SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Ever think about putting a website name in your password?
Go
New
Find
Notify
Tools
Reply
  
Ever think about putting a website name in your password? Login/Join 
Go Vols!
Picture of Oz_Shadow
posted
I am not suggesting using a password that isn't a reasonably secure password.

I occasionally get those warnings from identity monitoring companies saying a password associated with my primary email as the username has been compromised but they often do not tell me the website. I suspect many are from old website forums where I regularly used the same old password associated with low risk sites.

I was thinking something like the following as a new password format: xA#f14$987golfwebsite

That way I know who had the security breach.

Anyone think that's a bad idea?

I try to keep higher risk login credentials completely unique these days.
 
Posts: 17944 | Location: SE Michigan | Registered: February 10, 2007Reply With QuoteReport This Post
Oriental Redneck
Picture of 12131
posted Hide Post
quote:
Originally posted by Oz_Shadow:
I try to keep higher risk login credentials completely unique these days.

Does that mean you have the same password for "low risk" sites?

Whatever your method, make it a difficult one. And uniquely difficult for different sites.


Q






 
Posts: 28221 | Location: TEXAS | Registered: September 04, 2008Reply With QuoteReport This Post
Baroque Bloke
Picture of Pipe Smoker
posted Hide Post
^^^^^
Re: “Whatever your method, make it a difficult one. And uniquely difficult for different sites.”

Amen. Thank goodness for password managers.



Serious about crackers
 
Posts: 9699 | Location: San Diego | Registered: July 26, 2014Reply With QuoteReport This Post
Alea iacta est
Picture of Beancooker
posted Hide Post
I use movie quotes. Usually no less than 40 characters. Replace i’s with 1’s or a’s with 4’s and use all correct punctuation and spaces.
As of now, I have never had an issue.



quote:
Originally posted by sigmonkey:
I'd fly to Turks and Caicos with live ammo falling out of my pockets before getting within spitting distance of NJ with a firearm.
The “lol” thread
 
Posts: 4524 | Location: Staring down at you with disdain, from the spooky mountaintop castle.  | Registered: November 20, 2010Reply With QuoteReport This Post
Honky Lips
Picture of FenderBender
posted Hide Post
Think of 5 unrelated 5 letter words, use that, its mathematically secure enough.
 
Posts: 8195 | Registered: July 24, 2009Reply With QuoteReport This Post
Alea iacta est
Picture of Beancooker
posted Hide Post
quote:
Originally posted by FenderBender:
Think of 5 unrelated 5 letter words, use that, it’s mathematically secure enough.


Fender Bender, let us not forget who you are…

https://sigforum.com/eve/forum...230020464#3230020464



quote:
Originally posted by sigmonkey:
I'd fly to Turks and Caicos with live ammo falling out of my pockets before getting within spitting distance of NJ with a firearm.
The “lol” thread
 
Posts: 4524 | Location: Staring down at you with disdain, from the spooky mountaintop castle.  | Registered: November 20, 2010Reply With QuoteReport This Post
His Royal Hiney
Picture of Rey HRH
posted Hide Post
that method works for email addresses like using ReyHRH+Sigforum@gmail.com. If you start getting spam emails, you know it was taken from Sigforum. But how would it work for passwords? It won't let you know the password that was hacked.

For non-internet passwords, I use something like Bender's formula: Five-words-that-I-always-remember+name of the thing I'm protecting+last word I also remember.



"It did not really matter what we expected from life, but rather what life expected from us. We needed to stop asking about the meaning of life, and instead to think of ourselves as those who were being questioned by life – daily and hourly. Our answer must consist not in talk and meditation, but in right action and in right conduct. Life ultimately means taking the responsibility to find the right answer to its problems and to fulfill the tasks which it constantly sets for each individual." Viktor Frankl, Man's Search for Meaning, 1946.
 
Posts: 20262 | Location: The Free State of Arizona - Ditat Deus | Registered: March 24, 2011Reply With QuoteReport This Post
Optimistic Cynic
Picture of architect
posted Hide Post
A properly-configured login capability should never ever store a secret "in the clear." Instead, the password is stored in an encrypted or hashed form. When the user enters a challenge, the challenge is encrypted/hashed with the same algorithm before comparison with the stored value. (There is, of course, somewhat more to it than that.)

So anybody presenting "your password" to you must have obtained it from an improperly-provisioned site. Encrypted storage of login secrets has been a best practice since at least the 50's, long before the Internet was built out, or the first web server authored.

It is far more likely that the password was obtained by a "man in the middle" attack, a keystroke logger, or some other interception technique (perhaps via software surreptitiously installed on the compromised provider's system) rather than decoded from some password data store. So associating a compromised password with a particular site does not necessarily implicate that site in the breach (except that they might be negligent in their security policies and/or procedures), and is unlikely to positively determine some entity to "blame."
 
Posts: 6941 | Location: NoVA | Registered: July 22, 2009Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Ever think about putting a website name in your password?

© SIGforum 2024