cancel
Showing results for 
Search instead for 
Did you mean: 

Passwords and the like...my finger's sore!

Luzern
Seasoned Pro
Posts: 3,077
Thanks: 274
Fixes: 2
Registered: 31-07-2007

Passwords and the like...my finger's sore!

Yep, I know all about not using the same password, making it an alphanumeric, capital, lower case, symbol mix. Of course, unless you are memory man, they're so easy to forget, so naughtily they're kept somewhere.

I needed to put a wireless key on my printer.

How crazily long some are! I don't mind up to a dozen digits to key, but the wireless key for my router has 16. That's no great hassle with a keyboard and screen, but with a small touch screen on a multi function it's no fun for fat fingers, that stray to adjacent keys.

I just cannot see how passwords of such length do not yield much diminished additional security over those somewhat shorter.

Your thoughts?

No one has to agree with my opinion, but in the time I have left a miracle would be nice.
20 REPLIES
Community Veteran
Posts: 5,151
Thanks: 1,054
Fixes: 3
Registered: 06-11-2014

Re: Passwords and the like...my finger's sore!


Luzern wrote:

Your thoughts?


 

They'd be censored...

Community Veteran
Posts: 26,638
Thanks: 869
Fixes: 10
Registered: 10-04-2007

Re: Passwords and the like...my finger's sore!

I have in excess if 200 different passwords - but I only actually have to remember one. None of them are written down anywhere and I carry them with me everywhere. Many of them a long, but I rarely have to key any of them myself.

https://keepass.info/

I keep a copy of the database on a USB stick attached to my front door key and it is also backedup to Google drive.

 

jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Luzern
Seasoned Pro
Posts: 3,077
Thanks: 274
Fixes: 2
Registered: 31-07-2007

Re: Passwords and the like...my finger's sore!

@jelv We're not all perfectionists. Grin  However no matter how passwords are dealt with, too long ones needing to be input do add to the danger of wrong keying frustrations. Are those as long as my routers key really needed?

I'll have a look at keypass, but keeping a database with my door key, I'd still need to keep details somewhere else too. I'd be likely to lose the door key.Crazy

No one has to agree with my opinion, but in the time I have left a miracle would be nice.
jab1
All Star
Posts: 1,802
Thanks: 380
Fixes: 6
Registered: 24-02-2012

Re: Passwords and the like...my finger's sore!

@Luzern Have you thought of using a stylus?  I don't have a smartphone, to me a phone is a phone, but I do have an iPad, and use the stylus for data entry or when using the pad for extended periods. This saves my slightly arthritic fingers and reduces the amount of grease on the screen as well as ensuring more precise control.

John
Community Veteran
Posts: 3,331
Thanks: 286
Fixes: 3
Registered: 05-04-2007

Re: Passwords and the like...my finger's sore!

At my old company on Active Directory, they implemented a 3 strikes and you're out rule. Your account is locked, and you had to ring IT to get it unlocked.

IT were very good, but the amount of times they had to be called was insane.

Fine if a company wants to have a draconian policy, but it is the IT people who suffer.

Community Veteran
Posts: 6,396
Thanks: 513
Fixes: 46
Registered: 30-07-2007

Re: Passwords and the like...my finger's sore!

+1 for keepass. It means you can easily use different long random passwords for each account . The ONLY site that gives me problems is the PlusNet mobile one, it won't allow pasting of the password!

Community Veteran
Posts: 3,331
Thanks: 286
Fixes: 3
Registered: 05-04-2007

Re: Passwords and the like...my finger's sore!

I'm not sure I trust these sites with my password. I prefer the olde approach of just keeping a file local (not on the internet) and printing if off. That's what I have done recently, just created a quick and easy Excel sheet.

I've had one site I had to change my password to? Why? Their databases got hacked and peoples passwords were found. The company didn't encrypt them too. Oh dear, (One for the PlusNet Devs). Roll eyes

Even if they did, MD5 can be hacked. When I ran a site a few years ago I actually tried it and it worked. Note to the Police I didn't do anything with them. Mainly because I was bored and being the site admin I could take the encrypted password from the database and decrypt it.

