#Password Security
Text
Someone just asked me about password systems that work without password managers (for those who simply don't trust them). My advice is based on this XKCD comic, but modified because now most password systems require a capital letter, a number, and a special character in addition to at least 12 characters overall. Here's how I do it.
You still want the phrase with the common words. At least one of those letters has to be a capital, and I tend to capitalize the first letter of the word; maybe that can be easily figured out by a computer, but I think the higher number of entropy points takes care of that. So, with the words from the comic, you'd have:
CorrectHorseBatteryStaple
Then you decide which one of those letters is a number. Every time you use the phrase it should be the same one so it's easy for you to remember. Example, you could say: the first o is always a zero/0. Or, with this particular phrase you could even say that all the o's are zeros since there are only two. Now we have:
C0rrectH0rseBatteryStaple
I always put the special character needed at the end of the phrase.
C0rrectH0rseBatteryStaple?
You want all passwords to be unique, which is hard, but this system still works for that because now you add one final thing to the end: the name of the thing being logged into. Examples:
C0rrectH0rseBatteryStaple?Amazon
C0rrectH0rseBatteryStaple?Gmail
C0rrectH0rseBatteryStaple?Spotify
Using a 4 word passphrase can get long! And if you're adding the name of the service to the end, that still creates many points of entropy, meaning your core passphrase can be shorter. So:
C0rrectBatteryStaple?Amazon
C0rrectBatteryStaple?Gmail
C0rrectBatteryStaple?Spotify
Remember to decide if service names will have a capital letter in front or not. I like doing that as it adds another capital. But choosing all lowercase is fine, too.
For systems that force you to change passwords and to create a new one each time you change, I suggest changing the special character. And keep a list of the special characters and the order you use them in. Like so:
?
!
@
&
and on and on. Having that saved somewhere won't tip off password stealing jerks cuz it's just a list of punctuation.
Another thing I like about this system is that it means you can keep a digital or paper list of passwords and still not worry if it falls into the wrong hands because you don't put the full password on there, you put:
?Amazon
?Spotify
!Gmail
Because you can likely remember the passphrase easily, whereas you might have trouble with the less easy to remember service names (like ones you log into maybe once a year or something).
Hope that's useful!
38 notes
·
View notes
Text
USER: BIRKIN.W
Passwords may not contain employee identifying information. The password 'wesker4william' is invalid. Please choose a new password to access the lab system.
37 notes
·
View notes
Text
The LastPass hack in November was much worse than we were initially led to believe. Catastrophically worse. And it came after an earlier breach last August. The entire situation has been a disaster of opacity, sparse information sharing and the company making efforts to retain business at the expense of user security, which was the only thing we were paying them for.
I’ve just migrated over to 1Password, which was fortunately a very easy process, because now I begin the painstaking and time eating process of updating every password that I haven’t changed since that November breach. Nothing can be assumed safe.
If you stuck with LassPass, you should really change that today. And if you’re an iOS/MacOS premium account holder, demand a refund; if Apple is processing refunds to third-party Twitter app users for something that those companies didn’t do (Twitter shut off their access) then they should certainly do likewise here when the company is wholly at fault.


#LastPass#password manager#password security#security breach#online security#1password#action needed
22 notes
·
View notes
Text
So I know a lot of you have seen Ms.demeanor’s post about passwords and how you should have a password manager. And you 100% should. But let’s say you can’t have one for some reason, or you’re trying to help someone who can’t have one. I have developed hmmm a method that allows you to use fewer passwords while also keeping everything safe.
Sorting
So you need to sort all your apps, accounts, etc into at least 3 different categories based on how screwed you'd be if a hacker got into that account.
Level 1
These are low threat level accounts and generally accounts where you were forced to make an account for a one time thing. Like for example you wanted to download a knitting pattern but they forced you to make an account. These accounts do not matter. If a hacker gets in it should have the same impact as someone picking up a penny found on the ground near your house. You could put streaming sites in this category if you wish. Maybe also your wifi password.
Level 2
These accounts are ones that you use often but that won't ruin you financially if someone gets into them. This should contain stuff like social media, maybe streaming, and maybe your phone bill if you're feeling spicy. It is very important that social media passwords be different from the highest level of security passwords. Social media passwords are more likely to be shared with people or could be stolen like the fb data scrape from years ago.
