-
1
07/29/09 | Reported as spam
Keeping Passwords
I have about 50 passwords and some need to be changed as ofter as once a month. Several need to be 12 characters of varies forms. There is no way to keep that all in my head. In desperation I looked at many password programs. More than 20.
Roboform has my vote. I've used it for about a year now. It has secure notes for those passwords and ID's that are not able to be saved automatically like some bank sites. It has never failed me. Well worth the money. As an added benefit it fills in web forms at a single click. I wouldn't be without it now. I even own the portable USB version. I buy the licenses as gifts because I find it so useful.
-
2
07/29/09 | Reported as spam
RE: How to avoid the '500 worst passwords of all time'
Patrick,
Thanks for the note and info. Roboform is what I am considering. Seems worth the money...J
-
3
07/30/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
I can say that none of my 66 current passwords nor any of the 53 retired one are on the list. Some are close, but only a part of the actual password. I do have some relatively simple passwords/PIN #'s I have been changing some to more complex ones or ones that can't be figured out immediately--such as Sarah Palin's were.. If I have a city name, it will part of my former address, etc. License plate numbers are used or variations on them, such as adding the state name, especially if you no longer live there.
I use a Password protected Excel Spreadsheet, it doesn't populate any webforms, but is free and easy to use.
-
4
07/30/09 | Reported as spam
RE: How to avoid the '500 worst passwords of all time'
One of my favorite methods is one of several vulgarisms in German, Spanish or Italian. It's easy to remember, and when the capitalization is off by a couple of characters, it's difficult to crack.
-
5
07/30/09 | Reported as spam
RE: How to avoid the '500 worst passwords of all time'
Your Sarah Palin example doesn't work. It wasn't the strength of the password used, it was Yahoo's crazy password reset process. No website should make it so easy to access that information.
-
6
07/30/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
Roboform may well be great. But I'm a tightwad. I use the free KeePass and it works very well for me.
-
7
07/30/09 | Reported as spam
1Password for MacOS X
I originally used Gator until it became annoyingware, then switched to
RoboForm, however, there's no RoboForm for Mac, so I was pretty
happy when 1Password for MacOS X arrived.
-
8
07/30/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
I looked at the list of PWs and I thought that 1q2w3e4r5t6y would have made it up there. But oh well.
But going on how to avoid passwords. Try to think of the two most random things and stick them together.
EX: tvtree, windowbag, phonestick, etc
Also another thing is to add random #s and Caps inside of it.
EX: TvtReE, wiNd0WBag, pH0NEsT1ck, etc
One more things is to spell them in a different way.
EX: tveetrie, whinndoowbaag, foonstiic, etc
So all together and you got a hard password.
-
9
07/30/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
30 passwords? 50 passwords? monthly changes? Independently from my different 'identities/user names' (yahoo!, google, msn, work, ...), I have only 3 different passwords. The 1st one is 'private-private': personal email, amazon, paypal, banks. The 2nd one is 'private-professional': it is used on my company's network, and can be reset by the network administrator. Le last one is 'default public password', very useful for all these sites where subscription is mandatory. I woudl give the 3rd one to everybody close to me, from my children to my assistant. The second one does not need to be given to anybody, as it can be reset. The 1st one is written down on a piece of paper, sealed in an envelop, to be open after I am dead ...
-
10
07/30/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
I just came up with an algorhythm that utilizes the name of the website requiring a password. For example, for this site, I'd use smartxxx99, where the xxx99 is the same for every website. For CBS.com, the password would be cbsxxx99. I just don't share the xxx99 with anyone so it is easy to remember 100's of passwords without having to pay for software like Roboform.
-
11
07/30/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
I can't believe they forgot "iamgod"
every sysadmin knows that one...
-
12
07/30/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
Roboform may be very good; I wouldn't know as I have never tried it, but I suggest you do consider the free and open source password manager KeePass Password Safe. I use it to manage dozens of passwords: http://keepass.info/
and have found it to be excellent.
"What is KeePass?
Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your homepage's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, homepage, etc. Unimaginable.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page. " BRgds, Peter
-
13
07/31/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
I always use an easy to remember sentence, then substitute numbers for one set of the letters.
I might sub 1 for all the "I"s, 0 of "O", 5 of "S" and similar. I like working the word "ate" into it, subbing the singular 8 for the whole word.
