Password Security
I know this isn’t a hot topic, security that is. People don’t like to spend time making sure things are secure. But that is why Paypal accounts get broken into, servers get hacked, and laptops get stolen. So take a deep breath, count to 10, and continue reading.
You need to be using a strong password that is unique to every website.
There you have it. If you don’t use a different password for Paypal than other websites, and your account gets used by someone else, it’s your fault!
Most websites do not store your password encrypted, StartXchange included. So that means anyone who is on the support team or has access to the server knows your password. You might as well assume they all know it. So why in the world would you have the same password used elsewhere?
But why on earth wouldn’t it be encrypted? Well it’s because of those forgot password links. You know how annoying it is when you forget your password, and then randomly generated password is created for you. Oh but you remember it now! Too bad, it was changed and you have to go find that email with the cryptic password..
Or worse yet, I noticed today while updating my email address on a couple exchanges.. Getting a new password whenever you update your email address.. that is the current time.. How secure is that? It’s not! Even worse it makes it real easy to enter a totally bogus email address, because all you have to do is enter the time you changed it. So let’s all update our emails in XYZ exchanges to Jon Olson’s HAHA!
So you are like me and you can’t remember the passwords? That’s OK, because every website I use has a unique password. I can do it, so can you! Oh but I have a little secret.. I use a plugin on Firefox to do it for me, called PasswordMaker ;-)
Now I know what you’ll all post.. Use RoboForm!! No. So don’t bother =P I use this plugin because my passwords are never stored, and I can use them on *any* computer I want. So how in the world do I remember them!?
The passwords are generated using a master password, the domain of the website, and some encryption settings I selected. When I use it to fill in the password, it’s essentially re-generating the password every time. So I can put the tool on any computer, or even load up Firefox on a USB key with the plugin pre-loaded on it (just not storing the master password of course), and then anytime I go over a friend’s house or what not I’ve got every password to every website I’ve ever joined at my fingertips.. They even have an online version if you forget to load it up..
Anyways – the point is there are NO excuses. I used to think oh boy I can’t use RoboForm, I have a laptop and a desktop and I’m constantly switching back and forth. Or doing a manual algorithm takes too long, etc. Just do it already!
Thanks Tim for that very informative bit of information. I will look into the Firefox plugin to help me out. Heretofore I have been storing 200+ passwords in a spreadsheet with the hopes of that not getting into other hands. Now I have something that CAN give me some piece (peace) of mind.
Ernie
Thnx Tim,
I will also install this plugin, much better than storing the passwords in one place.
Rgds.,
John
I can’t agree with you more. My PayPal was hacked…and to say the least it has been a pain. PayPal has been great-but it has caused an upset in my bank account. I am now switching out my passwords everywhere I have them. Thanks for the tip on the Firefox plugin-I am going to check that out.
Thanks for a great post.
Becky Williss lastest blog post..Craft it Forward….
Thanks for a very handy hint – passwords are the bane of my life (and many other people’s too, I’m sure!)
It is one thing to promote password security.
It is another to practice it.
Every weekly email you send has this:
==================================================
Username: brent451 Password: ****
==================================================
And those arnt stars when I get it.
I can have the best password possible and it will still get broadcast in plain text every week.
Most of the exchanges do this.
User name and pasword should never be in the same email and password shuldonly be offered when requested.
Brent
If they have access to your email, they’ll have access to the PW when requested as well ;-)
That’s the point though, it’s not encrypted so it’s visible. And it’s visible in the emails because a huge amount of support tickets are regarding forgotten login details.
I gotta say, just reading that PasswordMaker website gave me a headache, LOL.
Sorry, but I’m I prefer Roboform to Go…I can use it on any computer plus it does much more than just create/save passwords. But I certainly won’t try to convince you Tim! ;)
Have you looked at LastPass? That’s another Firefox plug-in and everyone seems to be raving about it. Just curious to see what others think…
Looks pretty interesting =P
Hey Tim I agree. I was talking to someone yesterday about that cool If someone wants to hack in and surf for me that is fine. LOL Just kidding. seriously tho my paypal pass. is a strong password that I have never used anywhere else. Got to keep the money safe thanks and keep up the good work Tim.