This is also where you'd probably include anything school related if you're still in school: blackboard, quizlet, grade book, etc. Or work related: email, slack, etc. You could also make a separate level just for school/work related accounts.
Level 3
This is the oh-i'm-absolutely-fucked level if someone got into your account. This is like if someone found the code for a safe in your bedroom. This is anything that contains sensitive info: medical, SSN, etc. Or deals with money. This is the level for bank accounts, taxes, government websites, paypal/cashapp, loans, etc.
I go back and forth about whether or not I would include email in this level. Especially if you're using gmail which is just sooooo great at not stealing your data. But in the end, with access to your email account, someone can reset passwords on all your shit (which is why you should have multiple emails as well).
Creating Passwords
Now you need to create a password for each level, which you can do using an anchor point. Luckily for you, you are on the shipping-AU-fandom website so it'll be easier. I'm gonna use supernatural as an anchor point. You can of course use different fandoms/ships for each level (I recommend this)
Level 1
This should be a simple easy to type, easy to remember password. It should contain at least numbers and letters with maybe an exclamation mark. This can contain words from the dictionary. Since this is a basic password, use something you think is basic and then the year it was invented or the year you really noticed it. It should be two words so you can get at least two capital letters.
For example, I think spn fans are pretty basic (i'm allowed to say this, I used to be one) and I think they started becoming A Thing in 2012 so for this level the password would be SPNGirlie2012
Level 2
This is where we get more tricky and want to add in words that aren't in the dictionary. We want to include numbers AND symbols.
Let's go with the beloathed ship of this website - Destiel - which is not a word in the dictionary. And then an AU you have seen that then stuck in your brain. Then the year you saw it or got into it or it was created.
For example, the idea of destiel being news anchors saying the news in the i love you meme is hilarious to me. So we have Anchor!Destiel2023 but that's still a bit too comprehensible soooo Anch0r!De$tiel and changing the number to a different year than the current one so 08 to represent when that angel first arrived and later doomed this website to being incomprehensible :)
Level 3
This should not contain recognizable words. If someone reads it they should be SO confused. This is where you use very niche AUs that get their own names. You use quotes that crushed you or lyrics from that one AMV that is stuck in your head at the moment. Very important, it should make people cry if they were told to type it in on a tv screen with a remote.
If you go the AU route it should be something like oh Sam was being too bitchy so he got cursed into a cabbage and has to learn how to become nice so it's called the Cabitch AU. Then we spice it up with some numbers and symbols. (@B1tch!$am!@U5 (CaBitch!Sam!AU5) and a number at the end maybe signifying how many of you even know about this au in the first place.
Or you can go the quote/lyrics route. Which follows recommendation of another tumblr post (also ms.demeanor?) Let's use the infamous destiel meeting quote "I'm the one who gripped you tight and raised you from perdition."
so you take the first letter of each word = ITOWGYTARYFP
make 'the' 'and' 'from' lowercase = ItOWGYTaRYfP
substitute letters = |t0WGY7aRYfP
Add in a significant number (page, episode, timestamp, etc) = |t0WGY7aRYfP_4.01
And tada you have a password that saw would use in a saw trap with an apple tv remote.
And there you have it, how to sort and make your account passwords safe in technically 6 easy steps. I know there are a lot of you who use the same password for everything or bemoan your difficulties with remembering passwords. But like data protection is SO important, y'all don't realize just how much can be dug up with the simplest of information. I leave you with this horror story that made me make this post.
So my friend was getting harassed over text message by an unknown number. She thought it was her shitty ex bf so she decided to do some digging. First she went on her fb to see if he had his phone number public, but because she blocked him she couldn't see it. But you see dear reader, he gave her his fb password while they were dating. Friends, they broke up over FIVE YEARS AGO. For shits and giggles she tried to log in and WHOOPS IT WORKED! She couldn't find his phone number and that was going to be the end of it, but she got more texts for yet another number so she investigated more.
She was able to log into his email attached to his FB, where she was able to you know, actually read his emails. Turns out one of his doctors was NOT practicing proper patient confidentiality because he wrote an email with the guy's MENTAL ILLNESS DIAGNOSIS! Which my friend was able to see! She also found his SOCIAL SECURITY NUMBER!
