Author Topic: Password Security Reminder  (Read 61943 times)

Andrea B.

  • Technical Adviser
  • *
  • Posts: 1671
Password Security Reminder
« on: August 10, 2019, 17:27:23 »
Letting your browser save passwords is not considered secure.

Look for an app called a password safe, manager or vault. Install it, learn how to use it and keep your login passwords there.

For general info about storing passwords, read this: Password Manager.

As a particular example, you might want to read about 1Password, a free version of which I use on my MacBook.  [I have *no* affiliation with Agile Bits.]

There are lots more choices for this kind of app. List of Password Managers. Use of a password manager also permits creation of complex, unhackable passwords.

I'll add this two bits, FWIW. It's probably best not to use a cloud based password manager. Clouds have been known to disappear. There are hacks everyday of online data banks. But on the matter of clouds, YMMV.  ;)

Should I mention backups here? Nah!
I'm sure everyone would know that their password manager requires a backup.

 8)

Anthony

  • NG Supporter
  • **
  • Posts: 1456
Re: Password Security Reminder
« Reply #1 on: August 10, 2019, 19:57:54 »
I use Apple Keychain.  Are you aware of any issues with this?
Anthony Macaulay

CS

  • NG Supporter
  • **
  • Posts: 1240
  • You ARE NikonGear
Re: Password Security Reminder
« Reply #2 on: August 10, 2019, 20:27:40 »
I use Apple Keychain.  Are you aware of any issues with this?

I've been using 1Password, the paid versions, for 12 years, and I highly recommend it over Apple Keychain.

https://www.macworld.com/article/3060630/why-not-pick-keychain-instead-of-1password-or-lastpass.html
Carl

Andrea B.

  • Technical Adviser
  • *
  • Posts: 1671
Re: Password Security Reminder
« Reply #3 on: August 10, 2019, 20:35:35 »
Anthony, password security is not my area! So I don't know what password manager apps might be considered vulnerable, or not, across the various platforms. I only know about the particular one I happen to use.  :)

Hugh_3170

  • NG Member
  • *
  • Posts: 1425
  • Motueka, New Zealand (A COVID-19 detainee)
Re: Password Security Reminder
« Reply #4 on: August 11, 2019, 15:10:50 »
Anthea, a timely reminder.  Thanks.

Do you know off hand what the rules for the NG password are, including its minimum and maximum lengths, allowable characters, its  UC and LC alpha requirements, and the minimum numbers of each character type that are required etc?

TIA.

EDIT:

I see that the NG site says:


Choose password
For best security, you should use eight or more characters with a combination of letters, numbers, and symbols.


New Question:  is 8 characters on the short side and should there be rules about the minimum numbers of upper and lower case alphabetic characters and numbers of special characters??  Maybe also an enforced update period?

Hugh Gunn

Anthony

  • NG Supporter
  • **
  • Posts: 1456
Re: Password Security Reminder
« Reply #5 on: August 11, 2019, 19:23:15 »
I've been using 1Password, the paid versions, for 12 years, and I highly recommend it over Apple Keychain.

https://www.macworld.com/article/3060630/why-not-pick-keychain-instead-of-1password-or-lastpass.html

Thanks for the comment and link.  I seem to fit the profile for Keychain, so will continue to use it for the time being.
Anthony Macaulay

Ann

  • NG Supporter
  • **
  • Posts: 566
  • You ARE NikonGear
    • Photographs by Ann Shelbourne
Re: Password Security Reminder
« Reply #6 on: August 11, 2019, 19:38:17 »
Keychain works well enough for me.

Actually I get fairly infuriated by the need for Passwords and ever-increasing "Security" requirements.

Luckily I live in a place where security doesn't seem to matter too much: I never lock my car; only lock my house if I am actually going to be away; and have friends in the area who tell me that they don't even know where their house key is!

CS

  • NG Supporter
  • **
  • Posts: 1240
  • You ARE NikonGear
Re: Password Security Reminder
« Reply #7 on: August 11, 2019, 20:24:34 »
Keychain works well enough for me.

Actually I get fairly infuriated by the need for Passwords and ever-increasing "Security" requirements.

Luckily I live in a place where security doesn't seem to matter too much: I never lock my car; only lock my house if I am actually going to be away; and have friends in the area who tell me that they don't even know where their house key is!

It's not likely that you get more agitated with the ever increasing security requirements than I do. One that really draws my ire is "Two Factor Authentication", YUK!

