What happened??? Need Moderator.

The friendliest place on the web for anyone who enjoys boating.
If you have answers, please help by responding to the unanswered posts.
See posts with no answers
I've tried using systems, but with so many passwords needed these days with banking, work, and personal websites, I find it difficult. My last job had a paranoid IT manager who had us using very complicated passwords that had to be changed every 90 days and each password had to be substantially different from the last one. It all became too much until I started to record them. (With a pen and paper!) . I used a simple code in case I lost my little black book, but it has saved a lot of frustration trying to keep track of dozens of passwords.
To me - it's definitely worth the risk of someone finding my book and cracking my code.
 
Back in the days before smart phones, before Al Gore invented the internet, and when just a few folks had A computer (not "computers" but a single computer), I took an old paperback book that I kept near my computer. I wrtoe the name of the system (BBS) on the top of the page and then underlined a word on the page. That, with the addition of the page number, became the password.

Now I use eWallet and LastPass.
 
dhays said:
Back in the days before smart phones, before Al Gore invented the internet, and when just a few folks had A computer (not "computers" but a single computer), I took an old paperback book that I kept near my computer. I wrtoe the name of the system (BBS) on the top of the page and then underlined a word on the page. That, with the addition of the page number, became the password.

Now I use eWallet and LastPass.
Click to expand...

And what do you do when you forget your LastPass sign in and password? lol
 
BandB said:
And what do you do when you forget your LastPass sign in and password? lol
Click to expand...
Yeah, that would be bad. Fortunately, those are not going to be forgotten.

I do like the formula idea though. I need to think about that.
 
Relax everyone, please. As Janet has pointed out, (she is an admin Mod), the site was not hacked. It was just a stupid troll or several trolls, signing up for site membership, as anyone can, then going to a lot of trouble to annoy us by posting what is effectively spam, multiple times under multiple thread headings. The main issue was the time it took for us mods to clean it all up, so the offending posts disappeared.

There is/was no risk to your passwords from this activity. Although, as several members have posted, it is a bit of a reminder to consider changing passwords from time to time for various forums, and other uses, and to always be alert to possible malware embedded in unsafe links, and to update your (reputable) anti-virus software regularly, because there are a lot of malicious and just plain bad people out there. :eek:
 
Last edited:
Delfin said:
You'll have to help me out on why it isn't valid, if that is what you're saying. Validity is measured, with passwords at any rate, by algorithms that test the strength of the password. This approach only generates very strong passwords that are easy to remember. Or do you prefer "Password" with a capital P to throw people off?
Click to expand...

I was serious in that being a retard when it comes to these algorithms you speak too the challenge is beyond my comprehension.:confused: Sorry, some or at least myself, don't do well with elongated process.:angel: I am more a 'See Spot run, run Spot, run' sort.:banghead:

Al-Ketchikan:flowers:
 
Al said:
I was serious in that being a retard when it comes to these algorithms you speak too the challenge is beyond my comprehension.:confused: Sorry, some or at least myself, don't do well with elongated process.:angel: I am more a 'See Spot run, run Spot, run' sort.:banghead:

Al-Ketchikan:flowers:
Click to expand...

Al, forget about algorithms if they perplex you or if Delfin's excellent solution doesn't work for you. Not that you need to worry about this site, as others have already noted, but it's simple to improve general password security using the first letters of words in a phrase that's meaningful to you. In your example, if you like "See Spot run; run Spot run!", you've got a phrase you'll remember. Sub some numbers that look like letters, add some capitalizations and special characters and you have a password you aren't likely to forget: "S5r;r,5,r!" This isn't as robust as Delfin's, but way better than "12345678."
 
Or you can do as the DNC and use password as your password. ?
 
angus99 said:
Al, forget about algorithms if they perplex you or if Delfin's excellent solution doesn't work for you. Not that you need to worry about this site, as others have already noted, but it's simple to improve general password security using the first letters of words in a phrase that's meaningful to you. In your example, if you like "See Spot run; run Spot run!", you've got a phrase you'll remember. Sub some numbers that look like letters, add some capitalizations and special characters and you have a password you aren't likely to forget: "S5r;r,5,r!" This isn't as robust as Delfin's, but way better than "12345678."
Click to expand...

I'm a pretty big fan of different passwords for different sites. The method I described requires that the only thing you have to be able to do to remember a unique password is identify what month and year it is, and be able to read the URL of the site you're accessing. The rest is constant so there is nothing much to remember.

We spend around $250k annually on hosting of my company's applications, with about half of that just dealing with automated bot attacks. If your username and password is lifted from one site (didn't happen with the Korean spam on this site), then that combination will rattle the doors of about a million other sites within 5 minutes.

