Jump to content

Password nonsense


rasputin

Featured Posts

2 minutes ago, Mike the Boilerman said:

I see you joke, but it's misdirected: I am quite serious when I say that I don't use on line banking.

I do use telephone banking. Do you feel that that's susceptible to fraud, too? The only way I can think of is someone ringing me and saying that they're from Lloyd's Bank, when in fact they are not, and suggesting some sort of alteration to my account details. This has happened a time or two, and I told the person that I'm busy and that I will ring the bank back in a while. When I did so, Lloyd's had no knowledge of the calls.

Link to comment
Share on other sites

1 hour ago, Athy said:

It is kind of you to explain; but it sounds very alarmist.

But as I don't have any "log-in details", because I don't use internet banking, they cannot be changed.

I agree that it's only posts on a forum, and I can't imagine Johnny Burglar assiduously ploughing through hundreds of posts on moorings, toilets and Brexit looking for someone to defraud! Especially Brexit - he'd fall asleep long before he had the chance to do anything naughty.

You only find it alarmist because it hasn't happened to you.  As others have said, you are a prime target for defrauding.  The fact you seem unable to comprehend how this could happen just makes you even more of a target.

Link to comment
Share on other sites

1 hour ago, Loddon said:

Sounds like Nationwide.

That only applies if you use memorable data to log on, if you use one of their card reader devices, safer than memorable data, you only need your debit card and pin.

I have been using the card reader since it first came out, I wouldn't have a bank which relied on passwords for access.

Yes, but the secret is in the term "memorable data" and I can remember all of mine.  I can also remember my pin, but why should I want to use a card reader and my card whilst sat at the computer? Just more junk to carry around and loose, apart from which I have to take my spectacles off to use the card reader, and put them back on to enter data into the coputer, which does not make matters any easier.

 

 

Edited by David Schweizer
Link to comment
Share on other sites

1 hour ago, David Schweizer said:

Don't get too confident Jim. One of my Building Societies is trying to abandon passwords and are trying to persuade force me to provide a mobile phone number, so that they can text me a "once only" password which has to be entered before I can access my account. They do not seem to understand that whilst I do have a mobile phone, I have not used it since we sold the boat, and can never remember where it is or whether it is charged etc. Furthermore I have have never been able to work out how to  recieve text messages on it.

I went to our doctors yesterday and a new sign has appeared. We are no longer able to accept cash as payments. All these numpties playing right in to the hand of the banks. When they have total control over all money the same eejuts will be complaining how charges have recently crept back into the banking system :banghead:

Link to comment
Share on other sites

2 minutes ago, David Schweizer said:

Yes, but the secret is in the term "memorable data" and I can remember all of mine.  I can also remember my pin, but why should I want to use a card reader and my card, just more junk to carry around and loose, apart form which I have to take my spectacles off to use the card reader, and put them back on to enter data into the coputer, which does not make matters any easier.

Card reader is more secure and you don't have to bother with text messages.

We have about 5 readers, one on the boat, one in the caravan, one in my bag and two in the bureau. They are not account or bank specific so I am still using one of my Barclays ones on my Nationwide account. 

Surely removing your glasses is easier than finding your mobile phone ;)

 

Link to comment
Share on other sites

4 minutes ago, Loddon said:

Card reader is more secure and you don't have to bother with text messages.

We have about 5 readers, one on the boat, one in the caravan, one in my bag and two in the bureau. They are not account or bank specific so I am still using one of my Barclays ones on my Nationwide account. 

Surely removing your glasses is easier than finding your mobile phone ;)

 

 Anything would be easier, especially as I have no idea where it is, and whether it is charged or has any credit. I have never used it since we sold the boat.

Link to comment
Share on other sites

The site password requirements 'Strong' a mixture of upper and lowercase characters, numbers and special characters minimum 8 characters, which somewhat plays to the old fashioned hard for humans easy for machines requirement rather than a longer more human friendly option, however it also fits with requirements for other sites.

 

From what I know if the algorithm put more focus on length, but equally it will accept 'B0at12345' as an option, so it doesn't have to be a 24 digit hexadecimal code.

 

It might be that we can reasonably drop the strength requirement to 'Fair' which would allow simpler combinations of password. But equally there is actually very little harm in the case of our site in writing down the password, unlike bank details, the risk of attack coming someone stealing items from without your home is very low. Even with bank details, depending how and where your right them, the risk of a local attack is far lower than from an  online source. 

 

 

Daniel

Link to comment
Share on other sites

It always strikes me that any malevolent agency wanting to crack someone's password  (e.g the KGB, nick norman, etc) is actually helped by these ever more complex and restrictive password requirements as people end up being forced to make a written record and hide it somewhere. Who here can honestly say they have not learned they HAVE to have a list of fifty or 100 usernames and passwords written down somewhere secret,for the day one needs to log into everything again after, say, buying a new computer.

