Are your passwords as "secure" as you think?

[SuperFerret]

Many years ago I was teaching high school students some computing courses. Some students were always mischievous and regularly asked what the system password was. I repeatedly told them that the password was secret. None of them ever twigged that I was actually telling them the password.

Doubt that would be the case these days.

I did something similar when I had to lockdown a spreadsheet, people kept asking what the password to unlock the cells was and I responded "I dont know" every time... they never tried entering Idontknow and subesquently never got in!

 

[Domski]

I think I'm up to about 15 work passwords. I use an encrypted password keeper for keeping track of the harder ones to remember that I don't use so often and never use the 'add a new number to the end' method.

I then have a general password that I use for places that I don't really care if people get into like this and individual passwords for each of my email accounts, online banking etc etc.

I know where most of the people in my office keep the piece of paper or Excel doc with their passwords, must have some mischief some time

 

[MrKowz]

I then have a general password that I use for places that I don't really care if people get into like this and individual passwords for each of my email accounts, online banking etc etc.

You don't care if people get into your online banking?

 

[Expiry]

I actually had to request a new password for some webhosting today and they emailed it to my yahoo email account. I suddenly realised that any password is only as secure as my email password. If someone got into my yahoo email, they could request all of my other passwords to be reset, no bother.

Particularly as any accompanying security question is easily answered - mother's maiden name, first school etc.

 

[MrKowz]

I actually had to request a new password for some webhosting today and they emailed it to my yahoo email account. I suddenly realised that any password is only as secure as my email password. If someone got into my yahoo email, they could request all of my other passwords to be reset, no bother.

Particularly as any accompanying security question is easily answered - mother's maiden name, first school etc.

That's why you give those questions some really obscure, off-the-wall, answer, like:

First school:
School of Hard Knocks

Mother's Maiden Name:
Jingelheimer-schmidt

First pet:
Folgers Coffee

Street you grew up on:
Asphalt

 

[TinaP]

That's why you give those questions some really obscure, off-the-wall, answer, like:

First school:
School of Hard Knocks

Mother's Maiden Name:
Jingelheimer-schmidt

First pet:
Folgers Coffee

Street you grew up on:
Asphalt

Then the answers are just as hard to remember as the passwords.

I like the sites that allow you to create your own questions. I usually use stuff like "Which teacher did you dislike the most?" I have one application where I had to pick three questions and most of them were family related. I'm an unmarried only child. I don't have kids, siblings or in-laws. I had to make up fake siblings. I hope I don't have to answer the questions for that application, because I don't remember their birth months or names, for that matter.

 

[Domski]

You don't care if people get into your online banking?

Very much so which is why I have individual passwords for each one!!!!

 

[MrKowz]

Very much so which is why I have individual passwords for each one!!!!

I misread what you said. My apologies

 

[Cindy Ellis]

My dad's cable internet tech support has only 2 challenge questions to reset a password, and they're both ridiculous...
What's your favorite restaurant?
and
What's your favorite music group?

These seem like bad questions for anyone, as these change over time, but really...my dad is 80 years old. Favorite music group...maybe the church choir? Favorite restaurant...whoever has the best senior discount? And trying to remember the answer he have 10 years ago when he signed up for it? Impossible.
They wouldn't let him continue without giving an answer, which he hadn't written down, so I ended up spending 45 minutes with him and tech support on the line to get his access back so he could do his online banking.

 

[RichardS]

I have a file with 92 passwords in it, mostly work related passwords for various web sites and a multitude of applications. My passwords for on-line banking, both for work and personal, are not recorded anywhere, but they don't force you to change them.

Our network passwords are no longer required to be changed, as the view is that if people have to change them every month, they will write them down. Tried to convince a statewide finance deployment that this was a good idea, but they didn't agree.