Posted May 13, 2012 Let me start this with a little cautionary tale. In Chicago in 2001 a new board spung un that had all kinds of features for hobbyists inluding a private Senior member board with a very good review database and a chat function that allowed hobbyists to communicate directly. The reviews were very useful and and kept private from normal users and providers. Everything was going well until it came out that the board owner was running a string of top providers (ASPs in TOB parlance), it also turned out that one of the most exclusive and influential providers in the City was his half sister. Another huge problem was that this guy had access to all users passwords and e-mail addresses on the board. Armed with this information the owner did some fishing and was able to gain access to several hobbyist's e-mail accounts because they used the same password for their VIP account that they used on their e-mail account. The worst part was that with this access the owner was able to send out e-mail from these hobbyists as well as read all their e-mail. Who they saw, where people were meeting what the rates were, etc. I am in no way suggesting that such a thing Could or would happen at TOB but it taught me some things about how serious password security is. My advice to all is: 1. Catagorize your online accounts. Personal financial, bank and credit cards. Online order accounts. Amazon and ebay, etc. Email accounts etc. 2. If you have a large number of acounts it isn't practical or always possible to have and remember different paswords for everythng. 3. Create seperate secure passwords for groups. 4. A super secretr and strong passsword for finacials, another for board memberships, another for online purchase accounts, a different one for e-mail accounts, etc. 5. Create strong passwords for everything, a strong password will have 8 characters minimum and contain characters from 3 of these 4 groups, lower case leters, uppercase letters, numbers and special characters. 6. Avoid common words or your name and birtrhdays. Jsanders1 is strong but not a good choice if your name is John Sandes. I like to use mashed up words, mneuminics and things with random dates. Ch!c4g0I would be gold and it's easy for me to remember chicagoil, D3n5erCO would be good for denver and JS0512tob or js0512TOB would also be OK. When using dates, choose something other than your birthday. Another might be ATF_Kate100. 7. given enough time and flaws in a security system meant to provide convenience, any password can be hacked given enough tries and time. Just don't make it easy. 8. Change your group passwords every 6 months. Pick passwords you can remember so you don't have to write them down. My advice, for what it's worth. 0 Share this post Link to post Share on other sites
Posted May 13, 2012 https://lastpass.com/ Problem solved. 0 Share this post Link to post Share on other sites
Posted May 13, 2012 Avoid common words or your name and birtrhdays. Jsanders1 is strong but not a good choice if your name is John Sandes. 25 "Worst Passwords" Of 2011 1. password 2. 123456 3.12345678 4. qwerty 5. abc123 6. monkey 7. 1234567 8. letmein 9. trustno1 10. dragon 11. baseball 12. 111111 13. iloveyou 14. master 15. sunshine 16. ashley 17. bailey 18. passw0rd 19. shadow 20. 123123 21. 654321 22. superman 23. qazwsx 24. michael 25. football 0 Share this post Link to post Share on other sites
Posted May 13, 2012 25 "Worst Passwords" Of 2011 1. password 2. 123456 3.12345678 4. qwerty 5. abc123 6. monkey 7. 1234567 8. letmein 9. trustno1 10. dragon 11. baseball 12. 111111 13. iloveyou 14. master 15. sunshine 16. ashley 17. bailey 18. passw0rd 19. shadow 20. 123123 21. 654321 22. superman 23. qazwsx 24. michael 25. football I use "Rainbow Trout" for everything. it's not on that list so I should be safe. 0 Share this post Link to post Share on other sites
Posted May 13, 2012 1. Catagorize your online accounts. Personal financial, bank and credit cards. Online order accounts. Amazon and ebay, etc. Email accounts etc. Something that I do. And as suggested, I use a different password for each "tier". In case of financial and medical tiers, I do not use public wi-fi to access any of those sites. And generally don't online shop from public locations as well. Something that was not mentioned in the OP: when choosing your security question, use something that can not be easily guessed, found in public records or found on your Facebook et. al. profile. Yes, at times, not much choice on the security question for a website, but not smart to make it too easy for a scamster. Along the same lines: clean-up your social media sites' public info. You can be providing too much info making it a lot easier for the scamsters. And: the most seemingly innocuous thing might be used against you. An example from a couple of years ago: airline boarding pass. An airline's FF site was using the FF ID number as the login. Scammers were taking discarded boarding passes and guessing passwords. Once in, not only able to mess with mileage, but, the account info/profile on many of those sites provided home addresses, e-mail addresses, credit card numbers, security question answers, etc. that could be used to try accessing other sites. 0 Share this post Link to post Share on other sites
Posted May 13, 2012 https://lastpass.com/ Problem solved. Another one, which I use: http://passwordsafe.sourceforge.net/ Pretty easy to use, portable encrypted password file, and open source... 0 Share this post Link to post Share on other sites
Posted May 14, 2012 It's some opinions that the best passwords are sentences... http://articles.cnn.com/2011-05-06/tech/durgahee.password.security_1_keepass-common-passwords-1password?_s=PM:TECH As for password programs the ones mentioned plus KeePass (they have a great mobile USB program) work well. 0 Share this post Link to post Share on other sites
Posted May 14, 2012 Excellent topic, with lots of great information! 0 Share this post Link to post Share on other sites
Posted May 15, 2012 Am with the whole public wifi is a huge danger and with the devices and monthly service charge being amazing when you shop around and find the right deal and the fact that alot of smartphones can be used as a "hotspot" am not sure why anyone would use public wifi. There are a lot of sites out there as well that are amazing at protecting any device you may use to get on the web. Thank you guys for the great links to the sites you provided I didn't even know about. Truly the internet is a case of someone is always watching and NO it's not the gov or the little men who steal your socks out of the drier. There are people who make it their whole life goal to be hackers and to be the best at it if for no other reason to know they have made someone uncomfortable in their life and with their safety. 0 Share this post Link to post Share on other sites
Posted May 15, 2012 It's some opinions that the best passwords are sentences...http://articles.cnn.com/2011-05-06/tech/durgahee.password.security_1_keepass-common-passwords-1password?_s=PM:TECHThis is great, and very easy to remember. I always use a mix of capital letters, numbers and characters for my passwords, but never for a sentence. Kudos my man! 0 Share this post Link to post Share on other sites
Posted May 15, 2012 Along with the sentences, a female national computer talk show host recommends putting the site name in your password. Just more letters to streghten the password. "I love to drive my car", would be Il2dmcchase, Il2dmcebay, Il2dmcTOB 0 Share this post Link to post Share on other sites
Posted May 16, 2012 Along with the sentences, a female national computer talk show host recommends putting the site name in your password. Just more letters to strengthen the password. "I love to drive my car", would be Il2dmcchase, Il2dmcebay, Il2dmcTOBOR; "I love to Trout fishing and on my boat until the trout stop effectively", would be… IL-TFandBUTTsexTOBboink 0 Share this post Link to post Share on other sites