If you aren't American, that means she could take out a loan in his name no questions asked. She could have ruined his credit score. Oh what's that? That's right! He used the same email and password for his BANK ACCOUNT! and turns out his credit was already bad. She could have transferred all his MONEY to her!!!! She dated him for a while, if there were security questions, she probably would have known them.
So because this guy gave an 18 year old his fb password, 7 years ago, his ex (who hates him btw) found out his SSN, his diagnoses, his phone number, AND his bank account info. Thankfully she's not a shitty person and doesn't hate him enough to ruin his life 5 years after they broke up, but like she could have! She could have left his life in ruins!!!!!!!
Which is why I made this post.
don't use the same password for everything
FOR THE LOVE OF GOD DO NOT KEEP THE SAME PASSWORDS AFTER YOU HAVE A MESSY BREAK UP?!?!??!?!?!?!
The end, hope this helps, change your passwords.
#passwords#data protection#password security#what not to do after a messy break up#what TO do to protect yourself online#internet safety#why your tumblr password should not be the same as your bank password#unfortunately schools today do NOT teach internet safety and if they do they do a truly awful job of it#also you should switch things up from what I wrote#i tried to show the different areas of flexibility#It is so important that you treat passwords like a key to a locked door#if you have a bad break up change your fucking locks#I will admit I haven't historically used the best passwords cuz again you don't get taught this#Oh i also recommend changing your passwords after each like big change? Like if you finish with school or a job#it's just an easy way to schedule maintenance on your passwords and purge old accounts#same with changing emails!#mine
6 notes
·
View notes
Text
It's always a good time to update your passwords, folks. Chart from here. Turn your 2FA on everywhere while you're at it, too.
2 notes
·
View notes
Text
OTP will never mean "one time password" to me no matter how hard tech companies try
0 notes
Text
This is your sign to delete accounts you don't use, update the security on the ones you do, and change your password you use over 87 sites.
#security#accounts#online security#account security#password#password security#update your fucking password#screams
1 note
·
View note
Text
LinkedIn Hacker Mayhem
Automated Security Challenges – Photo Credit Gizmodo
Should You Panic or Stay Calm?
It could just be me but I doubt it. I’ve certainly had my share of attempts to attack my accounts including the SIM Jacking I documented (3 Minutes to Financial Ruin). But since the vast majority of these attacks are automated with the perpetrators using tools that essentially automate the tasks of attacking…
View On WordPress
#2FA#account protection#Cybersecurity#data breach#Hacking#Healthcare Security#LinkedIn#login alerts#Password Managers#password security#Passwords#phishing#secure#Security#social media security#two-factor authentication
0 notes
Text
(Rant; slight spoiler for Reacher S02E01)
"I have a flash drive with crucial information worth killing over. I set it up so that once you plug it in, it auto-erases itself after two minutes or three wrong guesses of the password. My password is Reacher, the name of the guy who ran my old unit. Not even alphanumeric, no randomness, no nothing. Password security? What's that?!"
Like. I get it makes for more entertaining crime tv to guess a dude's password but it's always sophisticated hacker guys who have these easy to crack ones that are spelled like you'd do in the dictionary. Maybe it's truth in television because the biggest vector of attack is always the dope in front of the screen but like, you'd not even be able to get my fucking Tumblr password with the method they're using and you can be damn sure if I had a sensitive drive like that I'd pick an even stronger one.
1 note
·
View note
Text
Got a "time to change your password" email at work, you know what that means
time to add another exclamation point
0 notes
Text
Importance Of Using Password Manager
A password manager stores all your passwords in a single account. The master password to your safe is the only the password you'll ever need to remember.
0 notes
Text
How Do Password Managers Work and Store Your Data?
Passwords. Have we ever experienced so many problems with anything else connected to technology? Most likely not. The most popular method for securing all kinds of data and services is using passwords, but alas, there are many to remember!
Hackers are aware of all the methods we employ to create and remember passwords, and all too frequently, they successfully access our accounts using our weak passwords. Using a password manager can help with some problems associated with passwords.
What is a Password Manager?
The advantage of using such a program is that each website and account can have a different, genuinely random, long password, and you don’t have to remember it—the password manager will keep track of them for you. It can even assist you in avoiding entering your passwords into insecure websites.
