Results 1 to 5 of 5
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    New reports remind us to check our security




    TOP STORY

    New reports remind us to check our security

    By Michael Lasky

    Whether via phishing campaigns, compromised email attachments, or easily broken passwords used at multiple sites, most malware enters our computers because we let it in. Corporate security organizations are continuously monitoring the roots and methods of malware intrusions, and companies such as RISKIQ and Splashdata publish annual reports on what they find.

    The full text of this column is posted at WindowsSecrets.com/top-story/new-reports-remind-us-to-check-our-security]/ (free content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Dec 2009
    Location
    Vancouver, BC, Canada
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I agree with some of this (strong passwords, two factor authentication for banks), but I don't agree that you should use a different, strong, password on every site. Take, for example, forums (like this one).
    It is pretty much the rule that you can't post or reply on any forum without first creating an account with a login name and password. I have accounts on well over 100 forums, covering a wide range of areas. On many of them I have posted one question, and more often than not I have got the information I was looking for.
    I use the same password on all of these forums (unless, like this forum, they have password requirements that my standard password doesn't meet).
    Why should I be concerned if someone else accesses my account on any of these forums? Everything I have posted is already public. Yes, someone could try to destroy my reputation (Ha!) by impersonating me, but they could do that anyway by creating a user name that looked like it was mine.
    Then there are all my online magazine subscriptions (another 20 or so). I don't really care if someone else reads my magazines, and they are welcome to login and pay my subscriptions if they care to. I would be concerned if they stole my credit card information, but whenever possible, I don't leave that on the site.
    There are other examples of where I don't believe a strong password is warranted, but I will stop there.
    So I would say: really strong passwords for a relatively small number of critical accounts, but you really don't need a unique, strong password for many others.
    Last edited by raspencer; 2016-01-27 at 22:19.

  3. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,207
    Thanks
    49
    Thanked 989 Times in 919 Posts
    If you use a password manager there is no cost to using different passwords.

    cheers, Paul

  4. #4
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    agree with raspencer...to much of a pain on sites I don't much care about (which is generally those that don't have my credit card).

    Disagree with Lasky who simply copied the advice of the linked post that a 12 character password is sufficient where it counts. I get torked when a site still limits me to 15 max. Yes, it is a big number of random generated passwords if keyboard ASCII is allowed (which often it is more limited than that) 12^95, but most people are not going to use random and be open to library attacks. People are people which is why 123456 keeps on winning, especially if forced to change it with any frequency. If you are going to use a memorable passphrase--which is fine--you want it long because it is subject to a library attack.

    A encrypted on computer password manager is the only way to go for security. Most 2FA I have seen sucks, but I do like the cell phone security code idea. If only our government didn't prohibit decent (really any) encryption built into cell phones then it would be pretty solid against interception.
    Last edited by Fascist Nation; 2016-01-28 at 15:58.

  5. #5
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 406 Times in 378 Posts
    In the original post above (#1), it says the following:

    Quote Originally Posted by Kathleen Atkins View Post
    The full text of this column is posted at WindowsSecrets.com/top-story/new-reports-remind-us-to-check-our-security]/ (free content, opens in a new window/tab).
    However, when you click on the link and go to the article, you read a little bit, and it then says the following:

    This article is part of our premium content. Join Now...Already a paid subscriber? Click here to login.
    Obviously it is NOT free content; you have to pay to read it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •