Jump to content

Password nonsense


rasputin

Featured Posts

2 hours ago, rasputin said:

just had to renew my password,

 

It has to be more complicated than my ebay account, my bank account, and my paypal account, so complicated there is no way I will be able to remember it so I have to write it down.

 

How safe is that..

 

crazy

 

Depends where you wrote it. 

 

 

Link to comment
Share on other sites

At work our passwords have to be at least 15 characters long, include at least one capital letter, one number and one punctuation mark. Once logged on there are another 5 programs we have to log onto with the same type of password but all passwords must be different and writing a password down is frowned upon. Passwords also must be changed every 3 months. Fecking mental.??

Link to comment
Share on other sites

1 hour ago, smiler said:

At work our passwords have to be at least 15 characters long, include at least one capital letter, one number and one punctuation mark. Once logged on there are another 5 programs we have to log onto with the same type of password but all passwords must be different and writing a password down is frowned upon. Passwords also must be changed every 3 months. Fecking mental.??

Your employers must have an awful lot to hide.

Link to comment
Share on other sites

2 hours ago, smiler said:

At work our passwords have to be at least 15 characters long, include at least one capital letter, one number and one punctuation mark. Once logged on there are another 5 programs we have to log onto with the same type of password but all passwords must be different and writing a password down is frowned upon. Passwords also must be changed every 3 months. Fecking mental.??

the current advice is to have a long password, longer the better, your company should change the password policy.

https://www.nbcnews.com/tech/security/forget-everything-you-know-about-passwords-says-man-who-made-n790711

Edited by restlessnomad
Link to comment
Share on other sites

6 minutes ago, Athy said:

Your employers must have an awful lot to hide.

Mine did. The MoD used to have a similar frequent change routine with a randomly generated password for you to try to remember. However, I put my expired password through one of those password strength assessment things and it came out... weak!

Link to comment
Share on other sites

2 hours ago, smiler said:

At work our passwords have to be at least 15 characters long, include at least one capital letter, one number and one punctuation mark. Once logged on there are another 5 programs we have to log onto with the same type of password but all passwords must be different and writing a password down is frowned upon. Passwords also must be changed every 3 months. Fecking mental.??

You think yourself lucky we have to change our every 28 days!

Link to comment
Share on other sites

I have just two passwords for all the internet places to which I need to gain access. So, if one doesn't work, the other one will.

 

However, I sometimes wonder what the point is of having them. For example, when I visit Pay Pal to pay for something, the first page displays both my name and my (asterisked) password, so all I need to do is to press an "O.K." button and I can use my account.

Link to comment
Share on other sites

6 minutes ago, Athy said:

I have just two passwords for all the internet places to which I need to gain access. So, if one doesn't work, the other one will.

 

However, I sometimes wonder what the point is of having them. For example, when I visit Pay Pal to pay for something, the first page displays both my name and my (asterisked) password, so all I need to do is to press an "O.K." button and I can use my account.

Yes, quite a few sites have that feature, but will it save your passwoed if you try to access your account from someone elses computer?

Link to comment
Share on other sites

7 minutes ago, David Schweizer said:

Yes, quite a few sites have that feature, but will it save your passwoed if you try to access your account from someone elses computer?

As I never use anyone else's computer, I have no idea.

Link to comment
Share on other sites

8 minutes ago, David Schweizer said:

Yes, quite a few sites have that feature, but will it save your passwoed if you try to access your account from someone elses computer?

I was under the impression it was your browser which saved the password.  If so I suspect it would only work on your machine.

Link to comment
Share on other sites

16 minutes ago, Athy said:

I have just two passwords for all the internet places to which I need to gain access. So, if one doesn't work, the other one will.

 

However, I sometimes wonder what the point is of having them. For example, when I visit Pay Pal to pay for something, the first page displays both my name and my (asterisked) password, so all I need to do is to press an "O.K." button and I can use my account.

I'm not aware that Paypal does that without some input from you.

