Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 08-23-2014, 12:19 PM   #21
Moderator
rodi's Avatar
 
Join Date: Apr 2012
Location: San Diego
Posts: 8,817
Quote:
Originally Posted by ERD50 View Post
Trivia Q - Why is "4sa7ya" not a good password combo?

-ERD50
Quote:
Originally Posted by travelover View Post
Lincoln used it first.
And here I was thinking it was something like "should have at least one cap"
__________________

__________________
rodi is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-23-2014, 12:47 PM   #22
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 2,264
Quote:
Originally Posted by TromboneAl View Post
Maybe "None of your business!" would be a good answer.


I so love that!!! I think the person on the other end (if your answer is being verified by an agent) would get a kick out of that too.
__________________

__________________
tmm99 is offline   Reply With Quote
Old 08-23-2014, 12:48 PM   #23
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 2,264
I use LastPass also. I wish it had a mobile phone verification (with some kind of code like some credit card companies have) instead of a cumbersome table of codes though...
__________________
tmm99 is offline   Reply With Quote
Old 08-23-2014, 12:49 PM   #24
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 42,151
Quote:
Originally Posted by TromboneAl View Post
Maybe "None of your business!" would be a good answer.
Yep. Or you could go with this option...

__________________
Numbers is hard

When I hit 70, it hit back

Retired in 2005 at age 58, no pension
REWahoo is offline   Reply With Quote
Old 08-23-2014, 01:25 PM   #25
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,636
Just FYI, the Wall St. Journal did a review of the best password managers a few months ago. Although I'm completely sold on 1Password, these others also get high marks from at least some reviewers. Here's a quick look at one of the ways the Journal compared them:
Attached Images
File Type: jpg pass.jpg (303.7 KB, 32 views)
__________________
braumeister is online now   Reply With Quote
Old 08-23-2014, 05:25 PM   #26
Moderator
MBAustin's Avatar
 
Join Date: Jul 2010
Posts: 4,166
Although this is slightly off-topic, we recently had a financial account moved to a new "improved" service and were appalled to find out that this supposedly state-of-the-art financial service provider only allows passwords consisting of the digits 0-9. OMG!
__________________
"One of the funny things about the stock market is that every time one person buys, another sells, and both think they are astute." William Feather
----------------------------------
ER'd Oct. 2010 at 53. Life is good.
MBAustin is offline   Reply With Quote
Old 08-23-2014, 05:54 PM   #27
Recycles dryer sheets
prudent_one's Avatar
 
Join Date: Jul 2014
Posts: 158
Quote:
Originally Posted by MBAustin View Post
Although this is slightly off-topic, we recently had a financial account moved to a new "improved" service and were appalled to find out that this supposedly state-of-the-art financial service provider only allows passwords consisting of the digits 0-9. OMG!
That's pretty astounding. Hope it's allowed to be more than one digit long!
__________________
prudent_one is offline   Reply With Quote
Old 08-23-2014, 06:35 PM   #28
Thinks s/he gets paid by the post
 
Join Date: Nov 2009
Posts: 3,873
Quote:
Originally Posted by MBAustin View Post
Although this is slightly off-topic, we recently had a financial account moved to a new "improved" service and were appalled to find out that this supposedly state-of-the-art financial service provider only allows passwords consisting of the digits 0-9. OMG!
This is what has driven me crazy over the years. I try to use similar usernames and passwords for the many places I log into. But they have so many different rules for both items that I often forget some of them, especially if I log into them rarely. This also happened at my old job which had unsynchronized usernames and passwords for the two systems I had to sign into. Sometimes they would be the same, then one would change a month later so I would have two different ones for a little while before they would synch up again. Very annoying.
__________________
Retired in late 2008 at age 45. Cashed in company stock, bought a lot of shares in a big bond fund and am living nicely off its dividends. IRA, SS, and a pension await me at age 60 and later. No kids, no debts.

"I want my money working for me instead of me working for my money!"
scrabbler1 is offline   Reply With Quote
Old 08-23-2014, 07:32 PM   #29
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,906
Quote:
Originally Posted by scrabbler1 View Post
This is what has driven me crazy over the years. I try to use similar usernames and passwords for the many places I log into. But they have so many different rules for both items that I often forget some of them, especially if I log into them rarely. This also happened at my old job which had unsynchronized usernames and passwords for the two systems I had to sign into. Sometimes they would be the same, then one would change a month later so I would have two different ones for a little while before they would synch up again. Very annoying.
No way could I keep the various rules straight in mind mind. That's why I just rely on a random password generator that allows for choosing password lengths, and types like special characters or not.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 08-24-2014, 05:28 AM   #30
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
pb4uski's Avatar
 
Join Date: Nov 2010
Location: Vermont & Sarasota, FL
Posts: 16,490
I have three levels of passwords. I use one password for any accounts that i really don't care much if someone broke into. I have a slightly better one for those accounts that I would prefer not be broken into but if it happened it would not be the end of the world. For the critical accounts, I have a more complicated scheme that is unique to each account but had a common pattern that i can easily remember.