Dewayne Goodwins lastest blog post..Earn Money promoting these Banners or shop your choice.
Well if you earn commissions they can change your Paypal address in all the exchanges and request payout. I doubt they’d be interested in surfing for you ;-)
I actually love the RoboForm software myself. I use it all of the time and it takes all of the menial everyday tasks that I have to perform on my computer daily and shortens them extremely! What once took me fifteen minutes to complete now takes me only one second because RoboForm does the same task with just one click. In fact I wrote a Report about a lot of RoboForm’s capabilities for use that aren’t even touched on in the User’s Manual for RoboForm. You can get that Report here:
http://www.theroboformreport.com/indexb.html
There is also a FREE version of RoboForm that you can download on this web page, just to test the RoboForm software out for yourself! I highly recommend it!
Hi Tim,
As ever thanks for the info.
I support Jackie O in her comment and admit I prefer Roboform to Go.
Plus the ability to generate passwords has been of great use to me.
Les
Les Stevenss lastest blog post..Push Button Extreme
WOW! Thank you for this Valuable information. You have saved my some money and some frustration!
Diana
Tim,
I am in the group of people who prefer a ’safebox’ approach. I use Password Organizer which stores my passwords for anything, not just websites in an encrypted place. It also allows me to create passwords with as much or little security as I choose. and if needs be, should I ever need to access a password protected location from another computer, it will fit on a USB key.
But as has been said before – it is peoples preferences.
The basic line – don’t repeat your password, and keep them secure still applies.
Richards lastest blog post..Exercising Due Diligence
Exactly – I don’t care what method you use, just so long as you aren’t using the same password everywhere LOL
That’s pretty good Tim. Maybe you can point me to how I can reinstall firefox without losing the saved passwords. I’m not sure if this can be done. It’s a pain to plug them back in, and some I never remember.
stephen cs lastest blog post..Free Tuition at these Colleges and Univesities
I generally mixed cap and lower case letters with numbers and write it down.
Riki Chans lastest blog post..Jatropha The Bio Diesel Fuel Of Tomorrow
Hi Tim,
I have been using Roboform Pass2 Go for 3 years or even more. I have been in several countries, and always used my usb with Roboform everywhere there is a computer available.
As already written, it does so much extra besides remembering over 1000 psw’s.
I guess only the people who actually use it, do realize how much you get for for very little money!
On top of that, Roboform hardly leaves a trail on the computers I used it on. Although Roboform claims all valuable data is wiped out as soon as the usb is removed from any computer, it turns out some log entries containing no valuable information were left behind.
I just want to confirm Jacky O. It’s a great tool.
Yeah I know many people love it, I’m just tired of being told I need it LOL Same thing with macs..
Will check it out. Printing pages of goop is a pain. This has to help.
Ugh,
This is a hot topic with me. WHY IN THE WORLD WOULD ANYONE NOT STORE THEIR PASSWORDS IN A HASHED UNRETRIEVABLE WAY!?!?
Then again, because of the constant user battles with passwords at blue-surf (generating a new password, logging in, changing it to something they will remember – and all of the tickets about this) I have switched to plain text passwords.
I have swayed to the dark side. :P
But for someone who has the support capacity to deal with this issue – keep them hashed.
Yeah same here. I’ve thought about encrypting the passwords in a decrypt able way in the DB, that way if the DB is taken at least it takes a while to get em out. But then again with a script it could be done in seconds anyways..
Can everybody ever say “I’ve never forgotten my password.”
As an aside, this information should be translated into your Bank account pins. Get a new one every so often. Go to your bank and request a new one today. Start over with confidence.
Thanks Tim keep it up…
I love Roboform, keep a copy of my info on a stick. I also maintain a manual Rolodex just for log on info-you never know what can happen!!!
Mariannes lastest blog post..What Self Defense Products Are Best In A Bad Circumstance?
Best of both worlds? LastPass.
Mozilla currently recommends it. It is free and portable.