what prompted my thread... Guessing most here have seen this... Fawk!!!!


http://www.wired.com/gadgetlab/2012/...n-hacking/all/

 

Yep, it's all written down and hidden away. Different password for most websites, especially the 'essentials'.

 

Yeah I was gonna post that! Crazy! Seems like we need a unified approach or standard for password recovery methods so stuff like this doesn't happen.

 

Hope you reset your dropbox password since they got hacked and didn't want to admit it.

 

I like the idea of something like last pass or 1password but it doesn't well work with iOS devices and mobile apps. So if you only check stuff on your PC it's fine but if you want to do mobile banking using apps or whatever then you still have to remember all those passwords.

 

Probably time for me to update some passwords. My problem is that I do have much variety in my passwords.

Task for tonight. At least ones that my CC# is attached to.

 

Passwords are different for every site and every email account. I try not to log into any of them from anywhere except my trusted PCs and devices.

I never use the "hint" questions on websites either, if required I'll just add another strong password to a question that doesn't even make sense, like "what was the name of your bridesmaid?"

I have them all memorized now, but I should probably write them down somewhere safe. I guess memory loss from a head injury is rare but always possible.

Lot of other things too. I'm also very strict on my backups. My minor in college was Information Security, so maybe I take it further than most, but I've never had any compromises. Better safe than sorry, right?

 

i have keepass but i dont use it religiously. I only have it to manage my linkedin

i keep the database in my dropbox so it can sync across multiple machines. The master password for the db is a that I have not used anywhere.

For google i re-enabled 2 factor authentication after hearing the Wired guy's story. With that comes application specific pws for accessing your google account (via IMAP or w/e).

when i worked in a municipality, you would not believe how simple the local admin password was, and it was city wide. Every machine had this pw. it was a joke, and i dont think it even followed the domain pass requirements (local acct is baked into the base image). But then again, anyone that really awnted to could get access just by using one of many bootable CDs.

 

for some reason i feel like you have to be really unlucky to get hacked...

but other than that, i have 3 passwords, 1 moderate, 1 strong and the last very strong. Then among those i have different variations cause some places require a capital letter and others dont haha. But i'll always caps the specific letter. Its weird but i've memorized it all, sometimes i'll enter the wrong pw in site so i just do another one and it works.

I had one for my engineering account for school, and i somehow memorized that without trying haha. And it was weird cause i only knew it when i was typing (muscle memory i guess)

 

ohh also i read somewhere that it does not matter mixing a whole bunch of numbers and letters together. For example

kdigh45 would probably be weaker than ferrariscuderia430

 

I believe it's more of a numbers thing. There are a lot of very easy targets out there. Why would a wolf try to eat rabbits locked in the cage when there are plenty of them hopping around right in front of him? Weird analogy but it makes sense, right?

However, if someone knows your stuff isn't secure, they could target you, and if they're good enough and you're not careful enough you could get fucked like that guy in the article Scrib linked to.