 

So anyone truly determined to crack your password will probably just break into your house and have a good search for it, and perhaps sit down at your unpassword protected PC and have a search for a file called "passwords.doc" 

Link to comment
Share on other sites

47 minutes ago, Mike the Boilerman said:

It always strikes me that any malevolent agency wanting to crack someone's password  (e.g the KGB, nick norman, etc) is actually helped by these ever more complex and restrictive password requirements as people end up being forced to make a written record and hide it somewhere. Who here can honestly say they have not learned they HAVE to have a list of fifty or 100 usernames and passwords written down somewhere secret,for the day one needs to log into everything again after, say, buying a new computer.

 

So anyone truly determined to crack your password will probably just break into your house and have a good search for it, and perhaps sit down at your unpassword protected PC and have a search for a file called "passwords.doc" 

I have sort of overcome the 'write it down' idea by creating a password protected Word Document on the computer where I keep the passwords, so I only have to remember the one password. There are various 'password vaults' on the internet that you can supposedly use but I'm not totally convinced of the security of them so avoid them and just keep the information on my computer where I know where it is. If the computer is stolen I have this password protected Word document electronically stored elsewhere so I could go onto someone else's computer and change all passwords hopefully before whoever stole my computer had the chance to crack the password to the document.

 

 Rather than using the same password for internet use which is widely considered to be poor practice, I took advice of a computer geek to make it easier (for me). As an example take an easily remembered word, say 'Canal'. Replace the vowels with numbers of your choice so becoming 'C7n4l' then divide the password to become 'C7  n4l' and into the space put letters relevant to whatever the site is, so for here it would become 'C7CWDFn4l' which, whilst looking a complicated password, is actually reasonably easy to remember because it's logical. Just a thought:rolleyes:

Link to comment
Share on other sites

Passwords could all be tattoo'd upon your chest, written back to front, which means standing in front of a mirror to read them, '' extra secrecy''. You'd have to do the tattooing yourself though or a tattoo artist could rob you.

  • Greenie 2
Link to comment
Share on other sites

2 hours ago, doratheexplorer said:

You only find it alarmist because it hasn't happened to you.

- OF COURSE - JUST AS IT HASN'T HAPPENED TO MOST OTHER PEOPLE.

 

  As others have said, you are a prime target for defrauding. 

- CERTAINLY NOT - SEE DANIEL'S COMMENTS A FEW POSTS BACK.

 

The fact you seem unable to comprehend how this could happen just makes you even more of a target.

- I WOULD VERY MUCH DOUBT THAT; AND WHY DO YOU FEEL THAT I AM "UNABLE TO COMPREHEND"? I TRUST THAT YOU ARE NOT SUGGESTING THAT I AM STUPID OR OTHERWISE MENTALLY IMPAIRED.

 

Link to comment
Share on other sites

1 minute ago, doratheexplorer said:

1.  How do you know?  Hacking of online accounts is now extremely widespread.

2.  That's not what Daniel was saying.  Your problem is declaring online that you only use 2 passwords, not that you've written your password down.  Do you see the difference?

Oooh, you are a worrier aren't you? Do you really think that the readership of CWDF is studded with criminals ready to pounce on other people's bank accounts? Oh, and as I haven't written my passwords down, so no one except me knows what they are. Unless they are mind-readers they will thus have difficulty finding out.

   To re-use a word I mentioned earlier, "alarmist". I appreciate your concern, but don't worry so much! I promise that I won't if you don't

Link to comment
Share on other sites

3 minutes ago, Athy said:

Oooh, you are a worrier aren't you? Do you really think that the readership of CWDF is studded with criminals ready to pounce on other people's bank accounts? Oh, and as I haven't written my passwords down, so no one except me knows what they are. Unless they are mind-readers they will thus have difficulty finding out.

   To re-use a word I mentioned earlier, "alarmist". I appreciate your concern, but don't worry so much! I promise that I won't if you don't

https://dictionary.cambridge.org/dictionary/english/there-s-none-so-deaf-as-those-who-will-not-hear

 

Do you remember when I showed you just how easy it is to pull together all kinds on online information on you?  Your ignorance of this stuff is obvious.

Edited by doratheexplorer
  • Greenie 1
Link to comment
Share on other sites

I'd avoid Yahoo email accounts too, or if you have one change your password very frequently. Pretty corrupt. I keep getting sprurious emails from some friends and relations with Yahoo accounts where their contact lists have been compromised which I delete immediately and then email them to warn them.

Link to comment
Share on other sites

32 minutes ago, doratheexplorer said:

 

 

  Your ignorance of this stuff is obvious.

Not so, but I regret to say that your lack of manners is. Please post in a civil way - which does not include suggesting that any fellow member is ignorant.

