New password security rules may surprise users

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
16,584
Or just use something like LastPass and never worry about passwords again.
 

Sonic2k

Executive Member
Joined
Feb 7, 2011
Messages
7,637
It might not stop attacks, but it makes it harder.
Using simple passwords makes the time required to launch a successful intrusion orders of magnitude shorter.
 
Joined
May 9, 2012
Messages
9,828
Hackers no longer sit there trying to guess single users passwords, they go after the site directly. After that it makes no difference if your password is 1234 or 5up3r-l0ng.,/c0mplicat3dAsFcK
 

krycor

Honorary Master
Joined
Aug 4, 2005
Messages
18,546
I use 1Password - AgileBites.. no subs, just once off cost for software which i got on special. Pretty much uses iCloud or/& dropbox to sync encrypted store between devices. Supports finger print id etc too and if u want, generated OTP though i prefer having this separate.

PS. if u lose ur pwd for it u kinda ****ed haha. Cool think i like about 1Password is the integration into apps on ios atleast and websites
 
Last edited:

Turgon

Senior Member
Joined
Jun 8, 2015
Messages
666
*knock* *knock*

"Who goes there?"

"A brother."

"What's the password?"

"Uh...hold on...let me check with my registered third party password manager"...

-------

Sigh.
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
16,584
Those exploits almost certainly rely on users who opt to not have to login to LastPass with every new session. It's not recommended by LastPass and not something I do.
Hackers no longer sit there trying to guess single users passwords, they go after the site directly. After that it makes no difference if your password is 1234 or 5up3r-l0ng.,/c0mplicat3dAsFcK
That's probably true. But at least with a password manager like LastPass, all your passwords are unique. So if one is compromised the others aren't affected. It's the main reason I signed up with LastPass.
*knock* *knock*

"Who goes there?"

"A brother."

"What's the password?"

"Uh...hold on...let me check with my registered third party password manager"...

-------

Sigh.
You'd have to type in a password anyway. At least with a password manager, you have the benefit of one password being able to manage unique passwords for all your sites.
I switched to http://keepass.info/ very capable and does what it needs to. Most of all it's free...
I'm suspicious of free password managers. The amount of technical expertise required on their end is extreme, so how do they manage without charging users?
 

krycor

Honorary Master
Joined
Aug 4, 2005
Messages
18,546
*knock* *knock*

"Who goes there?"

"A brother."

"What's the password?"

"Uh...hold on...let me check with my registered third party password manager"...

-------

Sigh.

It's become basically like encryption keys.. Either you have one on your keychain/Pwc manager or you don't..
 

kianm

Honorary Master
Joined
Jan 13, 2014
Messages
10,533
Can't ask all your users to sign up to lastpass /keypass etc etc. Imagine the look on their faces
 

Electric

Honorary Master
Joined
Jul 22, 2013
Messages
14,228
Or just use something like LastPass and never worry about passwords again.

One of the users here also suggested this until LastPass was breached and all the info was available.
 
Top