Contact best Jewelry Website Development Company in Surat, India to build your Ecommerce Website.
How do Password Managers store your data?
Password managers relieve you of needing to remember multiple codes by storing everything for you. There are different applications that are popular on the market right now, and they all have their own specific style of handling things. But the basic idea is the same.
Your passwords are stored in an encrypted manner, and can only be retrieved by unlocking the encryption. This can be done in various ways, not just by inputting a “master password”. For example, some password managers allow you to unlock them by providing a specific, unique file. Most of the popular password managers on the market also come with other nifty features.
For example, they will usually automatically generate secure passwords for you according to customizable rules. They may also support automatically inputting the password for supported sites.
Why do you need a Password Manager?
A password manager can be a highly useful tool for protecting sensitive corporate information and personal banking logins. A password organizer might be an excellent purchase for people who struggle to manage passwords across numerous websites. These tools manage security by generating secure passwords and keeping them organized, and both individuals and companies can benefit from the security they provide.
Features of a Password Manager
Advanced encryption is the most crucial characteristic to look for in password managers. It is essential. Data security is at the core of password managers; without end-to-end encryption, your data won’t be sufficiently safe.
End-to-end encryption
Advanced encryption is the most crucial characteristic to look for in password managers. It is essential. Data security is at the core of password managers; without end-to-end encryption, your data won’t be sufficiently safe.
Thanks to end-to-end encryption, your data is guaranteed to be unreadable both in transit and at rest. A special authentication key must be supplied for the platform to be able to decode the data. The user is the only one with access to this authentication key thanks to end-to-end encryption.
Multi-Platform Support
For you to access your password vault regardless of the OS you’re using, support for various platforms is essential.
At the very least, a password manager should work on the four most popular operating systems: Android, iOS, Windows, and macOS. A password manager should also offer browser extensions for all major browsers. This makes entering your information on any login page so much simpler.
Secure Password Generator
A password generator should be included with every password management. You need password generators in order to create secure, distinctive passwords, and they are absolutely necessary. You no longer need to keep track of all the advice for creating safe and effective passwords, which significantly reduces workload.
The length of a password generated by a password generator can be changed, and you can even specify whether it should contain special characters, digits, lowercase letters, or capital letters.
Vault Storage Location
You can use password managers to store passwords, notes, and other private information in a vault. Passwords can be kept in the cloud, on your device, or locally by a password manager.
Even though keeping your password on a gadget is alluring, there are drawbacks. The biggest drawback is that you can’t get your passwords back if you lose your device.
You must manually sync passwords between devices if you store your data in an on-device vault. Automatic syncing is crucial at a time when individuals use many gadgets for various purposes.
Security
Security is crucial because you’ll be storing login information for your accounts, including vital platforms like banks. Fortunately, password managers use a variety of encryption algorithms to protect your data from hackers.
Some password managers store passwords and other personal information using a zero-knowledge storage technique, ensuring only you have access to your credentials. By using this method, you may prevent a password manager from accessing the credentials kept in your vault.
Multi-factor authentication (MFA)
While we’re talking security, let’s talk about MFA. Users must log in with MFA and a secondary authentication mechanism in addition to their password. This guarantees that a user’s account will probably stay secure even if their master password is stolen.
A one-time password or a special code issued by an authentication app could be used as the secondary authentication method. The user’s personal device, such as their mobile phone or personal email account, is typically connected to these supplementary means.
Are Password Managers safe?
You might be hesitant to entrust a program or application with your master password and other sensitive data. Can’t app developers also be hacked?
Password managers can be compromised, is the short response. Cybercriminals may gain access, but it does not guarantee they will obtain your master password or any other personal data. Your password manager encrypts the data it stores. And it’s nearly impossible to crack such encryption, which is typically an industry standard like Advanced Encryption Standard (AES).
Additionally, your master password and the encrypted data in your password database are neither stored nor accessible by the majority of password managers.
Your one master password’s strength and security determine a lot of the security of your password manager. Additionally, many password management services do not keep the master password on the same server as your encrypted data. This increases security by yet another level.
Advantages of using Password Managers
One password for everything: The best and most desirable feature is that you only need to remember one password for all of your online accounts, rather than having to remember tens or even hundreds.