I don't know PHP very well, but I am sure I could have modified the source quite easily to bypass any encryption and looked at my own database too.

I think @jelv has the right idea, keep a separate one for each account. As much of a pain it is to do. So if a company gets hacked (it has happened before, and will happen again),  so say for example I found out someone's password for here. It would only work on here not anywhere else,

Luzern
Seasoned Pro
Posts: 3,077
Thanks: 274
Fixes: 2
Registered: 31-07-2007

Re: Passwords and the like...my finger's sore!


jab1 wrote:

@Luzern Have you thought of using a stylus?  I don't have a smartphone, to me a phone is a phone, but I do have an iPad, and use the stylus for data entry or when using the pad for extended periods. This saves my slightly arthritic fingers and reduces the amount of grease on the screen as well as ensuring more precise control.


After I'd conquered my desire to throw a tantrum, I thought to use a pencil: even the rubber ended styluses would be too wide for the multifunction.

I wonder why no one has said anything yet about password excessive length! Surely the security benefit must be a diminishing return.

No one has to agree with my opinion, but in the time I have left a miracle would be nice.
jab1
All Star
Posts: 1,802
Thanks: 380
Fixes: 6
Registered: 24-02-2012

Re: Passwords and the like...my finger's sore!

I don't know know what size your keyboard is, @Luzern, but I'm guessing it must be as big, if not bigger than that on an iPad Mini, and  I have no problems with using a stylus.

John
Community Veteran
Posts: 26,638
Thanks: 869
Fixes: 10
Registered: 10-04-2007

Re: Passwords and the like...my finger's sore!

@Alex


Alex wrote:

I'm not sure I trust these sites with my password. I prefer the olde approach of just keeping a file local (not on the internet) and printing if off. That's what I have done recently, just created a quick and easy Excel sheet.


How do you encrypt the Excel spreadsheet and keep it secure and why do you think that is better than using something like Keepass to store your passwords in a local file which very securely encrypts the file?

 

  • KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these ciphers are regarded as being very secure. AES e.g. became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information.
  • The complete database is encrypted, not only the password fields. So, your user names, notes, etc. are encrypted, too.
  • SHA-256 is used to hash the master key components. SHA-256 is a 256-bit cryptographically secure one-way hash function. No attacks are known yet against SHA-256. The output is transformed using a key derivation function.
  • Protection against dictionary and guessing attacks: by transforming the master key component hash using a key derivation function (AES-KDF, Argon2, ...), dictionary and guessing attacks can be made harder.

 

jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Community Veteran
Posts: 5,237
Thanks: 1,321
Fixes: 31
Registered: 16-10-2014

Re: Passwords and the like...my finger's sore!

The length of the password makes it exponential in time and effort to crack for each character added so the longer the password the better. But as noted earlier remembering these is hard, so that is where the role of the password manager comes in, and as this has been discussed before you have to trust your password manager not to leak this information.

Community Veteran
Posts: 5,237
Thanks: 1,321
Fixes: 31
Registered: 16-10-2014

Re: Passwords and the like...my finger's sore!

Excel spreadsheet security is (or was) trivial to break. User A could create a password protected spreadsheet in Excel on Windows and User B could then open and edit it using Open / Libra Office on Linux without knowing the password. Things may well be different now but the last time I did it it was only a few years ago!

Community Veteran
Posts: 17,320
Thanks: 1,376
Fixes: 16
Registered: 06-11-2007

Re: Passwords and the like...my finger's sore!

I read a report a few days ago, that  15% of men use the word  "password" as their password... ! !  Roll eyes

jab1
All Star
Posts: 1,802
Thanks: 380
Fixes: 6
Registered: 24-02-2012

Re: Passwords and the like...my finger's sore!

Most sites where you have an 'account' require a username/password combo so it knows who you are, logically.

For me, and I've never had a problem (fingers x'd) if the site holds no sensitive data on me, I use a simple combination - who would want to hack into my Funtrivia Quiz account? - but any which do hold sensitive data have MUCH stronger, minimum 10 character alpha/numeric/&c. string.

My protected Firefox password list stores most, but not all of them and I  also have a written record.

John