I write the sentences out as you would normally, including punctuation. This helps people remember where any capital letters are, at the start and in any proper nouns.
Examples:
Y0u f0rg0t the passw0rd already!?
Who 8 all the 1cecream?
Plea5e don't abu5e thi5 5erver.
If spaces are not allowed I simply eliminate them.
I've yet to have anyone forget their password/phrase. Most of them are wireless keys btw. I'll make a much shorter statement for windows user passwords, for eg:
B0nny r0ck5!
If you make the phrase appropriate to the user (or deployment) you don't have to write it down, just the nature of the substitution(s) o - 0, s - 5 for to above example.
-
14
07/31/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
One system admin I knew was into trivia. He liked to use passwords that reminded him of things. Such as 56HDW63 being the years rein of some famous person.
Something I do (Im also a system admin) is keep lists. But even my lists, or password manager programs, dont actually list the password itself. On some sites involving giving them an account of credit card it will say "money" which is NOT the password but only a reminder that I used my really hard to figure out money password there. On other sites that I happen across and am not sure I will ever come back to.it will say "password" which is NOT the password but will tell me I used my junky default password there. No offense but this site was one of those and I was real surprised that I was able to login. 
ANY storage list of passwords is still keeping a list where it can be snagged from you. I would recommend using this trick to remind yourself without actually writing the password.
OH and on those security questions, I have complete sets of answers that I use which do not match my real answers.
-
15
07/31/09 | Reported as spam
RE: How to avoid the '500 worst passwords of all time'
A very good and FREE {open source} solution is keepass, It allows for storage and creation of passwords and many bits long as you need, Key generation is customizable as well. Its all stored in a very secure database. You set the size type of encryption etc.They have versions for every major OS including black berry, windows Mobil and many others. The new version allows for you to host the file on a secure site and divvy out access to it. You ca use a password, a key file or both to get in. One of the nifty features is the auto type feature and a scripting feature. It allows for password entry as well as many other tasks to be recorded or scripted. So easy a cave man could do it.
-
16
07/31/09 | Reported as spam
RE: How to avoid the '500 worst passwords of all time'
Great article, John.
I use LastPass plugin for Firefox to remember my hundreds of passwords. As far as creating passwords, I've written several articles on the topic. One good method is simply to come up with a meaningful phrase and then convert it a string of characters. Here?s one: I drive 33 miles round-trip each day. (Notice I included numbers and a dash.) That could become id33mr-ted. Make some of the characters uppercase: iD3#mR-TeD (I made every other character uppercase ? easy to remember). You get the idea.
You can check out one of my main articles "How to Write Down Your Passwords and Not Worry About Anyone Stealing Them" at http://bit.ly/106ha9 .
-
17
07/31/09 | Report as spam
"passwords are teh suck"
Security in its current forms is inherently user unfriendly, and as such, will be
implemented badly by most people. Passwords and secrecy in general are direct
reactions to conflict and anonymity. If anonymity can be lessened and the incentive for
attack can be removed - friendlier forms of gatekeeping can finally be utilized.
-
18
07/31/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
I can't get to the 500 items.
The server times out.
dmaesc
-
19
07/31/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
Yep everyone wants to know if their password is on the list. I couldn't get in either.
I've used PasswordWiz and was happy with it, but it doesn't work on several of the new sites using Flash. I've not counted my passwords but it long ago surpassed the century mark so I need help and want the convenience of a pw manger. Some have suggested "systems" which work as long as no one wants to crack them. The most secure is random character sets and the longer the better.
Having managed the admins for some very large secure networks I've been amazed at the nonchalant use of passwords by top management as well as admins. As a consultant I've entered systems simply by extending the systematic password patterns given to users.
On top secret sites we have used external key generators, but that is more than most people want to use. The best thing about passwords is that it keeps nosey people out of your space.
-
20
07/31/09 | Reported as spam
RE: How to avoid the '500 worst passwords of all time'
I disagree with the author if by saying a good password is "easily
recalled by its owner" he means "easily remembered". A good (i.e.,
"strong") password should be a random string of upper and lowercase
letters, numbers, symbols, and punctuation marks. Most people can't
remember multiple such passwords. But there are tools that can help
them, such as desktop password software (1Password, Keepass,
PasswordSafe, SignUpShield, Roboform, etc.), USB password drives
(IronKey, ID Vault, etc.), and standalone devices (Atek Logio Secure
Password Organizer, Mandylion, etc.). If by "easily recalled" the author
meant by the use of a tool such as these, then I agree...of course.