Since i don't do social media it would be difficult to research the answers to my security questions (like first car, HS mascot, etc).
__________________
If something cannot endure laughter.... it cannot endure.
Patience is the art of concealing your impatience.
Slow and steady wins the race.
pb4uski is offline   Reply With Quote
Old 08-24-2014, 07:17 AM   #31
Full time employment: Posting here.
 
Join Date: Mar 2008
Posts: 637
Quote:
Originally Posted by pb4uski View Post
I have three levels of passwords. I use one password for any accounts that i really don't care much if someone broke into. I have a slightly better one for those accounts that I would prefer not be broken into but if it happened it would not be the end of the world. For the critical accounts, I have a more complicated scheme that is unique to each account but had a common pattern that i can easily remember.

Since i don't do social media it would be difficult to research the answers to my security questions (like first car, HS mascot, etc).
I do much the same. Technically, good practice is a different password for every site, and a combo of upper and lowercase, numbers, letters, and symbols.

I have my "standards" as above, and now add the website in an abbreviated consistent way to the standards: i.e. "ear" in front or in back of my passwords, where ear is for the Early Retirement site. A password manager now days is a must in my opinion, and if something happens to me and family knows where to find my password manager password, they can get to the other sites.
__________________
bizlady is offline   Reply With Quote
Old 08-24-2014, 02:22 PM   #32
Thinks s/he gets paid by the post
veremchuka's Avatar
 
Join Date: Oct 2010
Location: irradiated - too close to the nuclear furnace
Posts: 1,294
I use KeePass for userids, passwords and security questions. I never use the same userid (unless they require my email address which I hate), password or answer to a security question.

What hospital were you born in?
Blue2 4X treecorn

What is you mother's maiden name?
66 excavator 18T

What was your 1st pet's name?
Altogether42 airplane 29$$

No problems with those security questions here.
__________________
veremchuka is offline   Reply With Quote
Old 08-24-2014, 02:59 PM   #33
Thinks s/he gets paid by the post
 
Join Date: May 2014
Location: Utrecht
Posts: 2,213
Quote:
Originally Posted by TromboneAl View Post
Does anyone see any problems with that?
You have to see the security question for what it is: a second password.

Since I already have one, I just put in a very long random string of characters and spaces that are garbage and do not write it down. So I'm SOL if I forget my first password.

If you can't remember your first password, why on earth would you remember a second one that you use much less frequent?

And before you say: I write it down. Well, write down your first password then. It's just as safe.

Security questions are utterly useless and should be removed from the planet.
__________________
Totoro is offline   Reply With Quote
Old 08-24-2014, 03:09 PM   #34
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,636
Quote:
Originally Posted by Totoro View Post
YSecurity questions are utterly useless and should be removed from the planet.
Perhaps you misunderstand (or maybe I do).
If you forget your password, those security questions can help you recover or reset it fairly easily. But if you don't know the answers to the security questions, you will probably be in for a major hassle if you ever need to get your password reset.
__________________
braumeister is online now   Reply With Quote
Old 08-24-2014, 03:25 PM   #35
Thinks s/he gets paid by the post
 
Join Date: May 2014
Location: Utrecht
Posts: 2,213
Quote:
Originally Posted by braumeister View Post
Perhaps you misunderstand (or maybe I do).
If you forget your password, those security questions can help you recover or reset it fairly easily. But if you don't know the answers to the security questions, you will probably be in for a major hassle if you ever need to get your password reset.
I understand that.

What I'm trying to say is that a security question and its answer are nothing other than a second password. Getting the right answer gives you access to your account, either by resetting the password or recovering it.

Here's the dilemma: if you make it easy to guess, you open an easy way for someone to break into your account. If you make it hard to guess, you need to remember it just like you need to remember your first password.

There is no distinction between a password and a security question/answer challenge. The best solution is to not forget your first password in the first place. And if you do forget, recover your password via another route (as you would do if no security question/answer exists). All sites have that option.

Not sure I'm explaining it well (it's late here). I'll try again maybe later this week

Long story short: any security expert in IT will tell you that security questions are not a good thing. Especially standardized questions.
__________________
Totoro is offline   Reply With Quote
Old 08-24-2014, 03:30 PM   #36
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,636
OK, I understand now what you're saying.
But I have often been faced with a situation where my password isn't good enough because I'm trying to login from a different machine.

In those cases, I'm asked a security question and I can easily get in.

