Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Changing Passwords
Old 01-05-2014, 12:16 PM   #1
Thinks s/he gets paid by the post
frayne's Avatar
 
Join Date: Oct 2002
Location: 19th Hole
Posts: 2,528
Changing Passwords

How often do you change passwords on your financial accounts ? I've been using the same passwords for my accounts for years and never had a problem but was just thinking might be a good idea to change them.
Do you and if you do, change, how often ?

Thanks in advance.
__________________

__________________
A totally unblemished life is only for saints.
frayne is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 01-05-2014, 01:32 PM   #2
Full time employment: Posting here.
 
Join Date: Apr 2006
Posts: 925
I probably do not change mine often enough: Every 2-3 years or when forced to by a specific institution. But, I do use strong passwords (the longest combination of random characters, numbers and symbols allowed) which are unique to each institution.

Yes, I am in a world of hurt if I ever lose my password manager or forget the master pass phrase; but, I do keep multiple backups in multiple locations. And, if I get a conk on the head bad enough to make me forget that pass phrase, I will likely have bigger worries to deal with.
__________________

__________________
If there's one thing in my life that's missing; It's the time I spend alone
Sailing on the cool and bright clear waters; There's lots of those friendly people
Showin me ways to go; And I never want to lose your inspiration
CoolChange is offline   Reply With Quote
Old 01-05-2014, 01:35 PM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,260
I can't see any logic to changing a password just to change it. If it isn't a reasonably complex one, then change it to a better one. If you think you've been hacked, obviously change it.

The only scenario I can imagine is where you were hacked w/o your knowledge, and the crook decided to wait 6 months to do anything. Then changing the PW in the interim would thwart their attempt. But I can't imagine that happening in real life. So what's the point?

If someone is trying to brute-force their way in by guessing your PW, what is the chance that your new PW would be one they already tried so they won't retry it? Near 0.000000000%.

To a degree, changing PWs is a bad thing. Since it makes it harder to remember, there is a tendency to make them simpler. That is a bigger weakness.

I've finally come up with a system that works well for me, been using it 100% for about a year, and longer in a more limited way. I just have a couple complex terms that are uncommon, but easy for me to remember. I stick a shorter, unique term in the middle, that I can write down with a clue as to which site it belongs to. So even though it is written down, the key terms are not, so that is safe. For any site where I'm not concerned about security, I use the same PW which has enough chars, a number and UC and LC letters so it works for most every site.

-ERD50
__________________
ERD50 is online now   Reply With Quote
Old 01-05-2014, 02:10 PM   #4
Thinks s/he gets paid by the post
walkinwood's Avatar
 
Join Date: Jul 2006
Location: Denver
Posts: 2,675
Quote:
Originally Posted by ERD50 View Post
I can't see any logic to changing a password just to change it. If it isn't a reasonably complex one, then change it to a better one. If you think you've been hacked, obviously change it.

...

-ERD50
+1
I think it is more important to have long passwords with a big character set (alphanumeric & special characters) than it is to change them. Also, have different usernames and passwords at each institution. Use two-step authentication if available & a password manager to keep track.
__________________
walkinwood is offline   Reply With Quote
Old 01-05-2014, 02:21 PM   #5
Recycles dryer sheets
BOBOT's Avatar
 
Join Date: Aug 2006
Posts: 415
Lastpass.
__________________
I still don't get it...
BOBOT is offline   Reply With Quote
Old 01-05-2014, 04:18 PM   #6
Moderator
MBAustin's Avatar
 
Join Date: Jul 2010
Posts: 4,148
If you want more information about passwords than you knew existed, this is a great $10 e-book
Take Control of Your Passwords

The latest advice is not to worry about changing passwords frequently, but to make sure to use long & strong & unique (never use the same one on two sites) passwords. Which requires a system (as ERD50 recommends) and/or a password manager such as BOBOT suggested.
__________________
"One of the funny things about the stock market is that every time one person buys, another sells, and both think they are astute." William Feather
----------------------------------
ER'd Oct. 2010 at 53. Life is good.
MBAustin is online now   Reply With Quote
Old 01-05-2014, 04:24 PM   #7
Recycles dryer sheets
racy's Avatar
 
Join Date: May 2007
Posts: 478
I'm more worried about shopping at Target.
Target data stolen in hack showing up on black market | Security & Privacy - CNET News
__________________
The Big Lebowski: Are you employed, sir?
The Dude: Employed?
racy is offline   Reply With Quote
Old 01-05-2014, 04:47 PM   #8
Thinks s/he gets paid by the post
veremchuka's Avatar
 
Join Date: Oct 2010
Location: irradiated - too close to the nuclear furnace
Posts: 1,294
I set up KeePass in the summer of 2012 and started to use very complex meaningless userids, passwords and my security questions make no sense at all. It'll be 2 years this summer and I will change everything at that point just because. The more articles I read about passwords and cracking the more paranoid I become. I now store the KP database on 2 flash drive not the c drive.
__________________
veremchuka is offline   Reply With Quote
Old 01-05-2014, 04:55 PM   #9
Full time employment: Posting here.
 
Join Date: Aug 2007
Posts: 892
I'm about to try Lastpass. I've been using KeePass on a Mac, but that's been a pain. Lastpass looks solid and is cross platform, which is a must for me.

