Thread: Has your email been hacked?
View Single Post
Old 20 May 2017, 05:21 PM   #10
evilquoll
Member
 
Join Date: May 2017
Location: Emergency temporary account of ROBERT.BAK
Posts: 36
Quote:
Originally Posted by n5bb View Post
(list converted to numbered for ease of quoting)
[...]
2)The passwords used for each of your accounts need to be unrelated to your other passwords. This is impossible to do if you try to remember long passwords, so it's by far safest if you use password safe software and then make the software for the password safe the only complex password you need to remember.
3)Because of social media and the personal questions asked by most sites when you set up your account, it's not that hard for a thief to discover the city you were born in, your grandparent's middle names, your first dog and car, etc. If you answer those questions for an account which is then hacked and these answers are revealed, then another site which happens to ask some of the same questions will be much easier to crack.
2): Although anyone who thinks about it knows that "nothing is impossible" is a contradiction in terms (and there are several cast-iron proven impossibilities, such as dividing an arbitrary angle into three equal parts using only straightedge and compasses), there is too much use of "impossible" to mean merely "very difficult". It's possible to create passwords of at least medium strength and still easily memorable by taking a phrase related to the account (the longer, the better) and using its initials (and sound->number or letter->number substitution) to form the password. For example, "all your base are belong to us" could be transformed into "Aybrb2u" (OK, a longer phrase would be preferable, but this is just illustrative). For my part, I store my passwords in an encrypted Word document (and use Kingsoft Office if I need to read it whilst out).
3) For this reason, back in the early 2000s security expert Tom Simondi recommended to always give fictional answers to password-reminder questions (he used an "internet mother's maiden name" which was quite different from his real mother's maiden name). (If you are on a service which insists on real answers to those questions, move to another sharpish — they're clueless, or planning to sell that information, or both.) Nowadays, I treat password reminders as passwords, and use the same kind of highly-random sequences for both (and note them in my password repository).
evilquoll is offline   Reply With Quote