 

However, assuming that despite appearances you are trying to be helpful, I will ask you to explain this: as I don't do internet banking, I have no password which relates to my bank account. How, then, could the knowledge of my password(s) help some hobbledehoy to break into my account? 

Edited by Athy
Link to comment
Share on other sites

1 hour ago, Wanderer Vagabond said:

I have sort of overcome the 'write it down' idea by creating a password protected Word Document on the computer where I keep the passwords, so I only have to remember the one password. There are various 'password vaults' on the internet that you can supposedly use but I'm not totally convinced of the security of them so avoid them and just keep the information on my computer where I know where it is. If the computer is stolen I have this password protected Word document electronically stored elsewhere so I could go onto someone else's computer and change all passwords hopefully before whoever stole my computer had the chance to crack the password to the document.

 

 Rather than using the same password for internet use which is widely considered to be poor practice, I took advice of a computer geek to make it easier (for me). As an example take an easily remembered word, say 'Canal'. Replace the vowels with numbers of your choice so becoming 'C7n4l' then divide the password to become 'C7  n4l' and into the space put letters relevant to whatever the site is, so for here it would become 'C7CWDFn4l' which, whilst looking a complicated password, is actually reasonably easy to remember because it's logical. Just a thought:rolleyes:

All of that is exactly what I do. Also on sites that need me to change the password monthly, I include a reference to the month (incidentally it is not just the number 1-12)

Link to comment
Share on other sites

58 minutes ago, doratheexplorer said:

https://dictionary.cambridge.org/dictionary/english/there-s-none-so-deaf-as-those-who-will-not-hear

 

Do you remember when I showed you just how easy it is to pull together all kinds on online information on you?  Your ignorance of this stuff is obvious.

That is a rather confident claim. I think most people will agree that I have a less than common name, but I doubt whether you could find very much about me, except my membership of Canal World Forum, and possibly my published research work on an obscure specialist area of historic technology, and then only if you knew where to look.

 

 

Edited by David Schweizer
Link to comment
Share on other sites

28 minutes ago, Athy said:

Not so, but I regret to say that your lack of manners is. Please post in a civil way - which does not include suggesting that any fellow member is ignorant.

 

However, assuming that despite appearances you are trying to be helpful, I will ask you to explain this: as I don't do internet banking, I have no password which relates to my bank account. How, then, could the knowledge of my password(s) help some hobbledehoy to break into my account? 

You have PayPal, I think. My PayPal account got hacked a month back, no idea how and they won't tell me. Password was unique and unbreakable. First I knew about it was an email telling me £2000 had been transferred to BetFair. As my PP account was linked to my bank, the money was about to be withdrawn. While standing on the boat roof to get a signal I managed to get through to the bank, cancel the PayPal DD and stop the payment going out. PayPal never answered the phone but after I reported it as a fake transaction they repaid the 2 grand they hadn't taken back to my bank account, which they then couldn't take back as the DD was cancelled! Took weeks to sort out. 

  • Haha 1
Link to comment
Share on other sites

Just now, Arthur Marshall said:

You have PayPal, I think. My PayPal account got hacked a month back, no idea how and they won't tell me. Password was unique and unbreakable. First I knew about it was an email telling me £2000 had been transferred to BetFair. As my PP account was linked to my bank, the money was about to be withdrawn. While standing on the boat roof to get a signal I managed to get through to the bank, cancel the PayPal DD and stop the payment going out. PayPal never answered the phone but after I reported it as a fake transaction they repaid the 2 grand they hadn't taken back to my bank account, which they then couldn't take back as the DD was cancelled! Took weeks to sort out. 

There have been a number of security issues with both PayPal abd ebay recently, and somehow they seem to be linked with thier association with Nectar card. I know it is small fry, but they managed to empty my Nectar card account through PayPal, I contacted PayPal who denied all knowledgem[, but the points returned within 48 hours, I have now disabled the link between them and Nectar.

Link to comment
Share on other sites

9 minutes ago, David Schweizer said:

That is a rather confident claim. I think most people will agree that I have a less than common name, but I doubt whether you could find very much about me, except my membership of Canal World Forum, and possibly my published research work on an obscure specialist area of historic technology, and then only if you knew where to look.

 

 

Quite possibly.  I haven't tried.  Finding all about Mr Athy was very easy though.

Link to comment
Share on other sites

3 minutes ago, doratheexplorer said:

Quite possibly.  I haven't tried.  Finding all about Mr Athy was very easy though.

I am flattered, dear Madame, that you found me so interesting.:D

 

 

 

(More likely, after pursuing your investigation, you concluded that I wasn't very interesting after all).

Edited by Athy
Link to comment
Share on other sites

24 minutes ago, Athy said:

I am flattered, dear Madame, that you found me so interesting.:D

 

 

 

(More likely, after pursuing your investigation, you concluded that I wasn't very interesting after all).

I'm not an identity theif so...

 

And I'd prefer if you didn't speculate on my gender.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.