PASSWORDS USING 3 RANDOM WORDS

Rapscallion said:
I think you are being far to polite - it is not simplistic but wrong to many orders of magnitude!
Click to expand...
I'm sorry that you're offended by my simplistic approach to this. Well, not really. :naughty:
 
If your not going to use a password generator, one of the best advice I heard was the first letter of a sentence you will easy remember.

The first car I bought was a mini in 1978

TfcIbwami1


As for writing password down, it's not really an issue for home, your're far far far less likely to get your house broken into and someone look through your desk drawer for the note book you keep them in, than for someone to hack your computer or a website.
 
Last edited by a moderator:
OK. In order to put some people out of their misery...
AndrewFlannigan said:
If the words are represented by A, B and C, then you can get the following possible strings: ABC, ACB, BAC, BCA, CAB, CBA. If there are twenty thousand words in the dictionary you need to test for 120,000 combinations.
Click to expand...
...I said nothing about D,E,F... etc. :naughty: :coat:
 
moggi1964 said:
I have used Lastpass for a few years now. Can't fault it. The only password I now have to know is the access one to my Lastpass account and that is both complex and lengthy. Every other password is an auto generated one by Lastpass which meets the criteria of the requester.

Would it be a target for hackers? Probably but I'll give them my trust to store passwords securely and see if it is repaid.
Click to expand...

They were probably hacked in December (though they deny it). Google has the scary details.

They also have admitted there are large chunks of code in their app that they didn't write and don't know what they do.

Security experts seem happier with 1password (paid for and the one I use) or keepass (free and pretty good once you have it configured).
Norkie said:
So my bank account on line is a username and password, then a selection of 3 letters from my 15 letter word, then a text with a 6 digit code.

If I mess up logging in, I’m suspended for 15 minutes.

That sounds pretty good to me?
Click to expand...

Yes. Essentially 2fa without using an authenticator app. Combined with all the other layers of security they have that's good enough.

My bank (1st direct) are introducing a thing where under some circumstances you also type your email address. Interestingly, they don't care what you type but how you type it. Each person will have their own rhythm.
 
JonathanRyan said:
...or keepass (free and pretty good once you have it configured).
Click to expand...
:agree:

Keepass does it all and because it's off line, there's minimal opportunity to mess it around.
 
Also Keepass is Open source so, if there was a weakness in the code, it would have been found by now. It was also recommended by the Technical Director of Sophos at a public science lecture. There is also no temptation to re-use a password given that you do not need to remember it.

Dave
 
You must log in or register to reply here.
Back
Top