Every time I use Paypal I get the option "Do you want to save this" and I say NO.

 

Paypal and the bank are the only two passwords that are totally different to all my 'forum' etc passwords and are never saved. I don't mind folk hacking my Canal World account but I'm going to do everything to stop them raiding my bank account.

Link to comment
Share on other sites

2 minutes ago, Alan de Enfield said:

I'm not aware that Paypal does that without some input from you.

 

 

 I don't mind folk hacking my Canal World account but I'm going to do everything to stop them raiding my bank account.

I think it's called "One touch logging in" or something similar. It's been like that for at least a year; whether I initially had to opt for it I can't remember.

 

I don't think that anyone could raid my bank accounts via a computer, as I do not have "on line banking". People have sometimes told me that they've received e-mails which purported to be from me, but which weren't, which is a little strange but quite harmless. I occasionally receive similar ones from people I know, except that they're not. It can be fun, for example a friend e-mails me to tell me that he's srranded at an airport in Bolokstan or somewhere with no money and no credit card. But, I think to myself, I spoke to him on the telephone yesterday and he was in his shop in Stoke-on-Trent. He don't half keep on the move.

Link to comment
Share on other sites

14 minutes ago, Athy said:

I think it's called "One touch logging in" or something similar. It's been like that for at least a year; whether I initially had to opt for it I can't remember.

 

I don't think that anyone could raid my bank accounts via a computer, as I do not have "on line banking". People have sometimes told me that they've received e-mails which purported to be from me, but which weren't, which is a little strange but quite harmless. I occasionally receive similar ones from people I know, except that they're not. It can be fun, for example a friend e-mails me to tell me that he's srranded at an airport in Bolokstan or somewhere with no money and no credit card. But, I think to myself, I spoke to him on the telephone yesterday and he was in his shop in Stoke-on-Trent. He don't half keep on the move.

All bank accounts are online.  So you do have online banking.  You just choose not to use it.  When someone finally crashes the whole system, we'll all lose our money, except for the ones who hide it under their mattress.

Link to comment
Share on other sites

1 minute ago, doratheexplorer said:

All bank accounts are online.  So you do have online banking.  You just choose not to use it.  When someone finally crashes the whole system, we'll all lose our money, except for the ones who hide it under their mattress.

An interesting interpretation.

Oh, and you won't find it under the mattress. It's in a box in the....

Edited by Athy
Link to comment
Share on other sites

41 minutes ago, Athy said:

I have just two passwords for all the internet places to which I need to gain access. So, if one doesn't work, the other one will.

 

 

 

This makes you quite a vulnerable user.

 

Lets imagine I'm a malicious geezer and I want access to your email (so I can contact your bank and change your log-in details to mine, then empty out all your munny). 

 

I now know your email username and password combination is 50/50 likely to be the same as your account here, and any other services I can discover you use. 

 

Now all I need to do is find one of the service you use with poor security and crack your username/password (using freely available password cracking software) on a site with weak security and bingo I can log into your email and pretent I'm you, to fool your bank.

 

Now the weak site might possibly be CWF, as why would admin security here need to be that high? After all, its only posts on a forum isn't it? 

 

But having explained that risk, I'm wondering if you will actually understand, or just deny its existence. 

 

 

  • Greenie 1
Link to comment
Share on other sites

4 minutes ago, Mike the Boilerman said:

 

 

 

But having explained that risk, I'm wondering if you will actually understand, or just deny its existence. 

 

 

It is kind of you to explain; but it sounds very alarmist.

But as I don't have any "log-in details", because I don't use internet banking, they cannot be changed.

I agree that it's only posts on a forum, and I can't imagine Johnny Burglar assiduously ploughing through hundreds of posts on moorings, toilets and Brexit looking for someone to defraud! Especially Brexit - he'd fall asleep long before he had the chance to do anything naughty.

