Welcome to Detroit Sports Forum!

By joining our community, you'll be able to connect with fellow fans that live and breathe Detroit sports just like you!

Get Started
  • If you are no longer able to access your account since our recent switch from vBulletin to XenForo, you may need to reset your password via email. If you no longer have access to the email attached to your account, please fill out our contact form and we will assist you ASAP. Thanks for your continued support of DSF.

Why I have never used "password managers"

turok

Well-known member
Joined
Aug 1, 2011
Messages
12,365
I suppose that they are okay, if they don't/aren't used to store passwords to email and financial accounts, but most people who use them invariably-probably do...as well as some who use the same SN and (simple) password to access many or most sites. I also don't do Facebook, even though it is required on many local/national sites, who are too chintzy to use mods.

https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/
 
Last edited:
I suppose that they are okay, if they don't/aren't used to store passwords to email and financial accounts, but most people who use them invariably-probably do...as well as some who use the same SN and (simple) password to access many or most sites. I also don't do Facebook, even though it is required on many local/national sites, who are too chintzy to use mods.

https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/

The point of password managers is so you don't use the same simple passwords.. So the choice is one or two 8-10 character passwords for 50 different sites.. Or PW manager where you use different password from 16 to 50+ character's each. Everything is vulnerable. Just pick your poison.

So as far as Financial accounts, you need a password not sure picking your own is any better unless maybe you have eidetic memory and can remember all strong passwords.
 
I mean PlayStation has been hacked, my local hospital was even hacked. Am I not suppose to go see a doctor? Best advice, especially for financial like credit cards and such - freeze your credit reports if you don't need them at the moment. If you noticed a CC was used you're not responsible. Call and they take care of it. And set up alerts to your cell. Multi-Authentication. Many get stuff stolen because they're too lazy.
 
Last edited:
Many get stuff stolen because they're too lazy.


I realize this is probably not how you meant it, but either way this is totally wrong.

You can't blame a person that got mugged because they refused to carry a gun, or a woman that got raped because she didn't know ju-jitsu, so in the same respect, blaming someone who was the victim of a hack/fraud type crime because they were "lazy" is beyond ridiculous.
 
I realize this is probably not how you meant it, but either way this is totally wrong.

You can't blame a person that got mugged because they refused to carry a gun, or a woman that got raped because she didn't know ju-jitsu, so in the same respect, blaming someone who was the victim of a hack/fraud type crime because they were "lazy" is beyond ridiculous.

I meant there are people who will try to harm you in every way. I'm not blaming them but there are things they can do to protect themselves. Having a password for example Dave32 to a financial institute with no alerts setup or no 2-way authentication is a bit lazy. Like setting your wifi and keeping it open..

I'm not sure why you brought that first part up. They're not even close to related..
 
So as far as Financial accounts, you need a password not sure picking your own is any better unless maybe you have eidetic memory and can remember all strong passwords.


Long before password managers, I created and memorized my own alpha-numeric+symbols alphabet and use common 8 character dictionary words spelled backwards as passwords, with two matching symbols before and after the word, where >8 character passwords are permitted. I kept track of them on a rolodex @ first, changing out passwords once or twice a year...or per quarter for financial/e-tail...until thumbdrives came along. I still have quite a few of the early <1GB ones, 2 of which I use now instead, that are encrypted and password-protected, one as a backup.

Many browers offer to save passwords internally as well, although I haven't come across any articles (as yet) about their hack/crack vulnerabilties.
 
Last edited:
Long before password managers, I created and memorized my own alpha-numeric+symbols alphabet and use common 8 character dictionary words spelled backwards as passwords, with two matching symbols before and after the word, where >8 character passwords are permitted. I kept track of them on a rolodex @ first, changing out passwords once or twice a year...or per quarter for financial/e-tail...until thumbdrives came along. I still have quite a few of the early <1GB ones, 2 of which I use now instead, that are encrypted and password-protected, one as a backup.

Many browers offer to save passwords internally as well, although I haven't come across any articles (as yet) about their hack/crack vulnerabilties.

Smarter than me. I basically had two passwords. If I had more I'd be resetting passwords often. From what I understand internal passwords are vulnerable as well but honestly what isn't.
 
Long before password managers, I created and memorized my own alpha-numeric+symbols alphabet and use common 8 character dictionary words spelled backwards as passwords, with two matching symbols before and after the word, where >8 character passwords are permitted. I kept track of them on a rolodex @ first, changing out passwords once or twice a year...or per quarter for financial/e-tail...until thumbdrives came along. I still have quite a few of the early <1GB ones, 2 of which I use now instead, that are encrypted and password-protected, one as a backup.

Many browers offer to save passwords internally as well, although I haven't come across any articles (as yet) about their hack/crack vulnerabilties.

I've got a system with written down reminders that aren't the actual passwords also, but it's key patterns on the keyboard. If I know which pattern and which key to start on, that's all I need to create randomish-looking set of characters I can punch out quickly. Important stuff gets multiple sets put together for longer passwords. Still don't trust thumbdrives.
 
