Computer Related > Password Security Computing Issues
Thread Author: Ambo Replies: 4

 Password Security - Ambo
Do any staff of a service covered by a password know what it is? I assumed that a password created by me and not revealed to anyone else could be known only to me but have never checked.
 Password Security - Zero
>> Do any staff of a service covered by a password know what it is? I
>> assumed that a password created by me and not revealed to anyone else could be
>> known only to me but have never checked.

Passwords should not be recoverable or visible to any staff of a service, and should be "hashed"* in case a hacker gets in. All staff can do is provide a link or assistance to create a new password once your identity has been verified.


*Hashed. When a password has been “hashed” it means it has been turned into a scrambled representation of itself. A user's password is taken and – using a key known to the site – the hash value is derived from the combination of both the password and the key, using a set algorithm.
Last edited by: Zero on Fri 21 May 21 at 12:48
 Password Security - No FM2R
Which is true as far as it goes, but evil continues to learn and the world isn't that safe....

This will tell you everything, and is worth a read IMO

www.scientificamerican.com/article/the-mathematics-of-hacking-passwords/

tl:dr your password can become known.

I'd add two other possibilities to consider;

- Some websites, though less these days, are run incompetently and may hold passwords in the clear.

- Sometimes websites offering some attractive but easy to do service are set up solely to gather username/password combinations.

In the end the advice is fairly simple;'

Use long complex passwords (Longer is better than complex, both is best)
- 12 - 15 characters
- use upper/lower case, numbers and special characters
- Don't bunch up the special characters (all at beginning or end) or rely on substitution (3/e o/0 etc.)

Never use the same password on two sites/accounts
- because maybe one site you use it on is a weak, insecure, site and the other is your bank.

I use unique 20-something character, randomly generated passwords for every account that matters. And I have a 12 character junk password that I duplicate across every account I don't care about.

I find that the best/easiest way to do that is to use a password manager. I use Lastpass and Bitwarden, but there are others.
Last edited by: No FM2R on Fri 21 May 21 at 15:26
 Password Security - sooty123
I use nordpass, seems quite good and I know how to use it, as in you don't need to be into computers to use it.
 Password Security - No FM2R
I use two because I rely on it so totally that I fear losing access, either through my own fault or theirs.

There is also an encrypted copy held elsewhere.

Paranoid? Moi?
Latest Forum Posts