We stood up a new environment that was being provisioned for installation of a number of applications and before there was any software installed, and within the first 24 hours of being plugged into the web we logged around 38,000 bot attacks, just probing for a weakness or a place to enter stolen credentials. Just the world we live in....
 
Delfin said:
I'm a pretty big fan of different passwords for different sites. The method I described requires that the only thing you have to be able to do to remember a unique password is identify what month and year it is, and be able to read the URL of the site you're accessing. The rest is constant so there is nothing much to remember.
Click to expand...



OK, I have a what is probably a "stupid" question.

You use the origination date as part of the password formula. Doesn't this force you into remembering when the password was created? That would be difficult for me.

In the example you gave, you used the month as a numerical element. 9 months later, how do you remember that you created that password in July?
 
dhays said:
OK, I have a what is probably a "stupid" question.

You use the origination date as part of the password formula. Doesn't this force you into remembering when the password was created? That would be difficult for me.

In the example you gave, you used the month as a numerical element. 9 months later, how do you remember that you created that password in July?
Click to expand...

I wasn't clear enough....

The form is {two letters from the URL beginning, one capitalized}+{two or three characters of a constant value, one letter capitalized}+{two characters of a time variable}+{two letters from the URL end}+{one special character}.

Much harder to write than remember....so assuming you wanted to use the first and last two letters of the URL, plus "Cat" as the constant variable, plus the present Quarter and Year, plus "!", then the password for www.amazon.com would be AmCatq317on! and for www.bankofamerica.com it would be BaCatq317ca! Next quarter they could all be changed to reference q417, but I generally just add another special character to the end when a reset in less than a year is required. Each year all sites have their password changed to the then current time variable.

I should also mention that for sites that don't have any commercial value like banking or shopping sites, e.g. trawlerforum.com I use an unchanging complex password. So the rule is, if comprising my credentials could cost me money, I use the method described above that generates a unique changing password for each site, but if there would be no harm to a hack, I use a constant complex password I have memorized.

Like I said, it is way more complicated to describe this method than to use it.
 
Delfin said:
I wasn't clear enough....
Like I said, it is way more complicated to describe this method than to use it.
Click to expand...

Now we are getting somewhere:rofl: Ok guys, It would appear that a small potato such as myself, will continue to use the pass word the Trawler Forum assigned to me. I always stay logged in as I have no idea what the pass word is anymore:confused:. If the bad guys hit me it is off to the "Wizard" the 21 year old tech at the local computer cave.,:thumb:
That young fellow runs over my keyboard like a concert pianist. So fast my eyes can not follow. Bingo! $50.00 and I am back on track.

Al-Ketchikan
 
Delfin said:
I wasn't clear enough....



The form is {two letters from the URL beginning, one capitalized}+{two or three characters of a constant value, one letter capitalized}+{two characters of a time variable}+{two letters from the URL end}+{one special character}.



Much harder to write than remember....so assuming you wanted to use the first and last two letters of the URL, plus "Cat" as the constant variable, plus the present Quarter and Year, plus "!", then the password for www.amazon.com would be AmCatq317on! and for www.bankofamerica.com it would be BaCatq317ca! Next quarter they could all be changed to reference q417, but I generally just add another special character to the end when a reset in less than a year is required. Each year all sites have their password changed to the then current time variable.



I should also mention that for sites that don't have any commercial value like banking or shopping sites, e.g. trawlerforum.com I use an unchanging complex password. So the rule is, if comprising my credentials could cost me money, I use the method described above that generates a unique changing password for each site, but if there would be no harm to a hack, I use a constant complex password I have memorized.



Like I said, it is way more complicated to describe this method than to use it.
Click to expand...



You did a great job explaining it. Thanks.
 
dhays said:
OK, I have a what is probably a "stupid" question.

You use the origination date as part of the password formula. Doesn't this force you into remembering when the password was created? That would be difficult for me.

In the example you gave, you used the month as a numerical element. 9 months later, how do you remember that you created that password in July?
Click to expand...

I gave up on these sorts of systems, mostly because sites have too many different rules for passwords. Some require a special character, some don't allow one, some only allow certain ones, etc. I ended up with a notebook of passwords, and needed to have the notebook with me. What a pain.

I went to Lastpass; pretty happy with it. You only have to remember one secure password, and Lastpass allows two-step authentication (fingerprint, text, whatever).
 
Cottontop said:
I gave up on these sorts of systems, mostly because sites have too many different rules for passwords. Some require a special character, some don't allow one, some only allow certain ones, etc. I ended up with a notebook of passwords, and needed to have the notebook with me. What a pain.



