Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 


 
     
Recent Posts
   
Popular Topics
Home   
Search
    Members    Calendar    Who's On

Home » SQLServerCentral.com » Editorials » Password Help
Add to briefcase
39 posts, Page 1 of 4
1234»»»

Password Help Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
Steve Jones - SSC Editor
Posted Wednesday, June 27, 2012 9:23 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 3:19 PM
Points: 31,526, Visits: 13,863
Comments posted to this topic are about the item Password Help






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1322251
marlon.seton
Posted Thursday, June 28, 2012 1:47 AM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Today @ 2:07 AM
Points: 566, Visits: 200
It's so much easier to use long and intricate passwords if you can type.
Post #1322313
call.copse
Posted Thursday, June 28, 2012 4:17 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Today @ 4:19 AM
Points: 1,111, Visits: 714
I did try using passphrases myself at some point (http://xkcd.com/936/) however unfortunately when you get to that length it typically takes 3 tries on a good day to type the things out right. Guess I'll have to stick to using 'password' everywhere - no-one will guess anything that obvious.
Post #1322352
paul.knibbs
Posted Thursday, June 28, 2012 6:14 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Today @ 8:56 AM
Points: 1,270, Visits: 4,303
The one problem with using KeePass is that it's fine if you're only ever using these passwords from the machine where your password database is stored. Becomes more of an issue if you're on a different machine and can't access that anymore!
Post #1322384
jims-723592
Posted Thursday, June 28, 2012 6:30 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Wednesday, March 06, 2013 7:35 AM
Points: 90, Visits: 102
Keepers are fine, if you care
For LinkedIn? My PW is password (or Passw0rd, if they are more pesky)
For my Bank login? password isn't gonna go there, that's where I use a keeper

90% of my passwords are Passw0rd or password, cause I just find it an annoyance, and really don't care

And yes, Facebook is one of them.... All the social "junk", pretty much all that don't hit my bank account (With financial impact, view only, back to password...)

I'd prefer something other than a password to authenticate, possibly a "Global Id" linked to the smart phone (And yes, there are downsides and privacy concerns, many could be worked around)
If I could just link up my computer with my phone, and just surf... Let them work out one time codes that identify me. No annoying "log in to whatever", just keep going
Post #1322396
William Soranno
Posted Thursday, June 28, 2012 6:47 AM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Thursday, May 30, 2013 6:13 AM
Points: 65, Visits: 346
I have the self contained version of KeyPass installed on my flash drive I carry with me. That way I can run the program from the flash drive no matter what computer I happen to be using.

Bill Soranno
MCP, MCTS, MCITP DBA
Database Administrator
Winona State University
Maxwell 148

"Quality, like Success, is a Journey, not a Destination" - William Soranno '92
Post #1322414
chrisn-585491
Posted Thursday, June 28, 2012 6:49 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Today @ 10:57 AM
Points: 488, Visits: 1,293
I'm not surprised.

I knew a couple of years ago that Linkin was going to have security issues considering their lack of response to several rounds of spam and other annoyances, I canceled my account. Like 90% of security problems, this is a management issue.
Post #1322416
Steph Locke
Posted Thursday, June 28, 2012 6:57 AM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, June 13, 2013 2:26 AM
Points: 129, Visits: 595
We are rolling out an intranet AD-auth password store after increasing numbers of us have started using keepass and one or two other password stores in work. This will really help educate users on the practice of having stronger, more varied passwords.

I have one password that I use variations of for most day to day things, but then I randomly generate passwords for sites where security is more important and these all go in keepass. My keepass has a passphrase and key to access it with the database file and the key stored in dropbox folders. I'm a bit paranoid about passwords so I often play coy about naming where the login is for so that even if someone cracked the database files (which I worry about with a program where the code is downloadable and interragatable) they still would have to work a fair bit to match the logins to the right site and all my banking sites have a further auth step which isn't ever stored on my keepass.
Post #1322424
Gary Varga
Posted Thursday, June 28, 2012 6:59 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Today @ 12:40 PM
Points: 3,613, Visits: 1,225
William Soranno (6/28/2012)
I have the self contained version of KeyPass installed on my flash drive I carry with me. That way I can run the program from the flash drive no matter what computer I happen to be using.


...and therein lies the crux of the matter. The solution cannot be based on something that people are not allowed to use in all circumstances. I am often on client sites where I would be immediately escorted offsite (after a serious grilling and an inspection of the machines used, if not me physically) if I tried to install software or plug in a USB key.

I thought that a federated security system would do it but no. Every site has to hand roll their own security.

To keep the theme going the password that I use is "1fY0uB3l13v3Th1sTh3nY0uAr3..."

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1322428
GA Programmer
Posted Thursday, June 28, 2012 8:17 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Today @ 6:58 AM
Points: 127, Visits: 104
Not only do you need to be able to access the password manager, but if someone cracks your password manager password, they

a) have a list of every online account you have and
b) now have access to every one of them.

Having a unique password and/or login to every site is one of those eggheaded ideas that sounds great on paper but has no real practical application in the real world.

I know I easily have over 100 online accounts in one form or another - there is no way that I could possibly have 100 passwords that I could remember. I would rather they have access to a small subset of my passwords than all of them!
Post #1322495
« Prev Topic | Next Topic »

Add to briefcase
39 posts, Page 1 of 4
1234»»»

Permissions Expand / Collapse

 
 
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.