I had a new debit card used for mail order within days of receiving it. It had only been used once by me - at a cash point indoors in one of that bank's branches. I can only imagine the number had been stolen at the card suppliers or within the bank itself. I got a full refund but no lesson on "protecting myself".
Any password that is on a password list is likely to be easy. You can download such lists so you can crack poorly implemented sites, etc.
The chances of anyone guessing say two words and a number concatenated within the three or so tries a secure site should allow are pretty low without needing any specials.
Now if its a password for say a document, where they can take as long as they like to crack it, its a different matter.
Which is why more and more banks, as well as Microsoft, use two factor authentication.
Much more convenient to use for the master access to the password manager or for your net banking and tap payment systems than a PIN or master password, particularly if there is a fallback to a master password if the fingerprint sensor stops working.
+1. Here it allows me to enter 'spècïâl' characters, inßtead, now
yep. it was so true it almost wasn't funny.
The problem is, if the attackers get unfettered access to the database (as has happened a lot) then they also have all the time in the world to crack the encrypted passwords.
That's *if* they were encrypted. Goodness knows how many websites store passwords in plaintext (underscoring my point previously that once you press "enter" you have no idea what happens to your password).
The first root password to try is always gandalf.
Our PCI auditor failed a multi-million pound initiative at a bank (he declined to say which one) after tailgating an employee through reception
5 minutes before his scheduled meeting. He called them up and said "I'm in the canteen").I notice, with interest, nearly all big-boy offices have gates that only allow one at a time through (with serious injury a possibility if you try to tailgate).
But that may in fact be still an impossible task.
I had occasion to actually use salted hashes, and no two salted hashes of the same password are the same..
Not many for anything important. however there are many that use old, short key but 'library' password routines.
The problem with the big Adobe style hacks, is that access to very little imporantinfo on yer adobe account, becomes a huge issue if you have the same username and password on a really important site, like your bank or something
All you can tell is that it's at least eight characters, which is what you can tell from the first method.
How does it do that? In the example above the length could be anything from eight upwards.
Which is why nobody with any sense would do that.
Not possible with a well designed one.
Mine has never generated a password that has not been accepted, presumably because a lot more work has gone into the character set that it uses.
The best password managers are indistinguishable from someone typing the password and username. Perfectly possible to make it look like a human typing.
And that is another thing a well designed password manager can do for you completely automatically.
Clearly a well designed password manager can use a fixed font.
And a password manager can do that too.
No reason why the password manager can't use 2 factor security for itself. And use anything it likes like the camera to check if it?s the owner too.
I not only try, I succeed in doing that.
The better way is here now, the best password managers.
Go on. I'm intrigued. What did the ministry come round for?
Not possible to use them with the best fingerprint systems.
When it's done on a phone, the phone can monitor what you are up to using the camera and can refuse to accept anything if you stop it watching what you are doing. It can also check that its you using the fingerprint sensor and not someone else and can have a two factor access system too.
I think it can. If "password" is a legal password, the bad guy has to take the (admittedly small) time taken to test for it. If it's not legal, he doesn't have to test for it.
Doesn't matter with an encrypted database.
Doesn't matter with an encrypted database.
All I know is, certainly in the 80s, lecturers still had "contacts" ...
Does that include the free ones that facebook and the like advertise, you just stick your passwords in it and they'll sort everything out for you for free.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.