I went to Lastpass; pretty happy with it. You only have to remember one secure password, and Lastpass allows two-step authentication (fingerprint, text, whatever).
Click to expand...



I do use a dual authentication system with LastPass. I too have been very happy with it.
 
Cottontop said:
I gave up on these sorts of systems, mostly because sites have too many different rules for passwords. Some require a special character, some don't allow one, some only allow certain ones, etc. I ended up with a notebook of passwords, and needed to have the notebook with me. What a pain.

I went to Lastpass; pretty happy with it. You only have to remember one secure password, and Lastpass allows two-step authentication (fingerprint, text, whatever).
Click to expand...

I only have one site that doesn't allow special characters. All others, no problem. But password managers like LastPass are great. I just prefer something that I can use across multiple machines that don't necessarily have a preferred password generator.
 
Cottontop said:
I gave up on these sorts of systems, mostly because sites have too many different rules for passwords. Some require a special character, some don't allow one, some only allow certain ones, etc. I ended up with a notebook of passwords, and needed to have the notebook with me. What a pain.

I went to Lastpass; pretty happy with it. You only have to remember one secure password, and Lastpass allows two-step authentication (fingerprint, text, whatever).
Click to expand...

Sorry...but you should be aware...:flowers:

LastPass was hacked: Here's what you have to do | Macworld

Password manager LastPass hacked

https://www.hackread.com/lastpass-hacked-this-time-for-good/
 
Peter B said:
Sorry...but you should be aware...:flowers:

LastPass was hacked: Here's what you have to do | Macworld

Password manager LastPass hacked

https://www.hackread.com/lastpass-hacked-this-time-for-good/
Click to expand...

Nothing's perfect. As I understand it, Lastpass has not yet lost passwords, which are encrypted; just user info (email addresses, etc.). But it is a lot more secure than what most people do, other than carrying around a notebook of truly random 16 digit or more passwords. A system like was suggested earlier in the thread is not really good, except for helping to remember. But if one password to one site gets hacked, all the others are easy.

What Lastpass could lose in an attack is users' master passwords (hasn't happened yet, to my knowledge). That's when the two-step authentication is important.
 
Delfin said:
I only have one site that doesn't allow special characters. All others, no problem. But password managers like LastPass are great. I just prefer something that I can use across multiple machines that don't necessarily have a preferred password generator.
Click to expand...

Lastpass works across multiple machines, and with multiple family members, if you want (premium version, which has an annual fee).
 
Cottontop said:
A system like was suggested earlier in the thread is not really good, except for helping to remember. But if one password to one site gets hacked, all the others are easy.
Click to expand...


It might easy to backwards engineer if a person was able to see a couple of passwords and know to what sites they referred. However that would take a person to closely examine them and spend time doing it. It also presupposes that they recognize that there is a pattern. However if you only see one password, I would defy you to figure it out.

For example: kJ#st7MR@1

That uses a formula for TF. Are you seriously suggesting that if you had hacked hundreds, if not thousands of passwords that you would see that one password in the bunch, and decide you wanted to reverse engineer it so you could try it on other sites? That is simply not credible.
 
dhays said:
It might easy to backwards engineer if a person was able to see a couple of passwords and know to what sites they referred. However that would take a person to closely examine them and spend time doing it. It also presupposes that they recognize that there is a pattern. However if you only see one password, I would defy you to figure it out.

For example: kJ#st7MR@1

That uses a formula for TF. Are you seriously suggesting that if you had hacked hundreds, if not thousands of passwords that you would see that one password in the bunch, and decide you wanted to reverse engineer it so you could try it on other sites? That is simply not credible.
Click to expand...

Right on. Hackers look to acquire a UN and PW that they can apply to a broad range of financial websites. The logic behind the creation of a password isn't clear from a single hacked instance, and the entities using hacked passwords aren't people, they are programmed bots, so this side of DoD no person is going to spend time trying to figure out whatever eccentric formula a human mind concocts. I would certainly agree that a totally randomized password is stronger than a formulaic password, however, the method described is strong enough, IMO.
 
You must log in or register to reply here.

Similar threads

NWboater2
8D starting battery replacement
2
Replies
39
Views
3K
NWboater2
NWboater2
B
Californian 34 1981
Replies
1
Views
355
Blissboat
Blissboat
R
Nice to meet you all
Replies
9
Views
556
BruceK
BruceK
J
Trailerable Trawler List
2
Replies
56
Views
6K
Jbo_c
J
C
Nordic 37 Delivery Passage Questions
Replies
20
Views
2K
Captain BW
C

Latest posts

Back
Top Bottom