I've got a system with written down reminders that aren't the actual passwords also, but it's key patterns on the keyboard. If I know which pattern and which key to start on, that's all I need to create randomish-looking set of characters I can punch out quickly. Important stuff gets multiple sets put together for longer passwords. Still don't trust thumbdrives.



Not a bad idea, but at one time, (don't know about now) keyloggers were the way most passwords were stolen. So even though your passwords may be 8-14 characters in length, consist of both lower and uppercase letters, numbers, and symbols....a keylogger still gets them all the same.

No system is foolproof, though I saw something not long about about thumbprint/biometric scanners that might be the next step in online security.
 
No system is foolproof, though I saw something not long about about thumbprint/biometric scanners that might be the next step in online security.

Yeah. That's an arms race too. Anything that can be scanned, can be scanned maliciously. Heard a talk where someone duped a fingerprint scanner using a really high-res picture of someone making a peace sign.
 
We have a new protocol at work for Password Reset - basically it was a dozen questions that the IT Dept traps in order to allow you to reset yourself (to this point you had to call an 800#)

So this morning while trying to log in to the new Password Reset site, I got locked out for inputting an incorrect password 3 times. Had to call the 800# to unlock my account so I could complete the Lost Password reset questions.

The irony was not lost on me or the IT rep I spoke with, lol!
 
Yeah. That's an arms race too. Anything that can be scanned, can be scanned maliciously. Heard a talk where someone duped a fingerprint scanner using a really high-res picture of someone making a peace sign.

I saw a video from a gas station, some guy came in and distracted clerk and another guy used a duplicate card reader on top of the original.. Took about 2 seconds.

This isn't the one but it happened the same way..

https://www.youtube.com/watch?v=y83ZgzuFBSE
 
We have a new protocol at work for Password Reset - basically it was a dozen questions that the IT Dept traps in order to allow you to reset yourself (to this point you had to call an 800#)

So this morning while trying to log in to the new Password Reset site, I got locked out for inputting an incorrect password 3 times. Had to call the 800# to unlock my account so I could complete the Lost Password reset questions.

The irony was not lost on me or the IT rep I spoke with, lol!

So apparently you got locked out from attempting to reset a forgotten/incorrect password by using an incorrect password to reset the forgotten/incorrect password?

Or was it b/c you are obligated to change work-related passwords by using that reset protocol, for example quarterly or biannually?
 
Last edited:
Not a bad idea, but at one time, (don't know about now) keyloggers were the way most passwords were stolen. So even though your passwords may be 8-14 characters in length, consist of both lower and uppercase letters, numbers, and symbols....a keylogger still gets them all the same.

No system is foolproof, though I saw something not long about about thumbprint/biometric scanners that might be the next step in online security.

When I need to login into financial/utility/e-tail sites which I am registered on, I do so through the use of a Linux Live CD or DVD, that run on physical memory only and on thumbdrives, many can also be configured with persistence, or saving their state for reuse. As you posted, nothing is completely foolproof, but adding more layers of security hoops for users of malicious apps to jump through makes it more likely that they will move onto easier targets.

The use of adblockers, setting the browser to refuse 3rd party cookies, and trackers, as well as the addons Ghostery, HTTPS Everywhere, and the ubiquitous NoScript are additional layers to thwart malware. Of course visiting, downloading, and using online gamer, file-sharing, porn, gambling, and the Darkwebs, makes it far more likely that an OS will be infected, especially with Windows OSes while used as the default root user/Admin.

One of the best free antivirus/spyware/malware apps, other than SuperAntiSpyware, Malwarebytes, and Spybot S & D, that can be run alongside another Windows OS AV w/o conflicts, like MSE/Defender, Bitdefender, Avira, Kaspersky, ect...that I have found is named SMADAV, and it is especially fast-scanning and does an exceptional job @ protecting thumbdrives.

I know that many people are now using smartphones instead of PCs/laptops, and I just got only my 3rd one ever this week, which is a lower tier but mid-ranged LG K20 Plus Android running Nougat. Its been 6 years since my last, and I am very rusty with my hacking/unlocking/rooting chops...s/b fun getting back into it...:)
 
Last edited:
So apparently you got locked out from attempting to reset a forgotten/incorrect password by using an incorrect password to reset the forgotten/incorrect password?

Or was it b/c you are obligated to change work-related passwords by using that reset protocol, for example quarterly or biannually?

LOL, I was required to log into one of our company intranet pages and whether it's timecards, expense reports, health insurance or other CBT ...they're all different passwords.

So after clicking the link to the intranet site where I was to complete "Forgotten Password" questions, I got locked out for inputting the wrong password ...to set up Password reset questions.

But yes, we have the quarterly requirement to change passwords and two separate log-in protocols where the password reset is not at the same time ...so it seems like you're updating some password monthly and I couldn't keep straight which password was for what yesterday..
 
Back
Top