One might never draw the interest of some hacker, but, woe be to them if that happens and their password(s) are not up to the hacker's abilities.  I'm not knocking Apple Keychain, I just prefer 1Password which also works across our iPhones and iPad. Of course it goes without saying,  YMMV.  ;)

It's great that you live in a safe area, but I'm not seeing the relevance of that WRT internet security, where your physical location is not a factor. Back when I was a kid, we lived in a safe area, now we live in a gated community, how times have changed.
Carl

Ann

  • NG Supporter
  • **
  • Posts: 566
  • You ARE NikonGear
    • Photographs by Ann Shelbourne
Re: Password Security Reminder
« Reply #8 on: August 11, 2019, 21:01:56 »
I also do not look forward to being made to use two-stage authentication.

For that reason, I am deliberately one OS behind on my computers; and will only upgrade once the software which I use on a daily basis requires that I update my OS.

What becomes increasingly burdensome is maintaining parity of  OS, Site access and Passwords between several different computers and a number of other devices.

Frank Fremerey

  • engineering art
  • NG Supporter
  • **
  • Posts: 11753
  • Bonn, Germany
Re: Password Security Reminder
« Reply #9 on: August 11, 2019, 21:08:03 »
The problem I have are 25 Billion accounts with 25 Billion Passwords all in my head. With a password manager I would create one single point of failiure and give all of my head free with only one Username / Password combination opening my Password manager. A password Manager is in my opinion a security risk I am not ready to take. Much better seems to me the two channel auth per site with different mobile numbers, Apps and Emailproviders having to be combined for ONE login.
You are out there. You and your camera. You can shoot or not shoot as you please. Discover the world, Your world. Show it to us. Or we might never see it.

Me: https://youpic.com/photographer/frankfremerey/

CS

  • NG Supporter
  • **
  • Posts: 1240
  • You ARE NikonGear
Re: Password Security Reminder
« Reply #10 on: August 11, 2019, 21:50:14 »
I also do not look forward to being made to use two-stage authentication.

For that reason, I am deliberately one OS behind on my computers; and will only upgrade once the software which I use on a daily basis requires that I update my OS.

What becomes increasingly burdensome is maintaining parity of  OS, Site access and Passwords between several different computers and a number of other devices.

And if that's not enough, some sites will accept your login info. then periodically hit you with a few security questions to be answered before you get to where you want to go. I just love to spend more time accessing a site than I do using it once I get by their idea of security!
Carl

Andrea B.

  • Technical Adviser
  • *
  • Posts: 1671
Re: Password Security Reminder
« Reply #11 on: August 11, 2019, 21:55:16 »
New Question:  is 8 characters on the short side and should there be rules about the minimum numbers of upper and lower case alphabetic characters and numbers of special characters?? Maybe also an enforced update period?

If we have transmission protected between your browser and the server and between the server and your browser, then I'm thinking that is enough. I don't see the need to *force* password complexity upon the Membership. But it is easy enough to do should the Membership eventually decide that they would like to have such a feature.  :)








Ann

  • NG Supporter
  • **
  • Posts: 566
  • You ARE NikonGear
    • Photographs by Ann Shelbourne
Re: Password Security Reminder
« Reply #12 on: August 11, 2019, 22:19:35 »
I am very happy with the way Passwords in NG work now Andrea — I don't need any further complexity in my life!

CS

  • NG Supporter
  • **
  • Posts: 1240
  • You ARE NikonGear
Re: Password Security Reminder
« Reply #13 on: August 11, 2019, 22:54:06 »
2 birds with one stone approach. This is a PNG test, plus, showing a screenshot of the 1password password generator window to show it's versatility for password creation. The green bar indicates the strength of the passwords as you generate them.

Carl

pluton

  • NG Supporter
  • **
  • Posts: 2355
  • You ARE NikonGear
Re: Password Security Reminder
« Reply #14 on: August 15, 2019, 08:10:39 »
The complex, un-memorizable passwords created by password managers are useless if you are trying to access your account or website from someone else's computer....something that normally doesn't happen, but could very well happen in case of emergency---the house burns down, etc.  All the websites I visit that have money involved have unique passwords that I made up and that I remember....or that I can look up on my handy small stack of 4x6" index cards which I try to leave on my desk at all times.
Yeah, those gimmicks like the "security questions" and the 'I Am Not A Robot' captchas are annoying.  I'm confident that the various market research departments knows that we all hate them.
Keith B., Santa Monica, CA, USA