I like the option of having one master password and then a different password for each site I visit. I don't have to worry about any of the individual passwords, only the master password. I expect that Lastpass will make using unique passwords even easier, since it's integrated into each web browser and available on tablets and smartphones. Plus, it looks like there's an option to backup your database to a local file.

For those that are more interested in how Lastpass works, there's a transcript of a podcast where they go into more detail: https://www.grc.com/sn/sn-256.htm
__________________
Eat, Drink and Be Merry.
tulak is offline   Reply With Quote
Old 01-05-2014, 05:15 PM   #10
Full time employment: Posting here.
 
Join Date: Jul 2011
Posts: 570
Quote:
Originally Posted by veremchuka View Post
I set up KeePass in the summer of 2012 and started to use very complex meaningless userids, passwords and my security questions make no sense at all. It'll be 2 years this summer and I will change everything at that point just because. The more articles I read about passwords and cracking the more paranoid I become. I now store the KP database on 2 flash drive not the c drive.
Last night coincidentally we had a long family conversation about security. SIL works in an area of computer security. We ended up with virtually the same recommendation as veremchuka.

One of the reasons for the meaningless/complex words (not English or other language words), is they take longer to figure out. So, if you are ever hacked, it buys some time to change the password before it is learned. We ended up with Keepass vs. Lastpass because LP is stored online. We also ended up with a flash drive since it is not stored on the computer. 2 level verification was the preferred method if/when it can be accomplished.

SIL rule of thumb was the more convenient the password storage, the less safe it is.
__________________
davef is offline   Reply With Quote
Old 01-05-2014, 07:09 PM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,883
My passwords are randomly generated and encrypted.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 01-05-2014, 07:20 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,318
Lastpass, two factor authentication when possible, and an encrypted hard drive.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is online now   Reply With Quote
Old 01-05-2014, 07:28 PM   #13
Full time employment: Posting here.
martyp's Avatar
 
Join Date: Sep 2010
Location: Bangkok
Posts: 963
This past couple of days I've changed all my passwords. I had not done it in years. Some of my not so important sites had weak passwords. My financial site passwords were strong but I decided it was time to change it up. There is a lot of good advice about creating strong passwords on the internet including some calculators to evaluate the strength of your password choice.

I just bought 1Password for my Mac. So far it seems OK. I am going to keep my financial passwords off of 1Password and anyplace on my computer for now. I'll keep a handwritten list somewhere in the house and safe deposit box.
__________________
Happy, Wild, and Free
martyp is offline   Reply With Quote
Old 01-06-2014, 01:22 AM   #14
Full time employment: Posting here.
 
Join Date: Aug 2007
Posts: 892
I spent a good part of today migrating my passwords to Lastpass. So far I like it. I went ahead and paid the $12/year for premium. One nice feature is that I can share passwords with my wife. We share a bunch of accounts, so this is a nice extra for us.

I still need to setup two-factor authentication. I'll work on that tomorrow, along with a local backup of the database. I'm still 50/50 if I want to include my more sensitive accounts. I wish those sites had two-factor authentication. That would make using Lastpass with them much safer.

Either way, I'm glad I've finally cleaned up my passwords. One more item to check off my todo list.
__________________
Eat, Drink and Be Merry.
tulak is offline   Reply With Quote
Old 06-16-2014, 02:49 PM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,318
Anybody who was having problems with LastPass remembering trusted computers (started about June 12) should know that they claim to have fixed the problem. Delete and reinstall LastPass on your browser.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is online now   Reply With Quote
Old 06-16-2014, 09:51 PM   #16
Thinks s/he gets paid by the post
 
Join Date: Jun 2014
Posts: 1,035
Randomly generated, 16 characters or more. 20 i think
__________________
dallas27 is online now   Reply With Quote
Old 06-17-2014, 11:22 AM   #17
Full time employment: Posting here.
 
Join Date: Sep 2012
Location: San Jose
Posts: 607
I finally decided to start using a password manager, and change all of my passwords to be something different and unique across sites. After much Googling, I went with LastPass and so far it's working great.

I always use the maximum number of characters a site permits, and if they don't list a maximum, I use 32 characters.

I'm also going to order a YubiKey and upgrade to LastPass Premium so I can have the two-factor authentication with a dedicated hardware device. Well worth the cost of the YubiKey and $12 a year for LastPass. They deserve at least that much from me for making such a great product.

Also, for those of you with brokerage accounts... If you really want to secure your brokerage account login, check to see if they offer their own dedicated two-factor authentication. For example, Schwab offers their own authentication token you can tie to your account.
__________________
LoneAspen is offline   Reply With Quote
Old 06-19-2014, 05:33 PM   #18
Full time employment: Posting here.
 
Join Date: Aug 2007
Posts: 892
I've been using LastPass premium for six months now and love it. It's made my life much simpler.

I ended up using Google Authenticator for two-factor authentication. It's worked well for me and was easy to setup.
__________________
Eat, Drink and Be Merry.
tulak is offline   Reply With Quote
Old 06-19-2014, 05:58 PM   #19
Dryer sheet wannabe
 
Join Date: Jun 2014
Posts: 19
+1 for lastpass

Also extremely important is to use 2-factor authentication for your email (easy with gmail). Since every account you have is probably tied to that email address it makes it really hard for a hacker to change your password.

2-factor with google sends a text to your cell phone for "out of band" authentication. Only happens on "untrusted" computers so nearly no hassle.
__________________

__________________
wqo3wt76 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 05:01 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.