Let's talk about passwords!

Discussion in 'Security and Legal' started by Dan Hutter, Jul 16, 2012.

  1. Dan Hutter

    Dan Hutter aka Big Dan

    Joined:
    Jul 20, 2006
    Messages:
    1,412
    Likes Received:
    515
    Location:
    New York
    With the recent hacking and subsequent password leaks of major site likes Linked In and Yahoo secure passwords should be at the forefront of every webmaster's mind. From your cPanel and FTP account, to your database password, to your admin account everything needs it's own unique & secure password. A secure password is at least 12 characters and contains random UPPERCASE and lower case letters, numbers, and symbols.

    Word of note: You should avoid using symbols in mySQL database passwords and it breaks things when working from the command line unless the symbols are properly escaped which is just a pain in the rear.​

    By far the easiest way I've found to keep track of all those passwords is LastPass. It's a free and nifty browser extension that works across all platforms and major browsers. Basically, you define a master password to unlock Lastpass. Once unlocked Lastpass automatically fills in your username and password. Lastpass also generates new secure passwords for new accounts and password changes.

    Short of last pass there are tools like the PC Tools Random Password generator that you can use to generate random passwords but without a secure way of storing them it's pretty useless.

    What do you use for password management?
     
    Brandon, Forever Young and cpvr like this.
  2. cpvr

    cpvr Regular Member

    Joined:
    Aug 14, 2009
    Messages:
    3,219
    Likes Received:
    823
    I use notebooks, I write down my passwords on one of my notebooks that sit on my dresser. That way, I can carry my passwords whereever I need to go.
     
    Forever Young likes this.
  3. Superboy

    Superboy Most Likely, I'm Insane.

    Joined:
    Jun 13, 2012
    Messages:
    524
    Likes Received:
    167
    Location:
    New Jersey
    that is actually a good idea cpvr
     
  4. cpvr

    cpvr Regular Member

    Joined:
    Aug 14, 2009
    Messages:
    3,219
    Likes Received:
    823
    I've been using that method since I got hacked years ago and lost my my main emails. My fault because I left "remote access" opened on my laptop and someone busted in.
     
  5. Cerberus

    Cerberus Admin Talk Staff

    Joined:
    May 3, 2009
    Messages:
    1,031
    Likes Received:
    500
    There is a study that shows passwords really do not matter in this day and age. I will see if can find it, but if you think about it people exploit things. So, your password has little to do with how they gain access to your accounts and what not. You could have the best password in the world but if the site the password is too is not secure the password is meaningless...Just sayin
     
  6. benjaminp

    benjaminp Regular Member

    Joined:
    Mar 22, 2008
    Messages:
    218
    Likes Received:
    101
    Location:
    England
    I actually don't know most of my passwords. For the websites I use pretty often I know the password, my passwords are fairly secure two unrelated words, a mixture of upper and lower case, with various letters changed to numbers/symbols and also add a few on the end. I know it'd be best to take the words out the equation completely, but I'd never remember them otherwise. I have around 6 of those passwords and I vary which the symbols/letters for each website.

    For the vast majority of websites, my passwords are just pure gibberish. I save them to my browser and sync between my laptop and pc. If I lose the password or need it out and about, I just recover it to my gmail account, which I use two step verification on (iphone and landline as backup).
     
    Brandon likes this.
  7. bauss

    bauss Regular Member

    Joined:
    Jun 16, 2012
    Messages:
    335
    Likes Received:
    74
    I use the same password for all my accounts, I just use a different password for cpanel to be safe. I hate adding uppercase letters to my passwords, and I hate it when sites require that you must add a uppercase letter as well, it's annoying.
     
  8. benjaminp

    benjaminp Regular Member

    Joined:
    Mar 22, 2008
    Messages:
    218
    Likes Received:
    101
    Location:
    England
    It might be a minor annoyance, but it's worth it to keep your accounts safe. It's obviously a lot easier to use the same password for all accounts, but that means if one account is hacked, potentially all the rest are.
     
