Jump to content
ATX Community

WORST PASSWORDS

Lee B

By Lee B
in General Chat

 Share

Recommended Posts

Eric

Eric

Posted
Posted

There are two types of passwords I recommend that all of my clients use for the admin panel for their website.

  1. A hand full of random common words separated by underscores/hyphens/special characters.  See this XKCD comic for an explanation.  These are the default passwords I create for new accounts.  They're somewhat possible to remember, they're perfectly secure, and fun to come up with.  Like rambunctious-jellyfish_pineapple-eater! or travelmug-handicapped-platypus-ransom
  2. An 18 character string of gibberish, random numbers, special characters, and mixed case letters. I recommend an encrypted password database for anyone going this route, because they're impossible to remember.  Lots of good applications out there to help you manage your secure passwords, varying in price and features (autofill browser extensions, multi-device sync, etc)  

I've got more than 300 unique passwords to keep track of, I can't imagine trying to keep them straight without some kind of software to organize and remember them for me. 

  • Like 4
Link to comment
Share on other sites
Catherine

Catherine

Posted
Posted
14 minutes ago, Eric said:

I've got more than 300 unique passwords to keep track of, I can't imagine trying to keep them straight without some kind of software to organize and remember them for me. 

I have a password-protected document that runs over 27 pages long.  Far too many sites require not only complex passwords but you can never re-use so you have to keep track of what you have ever used there.  Plus places where you need notes on navigating complex login procedures.  I have 1Password for "normal" stuff (banks, shopping, etc) but still need the other file for details.  E-services is a good example; lists of prior passwords, notes on how to get to the screen I need, click here, DON'T click this one, if you are looking to get to hither first you have to go to yon... blarg.  

It's ridiculous, when so many people use passwords like "password."

  • Like 6
Link to comment
Share on other sites
Catherine

Catherine

Posted
Posted
2 minutes ago, Eric said:

Those email addresses are always great to see on a resume

I've got a client whose (non-work, thankfully) email announces to all and sundry that he is "bi" -- I really, really, did NOT need or want to know that, thank you.  That one, of course, is the email he responds to the quickest.  TMI!

  • Like 1
Link to comment
Share on other sites
Catherine

Catherine

Posted
Posted
22 minutes ago, Eric said:

They're somewhat possible to remember, they're perfectly secure, and fun to come up with.

I also like the favorite quote types, where you use the first letter of each word.  Example (that I do NOT use) "Four score and seven years ago our father brought forth on this continent" becomes fsasyaofbfotc; add your favorite fancy character at the end if you need, or make the first letter a capital.

  • Like 3
Link to comment
Share on other sites
Abby Normal

Abby Normal

Posted
Posted
50 minutes ago, Catherine said:

I also like the favorite quote types, where you use the first letter of each word.  Example (that I do NOT use) "Four score and seven years ago our father brought forth on this continent" becomes fsasyaofbfotc; add your favorite fancy character at the end if you need, or make the first letter a capital.

And if you substitute you get F$@$y@0fbf0tc

  • Like 2
Link to comment
Share on other sites
Roberts

Roberts

Posted
Posted
1 hour ago, Catherine said:

I have a password-protected document that runs over 27 pages long. 

Catherine and I are working the same side of the street. I used to keep them in a binder but shifted about 8 years ago to an encrypted spreadsheet. Mine isn't 27 pages either but probably 5?

A tech client of mine and a relative who works in Cupertino said to not use those apps / websites to keep track. The concern really isn't the app being hacked and your passwords being stolen, the problem is what if the app is hacked and destroyed? All of your log-ins are gone or at least unusable until the app is brought back up. If you aren't paying anything - that could take a while. I had a friend who used a cloud service to hold everything and was given a months notice to move it all because they were shutting down. That was fine but he was scared to death thinking what if he hadn't noticed the email telling him this?

  • Like 1
Link to comment
Share on other sites
Roberts

Roberts

Posted
Posted
1 minute ago, Catherine said:

@Roberts there are apps that are local to your computer.  Those cannot be hacked externally, at least.  1Password is local and it was one of my criteria for choosing it.

Even with it being on your computer - what if it is destroyed via an update?

The client and relative weren't worried about it being hacked and your password stolen, they were worried about the software being literally made unusable. I'm certainly no expert on the subject. (My cloud storage story wasn't password storage - it was his documents and programs. He didn't store anything on his computer and it was all in the cloud if at all possible.)

Link to comment
Share on other sites
Eric

Eric

Posted
Posted
1 hour ago, Roberts said:

Even with it being on your computer - what if it is destroyed via an update?

The client and relative weren't worried about it being hacked and your password stolen, they were worried about the software being literally made unusable. I'm certainly no expert on the subject. (My cloud storage story wasn't password storage - it was his documents and programs. He didn't store anything on his computer and it was all in the cloud if at all possible.)

My password data (a single encrypted file, in my case) is part of my backups.  In the unlikely event that the software breaks and ruins the data file, I can pull it from a backup and open it with a previous version off the software... or a new version after the bug has been corrected.  

But to extend your question further, theoretically, an update to your tax software could destroy all of your tax data.  An update to Windows could destroy everything on your computer.  It'd really suck if it happened, but it's not very likely.

  • Like 1
Link to comment
Share on other sites
Eric

Eric

Posted
Posted

Also, my apologies to Rita.  I believe I deleted her post from the thread earlier.  You can still see it quoted in mine though!  (sorry)

I'm terrible at multi tasking.  Nobody this scattered should have this much control over a website.  Good thing I don't run a cloud storage service.

  • Like 3
Link to comment
Share on other sites
Don in Upstate NY

Don in Upstate NY

Posted
Posted

I confess that I use "password" on several sites - mostly sites that require me to log in even if I have nothing on that site that really needs protecting.  Like the site that allows me to try different paint colors to see how they go together, or vacation sites that let me store a list of "bargains" that I might want to come back to.

  • Like 1
Link to comment
Share on other sites
Catherine

Catherine

Posted
Posted
3 hours ago, Don in Upstate NY said:

I confess that I use "password" on several sites - mostly sites that require me to log in even if I have nothing on that site that really needs protecting.  Like the site that allows me to try different paint colors to see how they go together, or vacation sites that let me store a list of "bargains" that I might want to come back to.

As long as there is no personal info (aside, maybe, from the email address - and don't we all have a "throwaway" address we use for anything like that?), then there is no issue.  Yes, the dumb sites that make you sign up for an "account" when all you want is paint colors or nearby-parking-lot information or something else that should be publicly available.  And the ones that demand a phone number.... I give them my old business number from Worcester.  Hey, it worked just fine fifteen years ago!   (Maybe I should call it and make sure I haven't been subjecting some elderly couple to bizarre telemarketer calls... hmmm.)

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...