In response to multiple demands for passwords many of us probably: write them down, use the same everywhere or (slightly better) have quite a good one for anything to do with finance but something pants and memorable for, say, this forum.
This gets screwed up when your splendidly clever 'qwerty' or 'drowssap' falls foul of restrictions -
"Your password should contain both UPPER and lower case letters, at least one numeral, should not contain any sequence of letters which spells the name of a flower, ruminant or member name from the Illuminati and should be changed every 2 weeks"
In comparison - the security question should be easy - both for you AND anyone with any knowledge of your life. Mother's maiden name is hardly secret but, at least, YOU might remember it.
Speaking to the helpline I was asked "What is the answer to your security question?"
I said "What question was that?"
"I cannot tell you."
"OK I think I get this - is it 'Rover'?
"Is that your answer?"
Me, suspicious, "Is it Miss Tomlinson?"
"Is that your answer?"
"No. My answer is probably 'Honda 50' I know it isn't a car but I've never had a car and I didn't have an answer I'd ever remember to 'What is my favourite number?' or 'Who was your High School Valedictorian'.
"Is that your answer?"
I finally plumped for an answer and was told it wasn't.
SO -
you don't just have to remember details of your life but, in some cases (?), which details you shared with these ghastly people who will often be subject to database hacking and require you to change all your passwords again because they can't keep them secure.
Posted on: 06 January 2015 by DrMark
I read an article about a study on passwords and the ability to crack them, and contrary to conventional website enforced wisdom that that you mentioned above, the best passwords were relatively long phrases along the line of "I love my SuperNait because it sounds great", or "My grandma makes the best lasagna in the world" or some such thing as that. I found their conclusion interesting inasmuch as I had not thought of that approach, and the insistence of many sites that you include a special character does not not fall into that model.
I had a good friend who suffered some identity theft years ago, and watching what she went through was enough to put terror in my soul at the thought of it ever happening to me.
Posted on: 06 January 2015 by Hook
Started looking for a password manager program about a year ago! and picked 1Password. It generates long random passwords for web site logins, and also securely stores credit card info for online transactions. To log in, I have to open 1Password by entering a master password on my local device. It is now the only password I have to remember.
It was pretty easy to set up and use on my Mac. Had to visit each and every password protected web site once to store my new passwords. The program also runs on my iPad/Pod, but is a bit clunkier to use due to some iOS issues (that will hopefully be improved in later releases).
After two cases of Internet-based identity theft in 2013, I was thankful for zero repeats last year. Was this due to be better password protection? Not sure, but am guessing it helped.
Hook
Posted on: 11 January 2015 by Bart
Originally Posted by anderson.council:
Similar to Hook but I chose Dashlane and have been happy with the results so far.
Scott
I've been using Dashlane for about a year now. I just wish it was a bit better integrated into iOS. I often have to exit the site or app I want to log into, to pull up Dashlane and manually copy the PW and then go paste it. In OS X and Windows it integrates virtually seamlessly.
Posted on: 17 January 2015 by Ebor
With password and proving-you-are-who-you-say-you-are problems being so rife as to have become a predictable trope of standup comedy, does anyone know why fingerprint recognition hasn't taken off?
It should be fairly cheap and easy to make a fingerprint recogniser about the same size as a smallish USB memory stick which you could stick into any USB port and, with some half-decent encryption, use it to log into anything without having to remember anything other than your finger. The fact that we haven't gone down this road suggests that either corporations don't want it, the general public don't like the idea for some reason, or it would be too easy to hack/fake for some reason I haven't spotted.
Anyone know why we are still stuck with the irritation and frustration of failing-to-remember-the-password situations?
Mark