  9. bauss

    bauss Regular Member

    Joined:
    Jun 16, 2012
    Messages:
    335
    Likes Received:
    74
    I'm not worried about anyone getting my password, accounts only get hacked if the user is a idiot. They use a common password, they share it with friends, or the site they joined is unsecure.
     
  10. benjaminp

    benjaminp Regular Member

    Joined:
    Mar 22, 2008
    Messages:
    218
    Likes Received:
    101
    Location:
    England
    Yahoo, linkedin have both recently fell victim to hacking. Previously I would have considered them to be "safe" sites.
     
    Brandon likes this.
  11. Dan Hutter

    Dan Hutter aka Big Dan

    Joined:
    Jul 20, 2006
    Messages:
    1,412
    Likes Received:
    515
    Location:
    New York
    If a site is exploited all they get is that password. If you're using the same password for everything now the hackers have access to your email, paypal, etc accounts. By using unique passwords for everything it doesn't matter if one or two sites get hacked all the others remain secure.
     
    Brandon and benjaminp like this.
  12. Carlos

    Carlos Regular Member

    Joined:
    Apr 20, 2003
    Messages:
    751
    Likes Received:
    251
    Location:
    California
    You think you're the only one? No. Many people think this.
     
  13. Cerberus

    Cerberus Admin Talk Staff

    Joined:
    May 3, 2009
    Messages:
    1,031
    Likes Received:
    500
    True, but I was just making the point your password does not matter that much.. You are acctually more secure if you use a different email address for ever site than a password.. So that way if someone does get a password they can not gain access to other sites because of them using different emails and or logins.. Password is good to secure but it is better to use a different username/email for every site :)
     
  14. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,601
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    I use different passwords on all my sites, the ones I use often have similar passes but each is unique to that site.
    I have all my high profile passwords written down on a piece of paper at home, and I'll often reset my pass on sites I don't visit very much just so I don't have another one to remember.
     
  15. Creaky

    Creaky Regular Member

    Joined:
    Aug 15, 2011
    Messages:
    310
    Likes Received:
    96
    Location:
    London
    I use Lastpass to generate passwords for any site I register at. For portability I export the list to Keepass and keep them on a USB stick I carry with me all the time.
     
    Brandon likes this.
  16. Dan Hutter

    Dan Hutter aka Big Dan

    Joined:
    Jul 20, 2006
    Messages:
    1,412
    Likes Received:
    515
    Location:
    New York
    How are you exporting to Keepass? I've been looking to that for a while just to have a backup. I'll be damned if I can find the option.

    I used to use Roboform, then went to KeePass, and for the past year or so I've been using LastPass.
     
  17. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,601
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    I've known about Keepass for a while and have been meaning to check it out closer. I've seen a lot of webmasters talk about the benefits of it.
     
  18. Dan Hutter

    Dan Hutter aka Big Dan

    Joined:
    Jul 20, 2006
    Messages:
    1,412
    Likes Received:
    515
    Location:
    New York
    I really liked it. You own your data. With Lastpass your data is stored on their servers and we've seen lately that even 'safe' sites that are supposed to take security seriously are being hacked.

    My only beef with Keepass was I could never get the browser extensions to work right and I had to manually copy/paste passwords - That gets annoying 100x per day.
     
  19. cpvr

    cpvr Regular Member

    Joined:
    Aug 14, 2009
    Messages:
    3,219
    Likes Received:
    823
    With the two-step verification system on Gmail, its pretty hard for hackers to bust your shit. If someone gets in, you submit the lost password to your phone, and reset it again. They lost, not you. Sure, multiple emails are safe, but what's really the point to having a few to remember? It's good to have one, and secure the crap out of it.

    Like even on namecheap, my account is on safety mode, so if someone got in, I receive an email with their IP that was used to log in and everything else. Namecheap put this on my account when someone busted in due to my old email before.
     
  20. Creaky

    Creaky Regular Member

    Joined:
    Aug 15, 2011
    Messages:
    310
    Likes Received:
    96
    Location:
    London
    Click the lastpass icon, tools, Export to and choose the format
    export.jpg
     
    Dan Hutter likes this.

Share This Page