What´s your Password Policy?

Discussion in 'other security issues & news' started by Rasheed187, Sep 4, 2007.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Hi,

    If you think about it, protecting your online accounts (online banking, email etc.) with just a username and password is not really a solid security measure, but of course, we have no choice most of the time. I have a couple of questions.

    http://passwordmaker.org/
    https://addons.mozilla.org/nl/firefox/addon/3282
    http://www.amustsoft.com/1-login/
    https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/PPSecurityKey-outside
    http://www.rsa.com/node.aspx?id=1159
    http://www.passgo.com/news/DesktopToken.shtml

    TIA ;)
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    OK, I´m a bit surprised that most people don´t seem to care about this subject, or is there perhaps some other reason why no one has replied? :)
     
  3. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Passwords are quite boring I guess :) And if one uses tools like roboform you never have to think about them. Passwords becomes a non-issue :D
    I hesitated to answer because I knew my post would be a ad for roboform. But since you asked for it :p

    I have 15 digits passwords like: &zE8U@sv3oTgse^ and I let Roboform manage them. I probably will buy Roborform2go the day I need the passwords anywhere else than in my home computer.

    Me neither, never used them. Roboform does the job.

    I some times check my bank with my work computer. At home I use a card reader where I put my credit card with a chip (and a certificate from my bank installed) so I just have to enter my credit card pin code.
     
    Last edited: Sep 6, 2007
  4. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I looked into roboform it doesn't work with Opera (more on password managers later). I use letters uppercase and lowercase and numbers and whatever the website specifies or application specifies. I use passwords Between 15 to 64 characters long depending on what they protect. I use Opera Browser, it has it's own password manager. uses a master password to lockup the rest of the passwords and uses a wand to transfur the passwords to the webpage form Opera has 256 bit AES encryption on the password manager. I recently switched over to Keepass password safe waw.keepass.info/
    I think it is much more secure
     
  5. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    My answers:
    1) No, no
    2) Don't use them
    3) Doesn't matter to me since the vendor controls that
    4) Yes, I have done that many times

    So far the fraud that I have come across are from non-online sources.
     
  6. herbalist

    herbalist Guest

    The type of password I use depends on how important what I'm protecting is. For forums, webmail accounts, etc, I use one or more uncommon words and let Sea Monkey store them encrypted. The master password is much longer.

    Passwords I use for encrypted partitions and containers are much longer, 80-120 characters, with upper and lower case, numbers, punctuation, and symbols. They are not stored on the PC and I take all possible precautions to prevent their capture.

    For sensitive sites and my primary e-mail, I copy and paste from one of several text files which were created with PGP by encrypting fairly large documents. The text files are all at least 300 lines long. These are lines from one of them.
    Code:
    qANQR1DBwU4DtYA9uTfuIakQB/9w54fY4UZlR1THoeim/U8lKNvXb3ol8iwQhsk3
    SxT3zp61oqYgLOYxKE0pmmsNEfMFYqBvaBGA/WibVzBHJFYZQXYA8PD04fD8qLpp
    OZMPZe+VQpc1HfeMM5aWHyrXaOa+nL1D0fCORs+7m8/kdjf1s5CY+3gfT3V/x0Jj
    8MCZCk26vhil3N76i0ise9Ouzj9YBOJcUBjuHMmZ8v9MluOBP9EX+7jv04CyoGMC
    FsnL8sxTudep8h1jN4QQoXu/mhFoFkHeSS7VA6j74bzTmo+thFuWeSXqZ1PtrV+S
    B6fdOJIIiy1yy+QDu2TIEosqlduaevLE041a//B78Or4uKBbB/42ygrO9SNxRo4W
    /fSTHZiJZZEXvm8bgvju4lfItKda5G/54h+itSwcJKs9PHb7SUC+oQkymwRTdZUP
    eM0Ow+GPDoIjT2QswtX4gsGAeBJQ8y+7ZUS3Lp4MvbGwKu56VhQgpTGlGaQMLhVQ
    xFrGw2aEEbTzMurC4KSoQRlojkRGMg+BAFmh15UnNDVfC6jls9KqPpgD+GarB+Pn
    5EUKiOGFMdK06DCgZgD+zNcu2dnilm7OLpUmn5Ooz9dTWF7JYhUeM8ibn3j19slT
    2Gax8zmbdBqqkhHbgwg39ppfEI7nC6HCu6xNdZah2I7v3YpOfcKjJn7i6bG1R1/T
    zGoPgxqlyewacMyf1a0UxsnoKW99oYx2XVSPnLSaw3fYo0ctTzf1PuKTrxZ1lep+
    uoZZzz9HO14d3aObb94U7Wc1ko9RlHZVFJXykRxKuzL+bnOyTV/6GCG4cRNYy61Z
    9tjtYskabva0SlmgkrbAzWoxAeVpqDxeMmw7Evx0nw8xRXoMof8NFwC5qdJrkbad
    6jHS31JD42MsEEE+O4KLN0lvNSXkQDEOUAadSVffU0C+a+jQOoBPEeqN4AL95+ni
    m33gyZ8PKsQ/UBRst0EBpRPpHCDgJePLFgaIHfdnd2epI002FBv4UdmVS29GzYjb
    eYa3vDiMMdukrBV7A/okbqylEkdQhbuLP7S4at3Gls15oYzDgV4c+GgNcN71X29M
    aTH64LcJ4ssCD+sum7WIKoUlUuRuBOxWORkOytpdutK6NC7n1mBMIoeNPdZ0VTEP
    3vSF5mhVtcBdFSqTB706Pc8kyvv/UObQFW1Bmpg3JHM8gU3ixNMmYSVD2XS0izr6
    362bGimLkTWY9phwdAvp3m4YiC/NHcMK2cLCue/a1XlDUOBXTGeWSD0wM5ptm2CA
    I use close to as many characters as the site/app will accept, copied from a randomly chosen location(s) in one of the text files. I have a little system to keep tract of where I started and ended the copying, which I won't describe. With several such files for source material, the number of possible combinations is huge and appears to be quite random. I don't have to worry about a flaw or vulnerability in a password program since there is no program to crack.
    Rick
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,

    - Do you use hard to guess passwords, and if so, how do you manage them, via the browser (or plugin) or some standalone passwordmanager?

    I make my own passwords, are they hard to guess, yes.

    - What do you think about password hashing tools like Password Hasher, PasswordMaker and AMUST 1-Login? I still don´t really understand what´s so special about them?

    I don't find them intriguing.

    - Do you think that sites should use hardware or software based tokens? For example PayPal is now offering "two-factor authentication", and most banks do too.

    Why not.

    - Would you login to your email or bankaccount on a PC not owned by you, so a friend´s computer, public computer.

    No.

    That's about it.

    Mrk
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    IMO all online banking/shopping and webmail accounts should be protected by a "two-factor authentication" system. Of course this will make it difficult to login from any PC, but that´s not a good idea anyway. And about tools like Password Hasher, if I understood it correctly, the cool part about them is that you can login to any site with the same password, while your real passwords will never be visible. :)
     
Loading...
Thread Status:
Not open for further replies.