Curse

Tarun · Dec 02, 2009, 10:33 PM // 22:33

There's really not too much need to change your passwords often unless you visit an insecure/unsafe website. Safe password practices are more of not giving your password to anyone, and when you register for a website, know what you're registering for, etc.

gone · Dec 03, 2009, 03:53 AM // 03:53

Quote:

Originally Posted by Tarun

There's really not too much need to change your passwords often unless you visit an insecure/unsafe website. Safe password practices are more of not giving your password to anyone, and when you register for a website, know what you're registering for, etc.

not so sure about that. but hey, what do I know?

arielmt · Dec 09, 2009, 05:51 PM // 17:51

I don't write my passwords down anywhere but I have used Firefox and SplashID (so I could have my passwords in a little database on the Palm devices I've used through the years) which both require a central password to access.

My PayPal account got hacked a number of years ago after I sold a router on eBay. The router still had my setup in it, the buyer needed the password to change it and I stupidly gave it to him. It happened to be the password I used for most everything at the time and I nearly lost $6k in transfers from my checking account to PayPal. After that I created a new password schema and changed my passwords for everything.

The password schema: I've found it easiest to use a base word (can be anything) prefixed by the type of account and suffixed by a number (either something that means something to me or the year I've created the account).

So for example:

fMaximus07 - a forums account
sMaximus07 - a shopping account
b1Maximus01 - bank #1
b2Maximus03 - bank #2
xMaximus07 - a GuildWars account

Easy to remember, satisifies requirements for letters, numbers and upper/lowercase and I only reuse them on sites of low importance (for example, forums sites passwords tend to be the same). Also, if the login is based on the email address (I have at least 3) then I'll use one email address for gaming sites, another for shopping sites, etc.

So, if you got my email address and password from a Guild Wars fan site via a security breach, you wouldn't be able to login to my game account, or any other account for that matter, even if you knew the other sites I have accounts on.

Regardless, as others have said, if someone wants it they'll get it.

Bob Slydell · Dec 09, 2009, 09:33 PM // 21:33

Inde, Make passwords that are extremely hard for even you (the owner of the account) so hard to remember that you must write them down on a piece of paper. They should not contain any words in them and contain random uppercase/lowercase letters as well as a mixture of numbers and symbols. Than, keep this paper in a safe place in your house. Hackers can't see this paper, and even if they attempt to try and hack any account of yours, they will realize nothing is working and will move on to someone with a weaker setup. Brute forcing a password that contains no dictionary word evidence in it is likely impossible. Follow it by changing them regularly to shake off anyone who is trying to guess it letter by letter slowly. You might not be a target all the time, but take password security into aspect that your password is always being attacked by someone every minute, this'll motivate you to make passwords that are much more secure and be more aware of how dangerous hackers are.