Heartbleed List

[Lee B]

For a fairly extensive list of what sites were or weren't affected by "Heartbleed"

click on this link http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

[Eric]

The number of sites affected by the bug is so huge, that if you're in the cautious mood, you might as well just change your passwords anyway. I've heard estimates between 2/3 and 3/4 of all websites on the internet were vulnerable at some point.

And while it's not good practice, I know that lots of people use the same password for multiple (if not most) websites, which compounds the problem.

[JohnH]

Eric: Do you have any words of wisdom to offer on choosing passwords? I've always tended to use foreign language words which are meaningful to me, but I' wondering if there is a good system that is fairly easy to remember and increases the difficulty of someone figuring them out.

[Eric]

My nerdiness is really gong to show here.

For passwords that I must remember, I use some kind of keyboard pattern, usually alternating holding down the shift key. For example, start with a, and make some kind of shape/trail across the keyboard, holding down and letting go of the shift key every 2 digits for example. Another popular method is creating a few pronounceable syllables, and separating them with hyphens: foj-mip-mong-foog. You could substitute letters with numbers too. Maybe add a question mark or an exclamation point to the end. Really, as long as a dictionary word doesn't appear anywhere in the password, and you have a digit and a special character (preferably breaking up the letters instead of added to the end), it's pretty difficult to crack.

I have no chance of remembering my passwords, though, so I don't try. I have about 270 passwords that I keep track of for websites that I build and websites that I use. They're all between 12-20 characters, but usually closer to 20. They are random letters, numbers, and symbols. I use an application called KeePass to generate, remember, and organize all of them which itself is an encrypted and password protected database. I keep the database file stored in my Google Drive folder, which syncs across the few computers I regularly use, so every time I add a password at one computer, the database is updated on all 4 machines. It's helpful that the database format is supported by password software available for Windows, Mac, Android, and Linux. Probably iOS too.

[kcjenkins]

And when you use a Password Manager, you only have to remember the password to THAT,, and can, if you choose, let it generate the passwords for you. To remember that 'master' password, you can use a phrase you know you will remember, then get creative. For example, say you use the phrase "I hate changing passwords". That can become "iH8cHgiNPa$Ws" you will remember it, but it's going to be hard to guess unless you know the phrase.

[Kea]

Here's a suggestion to keep from remembering too many passwords, but to still make them different for different sites.

Pick a phrase or general password (following above suggestions) then add a letter somewhere in it for the website you are using (say, "A" or "AC") for ATX Community. But you may still need more than one general password due to different requirements.

[Gail in Virginia]

An instructor I had recommended using your favorite song lyrics to generate passwords by using the first letter of every word to create the password. For example, if you like the song "Let it Be", the first line is "when I find myself in times of trouble, Mother Mary comes to me." This would generate the password wIfmitotMMctm. Not something likely to be randomly guessed. And if numbers or special characters are required, you can always substitute 4 for A, or 3 for E, etc.

[MAMalody]

My nerdiness is really gong to show here.

. I use an application called KeePass to generate, remember, and organize all of them which itself is an encrypted and password protected database. I keep the database file stored in my Google Drive folder, which syncs across the few computers I regularly use, so every time I add a password at one computer, the database is updated on all 4 machines. It's helpful that the database format is supported by password software available for Windows, Mac, Android, and Linux. Probably iOS too.

What does "You need local installation rights" mean to me? Would I use the mobile version?

[Pacun]

Eric: Do you have any words of wisdom to offer on choosing passwords? I've always tended to use foreign language words which are meaningful to me, but I' wondering if there is a good system that is fairly easy to remember and increases the difficulty of someone figuring them out.

JohnH,

I am trying to guess your password. Is señoritas meaningful to you?

[JohnH]

Yes. But then, Señoritas have always been meaningful to me.

[Eric]

What does "You need local installation rights" mean to me? Would I use the mobile version?

You need admin rights to install the software, but not to run it. That's pretty much the case for any software installation though. When you run the setup, Windows will probably pop up the usual message that you have to agree to before the installation can continue.

Or you can use the portable version, which you run from anywhere without installing it, including from a USB stick.

[MAMalody]

Thanks.