Edited by Athy
Link to comment
Share on other sites

4 minutes ago, Athy said:

It is kind of you to explain; but it sounds very alarmist!

 

Do you remember the furore when Clarkson said his bank account was secure and couldn't be hacked ?

 

He even went so far as to publish his bank account number in the newspapers.

The next day his bank account was compromised and money taken.

 

That was without knowing any passwords - just his bank account number.

 

 

TV presenter Jeremy Clarkson has lost money after publishing his bank details in his newspaper column.

The Top Gear host revealed his account numbers after rubbishing the furore over the loss of 25 million people's personal details on two computer discs.

He wanted to prove the story was a fuss about nothing.

But Clarkson admitted he was "wrong" after he discovered a reader had used the details to create a £500 direct debit to the charity Diabetes UK.

 

o.gif
start_quote_rb.gifI was wrong and I have been punished end_quote_rb.gif
Jeremy Clarkson

Clarkson published details of his Barclays account in the Sun newspaper, including his account number and sort code. He even told people how to find out his address.

 

"All you'll be able to do with them is put money into my account. Not take it out. Honestly, I've never known such a palaver about nothing," he told readers.

But he was proved wrong, as the 47-year-old wrote in his Sunday Times column.

"I opened my bank statement this morning to find out that someone has set up a direct debit which automatically takes £500 from my account," he said.

"The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.

"I was wrong and I have been punished for my mistake."

Police were called in to search for the two discs, which contained the entire database of child benefit claimants and apparently got lost in the post in October 2007.

They were posted from HM Revenue and Customs offices in Tyne and Wear, but never turned up at their destination - the National Audit Office.

The loss, which led to an apology from Prime Minister Gordon Brown, created fears of identity fraud.

Clarkson now says of the case: "Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy."

Edited by Alan de Enfield
Link to comment
Share on other sites

12 minutes ago, koukouvagia said:

Get yourself a password manager like Lastpass.  There is no way I could remember the 166 complicated different passwords I need for the various sites I use.

Don't get too confident Jim. One of my Building Societies is trying to abandon passwords and are trying to persuade force me to provide a mobile phone number, so that they can text me a "once only" password which has to be entered before I can access my account. They do not seem to understand that whilst I do have a mobile phone, I have not used it since we sold the boat, and can never remember where it is or whether it is charged etc. Furthermore I have have never been able to work out how to  recieve text messages on it.

Link to comment
Share on other sites

21 minutes ago, David Schweizer said:

Don't get too confident Jim. One of my Building Societies is trying to abandon passwords and are trying to persuade force me to provide a mobile phone number, so that they can text me a "once only" password which has to be entered before I can access my account. They do not seem to understand that whilst I do have a mobile phone, I have not used it since we sold the boat, and can never remember where it is or whether it is charged etc. Furthermore I have have never been able to work out how to  recieve text messages on it.

Sounds like Nationwide.

That only applies if you use memorable data to log on, if you use one of their card reader devices, safer than memorable data, you only need your debit card and pin.

I have been using the card reader since it first came out, I wouldn't have a bank which relied on passwords for access.

Link to comment
Share on other sites

29 minutes ago, Athy said:

But as I don't have any "log-in details", because I don't use internet banking, they cannot be changed.

 

So confident!

 

You are the best type of prospect then, I'd suggest, as your internet banking service is just sitting there like a blank slate, waiting to be activated by someone malicious. 

 

And as mentioned in the thread earlier, you DO have internet banking, you are simply unaware of this fact. 

 

 

Link to comment
Share on other sites

5 minutes ago, Mike the Boilerman said:

 

So confident!

 

You are the best type of prospect then, I'd suggest, as your internet banking service is just sitting there like a blank slate, waiting to be activated by someone malicious. 

 

And as mentioned in the thread earlier, you DO have internet banking, you are simply unaware of this fact. 

 

 

What a vivid imagination you have!

I said, in post no.19, that I didn't use it, I suppose that it's possibly lying fallow somewhere in space.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.