Automatically generated passwords: Is it difficult to develop fresh, original passwords? Some people might even attempt to generate a new password by pressing random keys on their keyboard, but this still results in a pattern because of how the keys are organized. One of the numerous advantages of a password manager is that they may generate passwords for you automatically in addition to storing all of your passwords.
Greater Security: When compared to alternative options, password managers offer greater security. For instance, passwords written down on paper or saved in a computer document run the danger of being discovered by unauthorized parties.
Can be disclosed to a reliable person: If you find yourself unable to access your accounts on your own, an online password manager can save your life. An online password manager can save your loved ones or the person in charge of your accounts a lot of time and anguish, for instance, if you become handicapped due to an illness or injury or if you die away.
Disadvantages of using Password Managers
Single sign-on has disadvantages: Since you only need one password to access all of your sensitive login information, there is a chance that you or your password manager might be hacked, compromising all of your accounts and putting you at risk for serious identity fraud. Make sure you use multi-factor authentication on your password manager to help prevent this.
A single point of failure: It would be a tragedy to lose access to the password manager after committing to organize and secure all of your passwords. With just one complicated password to remember, perhaps you won’t run into any problems, but if you do, you’re out of luck.
There is a learning curve: Changing all of your passwords will take some time, and you will need to rediscover how to access your accounts. Many online password managers have browser plugins that simplify the procedure.
Conclusion
So, unless you’re some encryption genius, a walking random number/letter/symbol generator, or a human supercomputer with the ability to retain complicated chunks of data and information permanently, it’s time to get a password manager.
#password manager#password security#data storage#data security#data#encryption#software#ecommerce website development#technology#web developers#password
0 notes
Text
Inactive Gmail Accounts Deletion Next Month December 2023 - Secure Steps to Keep Your Google Account Active
Introduction:
As we navigate the vast digital landscape, keeping our online accounts secure and active is crucial. Google has recently announced an upcoming cleanup initiative that targets inactive Gmail accounts. Scheduled for deletion next month, this proactive measure aims to enhance security and manage data storage efficiently. In this blog post, we’ll guide you through the steps to ensure…
View On WordPress
#Account Access#Account Activity#Account Maintenance#Account Notifications#Account Recovery#Cleanup#Cybersecurity#Data Storage#Deletion#Digital Cleanup#Gmail#Google Account#Google Services#Inactive Accounts#Online Privacy#Online Security#Password Security#Security Measures#Third-Party Apps#Two-Factor Authentication
0 notes
Text
Subnet Sunday: Authentication - Proving Your Identity on the Network
Welcome to Subnet Sunday, where we unravel the mysteries of authentication in a fun and humorous way. In this edition, we’ll take you on a journey through the colorful world of proving your identity on the network. Using relatable analogies, playful emojis, and a touch of wit, we’ll demystify authentication and make it accessible for novice readers. So, get ready to don your digital passport and…
View On WordPress
#access control#authentication#authentication methods#authentication protocols#best practices for authentication#biometric authentication#multi-factor authentication#network dance floor#network security#password security#proving identity#two-factor authentication
0 notes
Text
Passwords How Often Do You Change Them?
Passwords How Often Do You Change Them? Once every so often I think that we need simple password reminders. #kravis #security #passwords #midjourney
Passwords How Often Do You Change Them?
Passwords How Often Do You Change Them? Once every so often I think that we need simple password reminders. And, this posting is a gentle reminder of that and also some other ideas you might try if you have the time. The reminder could be for both work and home. 🙂 Because if you have a lot of passwords a good solution needs to be easy to use so you keep up…
View On WordPress
#cyberattacks#password manager#password security#Thoughts & Ideas#two-factor authentication#unique passwords
0 notes
Text
Google Implementing Support For Passkeys To Eliminate Passwords
Google has been implementing support for passkeys so that users can log in to their accounts without remembering a password or using a third-party password manager. Apple also implemented passkeys in iOS 16.
The passkeys concept has been touted by advocates as a way to eliminate the problem of people generating and using unsafe passwords because they’re worried they might forget the complex…
View On WordPress
0 notes
Last Seen Blogs
labidouille
Sans titre
angie-j-kay
Angie J. Kay
comicsbyedlc
Comics In The Making...
marcobalasco-blog
Life is music
writingsonsaturn
love you to the moon and to saturn