I'd better change my password from '**************' to something more secure. Something I've noticed which is disturbing is some people using the same password for every website, which is kind of understandable given there are so many passwords to remember, but at the very least, have a seperate password for critical stuff like online-banking, Paypal and emails.
I have the same passwords for low level stuff that I couldn't care less about. Nobody would try and hack it kind of thing... but yeah, for banking and paypal where it could cost me dearly, there is a password for each and all should be very difficult to crack. But hey.. If a hacker is determined to hack something. I think he or she would eventually get round to dong it!
People using number substitution for letters like 3 for E or e and 1 for L or l and 4 for A or a, believe that they are making their password more secure, they aren't, if the normal password can be cracked by a dictionary attack, the obfuscated word will take only a little longer. Phrases combining caps, symbols and numbers are best and preferably longer phrases at that.
There's a password-strength checker here if anyone wants to check theirs out. I hope it's genuine, or else it's harvested several of mine
This is something I have pondered over time and time again, particularly as it is impossible to remember the log-in credentials for every site used. As well as creating safe (uncrackable) passwords, it is also necessary to ensure they are safe (not stolen) I store log-in credentials onto a web-based encrypted server that requires two-factor log-in. All encryption of log-in credentials is done on the local machine and, even when decrypted, are still obfuscated and only make sense to me! I try to remember what credentials I can, thereby minimizing the risk associated with logging into a website that store my passwords etc.. I never store passwords on the local machine, lest the PC should be stolen!
Sounds like the one I use Howerd, I use a service that is so secure that the hosting company cannot decrypt anything if you lose your password. I remember one very complex multi word phrase mixed case and exotic characters that gets me into that service, as you say the decryption occurs client side so you just need to make sure the client side system is secure. Like you I store all other not so often used passwords in this service in the knowledge that it is completely safe.
Passwords, eh...??? I have a terrible memory, and often enough I have to contact whoever to help me reset the passords.... I wouldn't really need to do it, but her indoors keeps messing about with my various accounts, which I leave open, to show what a trusty imbecile I really am...
Heres a useful tip I learned a while ago when choosing passwords: use the first letter from a sentence, and add some random numbers, example ktsiamditmonw4e Keith the scouser is a mountain dweller in the middle of north wales 4 ever I've noticed Gmail have Two-step verification authorisation for Google Apps accounts when user signs in on a PC from a new or unrecognized computer - a big step forward I think, but still doesn't stop someone like the thief who steals your laptop.
Yes, I think we could well be talking of the same service and I really hope it is as secure as they say it is. At least there is some comfort to be gained from the fact you can actually see the encryption take place on your own PC!
I always use 2-step authentication on GMail - even from my home PC, but that is really down to the fact that I use the incognito mode of Chrome, so cookies always get deleted when browser window is closed. You can always untick the box when you log into GMail so that it does not remember your PC!