How safe are your passwords

UKworkshop.co.uk

Help Support UKworkshop.co.uk:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

sawdust1

Established Member
Joined
15 Nov 2012
Messages
400
Reaction score
39
Location
devon
Hi all, had my yahoo email account hacked last week from Ubekistan were ever that is. Probably my fault as my password was simply that, a word so now i have beefed up all my passwords to super secure. They sent everyone in my contacts list an email from me regarding a moneymaking scam.Annoying as i had to go through my contacts list and tell everone that if they received an email regarding a money making scam it was not from me.
 
password for a password - oh dear

Always go for min 8 characters and I personally like to misspell and use numbers instead of vowels, plus chuck in a non-standard character - sausages would be $0sag3zz for example
 
I'm a big fan of 2 small but unconnected words followed by a 3 digit number

eg. logmat326

Plus I know its a pain but use a different password for everthing.
 
sawdust1":2ujal13f said:
Probably my fault as my password was simply that, a word so now i have beefed up all my passwords to super secure. They sent everyone in my contacts list an email from me regarding a moneymaking scam.

This can be done without knowing your password :( Simply send an email to you with a spurious link / image containing the code to get the addresses from your contacts list and send the emails when you click / view the image.

It happened to me a long, long time ago - always delete messages you are unsure of
 
dm65":2n7ju61b said:
password for a password - oh dear

Always go for min 8 characters and I personally like to misspell and use numbers instead of vowels, plus chuck in a non-standard character - sausages would be $0sag3zz for example

#-o .......Then thirty seconds later, you forget it?....I would.
 
What I use is the model number of something I'm not likely to forget that has letters and numbers.
 
phil.p":16r05d7u said:
#-o .......Then thirty seconds later, you forget it?....I would.

Everyones policy is different to suit them

The point is that they should be memorable, but not guessable or whole words (to stop dictionary attacks)

Here's a handy link - https://passfault.appspot.com/password_ ... .html#menu

What works for you might not work for me but I've never been hacked (omg what have I just said - someone pass me some wood to touch) :)
 
The trouble is, so many sites require a P/W and ID number / name, I have a little diary with all the ID's and P/W's - 46 so far, but I agree each should be unique. (scratched my head for you DM )
 
Gary Morris":20errngy said:
The trouble is, so many sites require a P/W and ID number / name, I have a little diary with all the ID's and P/W's - 46 so far, but I agree each should be unique. (scratched my head for you DM )

Cool - feeling luckier already :)

The other thing you shouldn't do - "I have a little diary with all the ID's and P/W's - 46 so far" - is write them down :)

There is a limit to the security issue and I think it should depend on what the password protects

And NEVER save credentials in your browser, that's how most people get hacked, cracked, whatever you want to call it

To put this into context though, I went on a security course once where part of the perceived risk was a) someone peeking from that wheelie bin over there and b) screens facing windows where someone could be in the treeline with binoculars - what a fun week that was
 
Had a good one yesterday, from paypal suspect activity on your paypal account , if it was not you please follow this link. Did return path and it was nothing to do with paypal . Also they started of with dear customer where paypal will always say dear your name. We get scam emails most weeks its great spotting them.
 
Old car registration numbers (that you've owned) can be easy to remember using upper and lower case for the former or latter letters. And easy to remember plus put an alternative character at the end. 12 chars min imo

Example: kx53BUKbu856XPC@
 
Flynnwood":3k6c780d said:
Old car registration numbers (that you've owned) can be easy to remember using upper and lower case for the former or latter letters. And easy to remember plus put an alternative character at the end. 12 chars min imo

Example: kx53BUKbu856XPC@

I like old favourite registrations as well :)

Honestly, in my experience, you can have the best password regime in the world, but if you're gullible, you'll get stung

I know of 3 people who fell for the scam where they get a phone call saying errors have been detected in their eventlogs - you have probably heard of this - they hadn't and each one paid up !

One woman took a call from one of these guys just after I arrived at her house to do a job - thought it was related to what I was doing, but luckily asked me first
 
I use the names of old school friends or a car I used to have and keep a word document with hints in that no one would have a chance of deciphering;

Chisel sharpening forum UK..............Hint: Red car including cc.........Actual password: Triumph2000

Pole dancers & flute polishers forum..........Hint: Blond kid that had fit sister............Actual password: SteveWalker

This way you can have as many passwords as you like, write down hints for them all and no one will ever get them
 
dm65":2lj5i0i6 said:
And NEVER save credentials in your browser, that's how most people get hacked, cracked, whatever you want to call it

I think actually most people still get 'hacked' by willingly giving their password to people who ask for it. It's far easier to set up a fake bank login page and send out scam emails than it is to hurriedly write code to exploit a particular browser security hole before it gets automatically patched on most people's machines, enough people still fall for it, and criminals are by definition lazy people. If they weren't lazy, they'd get a real job!

Saving your credentials to your browser is as safe as most other things on your computer, really - keep your security patches up to date and you probably don't have to worry. Much like securing your house, you don't have to make your computer impregnable, you just have to make it harder than average to break into, then nobody will bother unless they think there's something in there that makes it worth the extra hassle. Careless or stupid people's money works just as well, after all. (If you want to make your computer impregnable, it's easy: sever all network connections, turn the Wi-Fi and Bluetooth off, and never insert any kind of removable media or USB devices.)



I got one of those scammers on the telephone a little while back, when I was working from home one day (I'm sure it's complete coincidence that they only call during normal office/school hours when the people most likely to be computer savvy are presumed away from the home). Almost worthy of Fonejacker: "We've detected that there's something wrong with your computer." "Which computer?" "Your computer, the one in your house." ... yeeeeessss.
 
As ever, XKCD gets it right:

authorization.png
 
Best security I've seen was on the Bodog poker site. They had a reference number that your comp could remember. So to get into your account, they'd need to get the ref No. correct plus your password at the same try.

The way it is for most sites, the hackers only need to get one piece of data right.
 
Back
Top