-
21
08/02/09 | Report as spam
Proof-reading would be nice
I wouldn't mind the occasional grammatical, orthographical, lexical or other mistakes, but 6.5 in such a short article tops it. I'm not a native speaker, but would say my English is good enough to spot these. A bit more journalistic care would be good. Elsewhere I saw those it's/its, their/they're again...
[ ] meaning that was missing, { } meaning that was too much.
1) Number 496 is a ?mistress? although I don?t [know] if the owners...
2) ...about 50% of passwords are passwords [that] are ?based on names of a family member...
3) I have far to[o] many for that..
4) He also avoid[s] passwords hints such as boyhood dog...
5) I tried {a} something called a secure login called vidoop... -- nice doubling up
6) Some of the advice is {is} obvious, but worth repeating.
I said 6.5 mistakes above, because I'm not 100% sure about this one:
6.5) ...although I don?t if the owners lean toward[s] kept women or...
-
22
08/03/09 | Report as spam
@ invenio
You missed some - I found 10, and that was with me missing your first example. So you were kind - I'd say there were at least 11 typos in it. Not being nitpicky, but it really does make it a slog to read through.
-
23
08/05/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
Invenio,
I believed ALL the dropped words and typos are fixed....fixed them several days ago.
--JD
-
24
08/06/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
Sounds like overheated paranoia to me
-
25
08/06/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
I have used AnyPass Pro for several years for all my contact info: passwords, telephone numbers, etc. I have [probably] 150 passwords. The software can be password protected, so I feel reasonably safe. In addition to my computer, the software can be run on a flash drive without any special tricks needed.
For a password, I usually use two words with a numeral between them, and I change every password annually - as I encounter it after the new year. I usually use a string of 7-9 characters in a password. Sometimes, I use the "=" or "+" or another symbol as well as a numeral.
I also have a collection of logon IDs that I use, switching them around irregularly. I keep a list of these logons in AnyPass, so that I don't repeat a logon closer than three years. I make sure to never use a logon as a password [or vice versa].
-
26
08/07/09 | Reported as spam
RE: How to avoid the '500 worst passwords of all time'
I HAVE FOUND THAT USING SYMBOLS IN THE FRONT, FOLLOWED BY PART CAPS, PART LOWER CASE, AND FINISHING UP WITH ANOTHER SYMBOL WILL DEVELOP A " STRONG " PASSWORD.
-
27
08/07/09 | Reported as spam
RE: How to avoid the '500 worst passwords of all time'
I use Roboform and in my opinion it has been one of my smarter purchases. I generate a unique password for all of my password protected sites so there can be no cross-contamination.
I also take security one step further when logging onto a bank site. I open up a completely new browser, not merely a new tab, then transact whatever I need to do and then close that browser completely. I will never go to another site from a browser that I opened for a bank transaction. It is so easy to do this simple security procedure that there is no reason not to do so.
-
28
08/07/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
Using a sentence is probably the simplest to remember and you can add some more complexity by substituting a number or symbol that is similar to a letter. For example, use the sentence, "Mary is the woman I will love for eternity." A password could be, Mitw1wl4e or M1TwIl$e. note that by using shift or a number, you can make these powerful and nearly impossible to guess.
-
29
08/07/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
Oh, and I use Password Plus on my Palm Treo to manage the dozens of passwords I need for person and business use.
-
30
08/07/09 | Report as spam
sjeffreya
I swear by RoboForm Pro. I just checked my passwords before writing this and on this rig I have 364 passwords. Plus RF generates passwords depending on length, numeric, alpha, characters and symbols. It also gives your bit score of your what combinaion is. Some sites don't allow more than 10 charachters. Allot don't allow charachters and symbols. With RoboForm nothing is hard. Just click your cursor on your choice say, alpha-numeric choose your length and hit generate. If that one doesn't tickle your fancy keep generating until you come across one you like. Then hit fill and your new password automatically fills itselfs in. No excuse not to update your heavily trafficed sites reguallarly. Oh one thing. Unless your writing passwords down. Back up, Back up, Back up!
-
31
08/08/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
I should clarify my remarks to say that I am using RoboForm Pro, not the free edition. It was well worth the money.