As long as I:
a. use a password manager
b. don't use standard answers to security questions
I think I'm in good shape.
__________________
braumeister is online now   Reply With Quote
Old 08-24-2014, 03:59 PM   #37
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,299
Quote:
Originally Posted by Totoro View Post
...
Not sure I'm explaining it well (it's late here). I'll try again maybe later this week

Long story short: any security expert in IT will tell you that security questions are not a good thing. Especially standardized questions.
I think there are two cases -

1) As braumeister just mentioned - you are asked for a security Q/A in addition to the correct password. Because you are logging in from a different IP and/or different computer w/o a cookie (I was going nuts with this when I was trying out different browsers for a while).

2) They ask the security questions in place of the correct password - this can be a real issue as you point out. It really makes the password pretty meaningless, and the security Q/A effectively becomes the only real 'test'.

However, for case 2, it seems that usually means that a new password goes to the email of record. So unless the bad guy has your email as well, it is still reasonably secure... I think?

So a follow up to this is - does everyone have really strong passwords on their email? I think that is critical.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 08-24-2014, 08:05 PM   #38
Thinks s/he gets paid by the post
veremchuka's Avatar
 
Join Date: Oct 2010
Location: irradiated - too close to the nuclear furnace
Posts: 1,294
Quote:
Originally Posted by Totoro View Post
I understand that.

What I'm trying to say is that a security question and its answer are nothing other than a second password. Getting the right answer gives you access to your account, either by resetting the password or recovering it.

Here's the dilemma: if you make it easy to guess, you open an easy way for someone to break into your account. If you make it hard to guess, you need to remember it just like you need to remember your first password.

There is no distinction between a password and a security question/answer challenge. The best solution is to not forget your first password in the first place. And if you do forget, recover your password via another route (as you would do if no security question/answer exists). All sites have that option.

Not sure I'm explaining it well (it's late here). I'll try again maybe later this week

Long story short: any security expert in IT will tell you that security questions are not a good thing. Especially standardized questions.
No no no, you are wrong. I am asked security questions when I call financial institutions. And you want long complex userids, passwords and meaningless answers to security questions for each place because they are long complex and meaningless! That's why you should use some form of password safe, you never need to know any of them whether you have 2 or 200. All you need to remember is the long complex password to the safe, make it a phrase with dates or addresses like

"I used to live @ 121 Garden St but on 1/13/1998 I moved to 75 Grove St!"

which becomes Iutl@121GSbo1/13/1998Imt75GS!

Yeah that's a crazy thing to remember but to you it really means something so it is easy peasy lemon squeezy for you to recall.
__________________
veremchuka is offline   Reply With Quote
Old 08-25-2014, 02:02 PM   #39
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
TromboneAl's Avatar
 
Join Date: Jun 2006
Posts: 11,202
Quote:
Originally Posted by easysurfer View Post
No way could I keep the various rules straight in mind mind. That's why I just rely on a random password generator that allows for choosing password lengths, and types like special characters or not.
I want to do that, but I always wonder if there will be some situation in which I'm away from my computer, and need to remember the password. That would be frustrating, but it's pretty unlikely.
__________________
Al
TromboneAl is offline   Reply With Quote
Old 08-25-2014, 02:14 PM   #40
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
TromboneAl's Avatar
 
Join Date: Jun 2006
Posts: 11,202
Quote:
Originally Posted by veremchuka View Post
make it a phrase with dates or addresses like

"I used to live @ 121 Garden St but on 1/13/1998 I moved to 75 Grove St!"

which becomes Iutl@121GSbo1/13/1998Imt75GS!

Yeah that's a crazy thing to remember but to you it really means something so it is easy peasy lemon squeezy for you to recall.
I wouldn't go as far as lemon squeezy. I would probably be thinking:

Was it 01/13/1998 or 1/13/98? Did I use Mountain View Street or Mountainview Street? Was it "I used to live" or was it "I lived at"? Was it "but on 1/13/1998 or "but I moved on 1/13/1998" Was it, "I used to have a parakeet but now I have a tarantula"?

Once I used a system like that, but there was a word that could have been one word or two.

Remember that it might be a few years between memorizing and remembering. Once I had to enter my zip code at the gas station, and I forgot it.

-----------------

A lot of companies get this stuff wrong. I've noticed that some companies use the last four digits of your SSN. I presume the logic is that you don't have to use your whole SSN, because that's sensitive--it is essentially a password.

BUT, as soon as different companies use the last four digits, then the last four digits become sensitive--they are now a password.
__________________

__________________
Al
TromboneAl is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Trusted Source for Answers to SS Questions fredberry FIRE and Money 5 10-27-2010 01:39 PM
SWR -I thought I had all my answers bigla FIRE and Money 4 10-08-2007 06:50 PM
Male/Female Differences - Scientific Answers? Billy Other topics 39 12-04-2006 11:36 AM
Best Answers to the Standard Questions TromboneAl Other topics 20 07-27-2006 12:19 PM
Scott Burns answers financial advisor's Vanguard questions Nords FIRE and Money 19 12-04-2005 12:11 AM

 

 
All times are GMT -6. The time now is 10:58 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.