-
32
08/09/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
I can say that none of my 66 current passwords nor any of the 53 retired one are on the list. Some are close, but only a part of the actual password. I do have some relatively simple passwords/PIN #'s I have been changing some to more complex ones or ones that can't be figured out immediately--such as Sarah Palin's were.. If I have a city name, it will part of my former address, etc. License plate numbers are used or variations on them, such as adding the state name, especially if you no longer live there.
I use a Password protected Excel Spreadsheet, it doesn't populate any webforms, but is free and easy to use
-
33
08/11/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
The latest embarrassment was on Twitter as one of their admin account has the password "password" which make it pretty easy to hack.
There can be a whole book written on managing password for corporations. They have to change the password often as people change departments, their security levels are changed or they leave the job.
Dating for professionals singles
-
34
08/14/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
Although I use RoboForm Pro at home, I change my password at work at the beginning of every month and don?t write it down anywhere. I have three picture calendars on my walls: this month, last month and next month. Using the calendars as visual tools, I create a related phrase, and then condense that down to an 8 character strong password. For example, last month one of my calendars had a picture of a wolf cub coming out of a wooded area, so my phase was ?are you sure?? My password became: a5usU3? One of my best was a picture of a Tufted *** mouse on a lilac bush, my phrase was ?Mine aren?t purple? pw: m1r?tpu3. It?s my way to add a bit of fun to my job and secure my employer?s data.
-
35
09/09/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
use all the tips given above
-va
-
36
09/29/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
I've been using Roboform for about three years now and I love it. I put it on every computer I get. It's well worth the money and will save you a lot of time. I'm paralyzed on the left side so it's a pain for me to type. Roboform saves me all of that. I highly recommend it.
-
37
10/09/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
For those of a mathematical bent
Password generator -
My house ( or street, or age etc.) number times (or add, divide, etc.) my house ( or street, or age etc.)does not equal 100 (or any other number you like.
So my password could be 59Times96>=480.
I find numbers just easier to remember...
-
38
10/13/09 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
thx
-
39
01/04/10 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
RE: How to avoid the '500 worst passwords of all time'
I use Roboform and in my opinion it has been one of my smarter purchases. I generate a unique password for all of my password protected sites so there can be no cross-contamination.
I also take security one step further when logging onto a bank site. I open up a completely new browser, not merely a new tab, then transact whatever I need to do and then close that browser completely. I will never go to another site from a browser that I opened for a bank transaction. It is so easy to do this simple security procedure that there is no reason not to do so.
-
40
01/04/10 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
RE: How to avoid the '500 worst passwords of all time'
I have used AnyPass Pro for several years for all my contact info: passwords, telephone numbers, etc. I have [probably] 150 passwords. The software can be password protected, so I feel reasonably safe. In addition to my computer, the software can be run on a flash drive without any special tricks needed.
For a password, I usually use two words with a numeral between them, and I change every password annually - as I encounter it after the new year. I usually use a string of 7-9 characters in a password. Sometimes, I use the "=" or "+" or another symbol as well as a numeral.
I also have a collection of logon IDs that I use, switching them around irregularly. I keep a list of these logons in AnyPass, so that I don't repeat a logon closer than three years. I make sure to never use a logon as a password [or vice versa].
-
41
01/06/10 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
i usually mix letters and numbers and rumble or mix them to be able to play safe.
-
42
02/01/10 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
The most clever system I've read about is to start with a decent, short, easy-to-recall password, tack on a numeral or two, and then add on the name of the website, which you don't need to memorize because it's right there in the URL. (The number is there to satisfy those sites that require at least one numeral.)
For example, with your 12-year-old dog's name "Fido" as the base text, the password for this site could be Fido98smartplanet. On Yahoo, it's Fido98yahoo, on hotmail it's Fido98hotmail, etc. Easy to remember, long enough to be strong, and the numeric characters should stymie even the most determined "dictionary" attack. This lets you give each of hundreds of websites a unique, lengthy, nonsense password, without ever having to write one of them down.
-
43
02/02/10 | Report as spam
RE: How to avoid the '500 worst passwords of all time'
sir!
plz recovery my hotmail password my email is hacked.my email id is mehwish_shah_85@hotmail.com.previous password is meh@wish and previous secrat question answer is biryani.my current id is riz_nb_hotmail.com.plz help me as soon as possible
