Results 1 to 14 of 14
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Is it safe to remove old .Net versions?

    LANGALIST PLUS

    Is it safe to remove old .Net versions?


    By Fred Langa

    Microsoft's .Net framework has been around since the XP era, and most PCs have several .Net versions installed. Here's how to determine whether you really need them. Plus: A very weird GodMode failure causes continual restarts, and a grim and final warning on eight-character passwords.

    The full text of this column is posted at windowssecrets.com/langalist-plus/is-it-safe-to-remove-old-net-versions/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Feb 2014
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Better hurry on that password matter.

    Assuming that your critical web site will allow you to enter an average of 3.5 quadrillion wrong passwords on a single logonid before locking you out, and assuming that you can consistently feed one password per second to that webserver, it will take our evil Linux hacker 1.11 * 10^8 years to enter those 3.5 quadrillion passwords. Of course he may be down on his luck, in which case it might take him twice that long.

  3. #3
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    Fred’s news about 8 character passwords is rather troubling.

    It’s possible to change to 12 characters for sensitive sites, but it’s the all-important password manager that worries me. Currently I use 10 characters, with upper and lower case letters, numbers and symbols, which is rated as strong - at least it was the last time it was checked – and it was something I could remember. But 12 or more characters is another matter. It seems that I will have to write it down and keep near the PC, which is OK provided we are not burgled whilst out of the house.

    It would be interesting to know how Fred copes with 16 characters for his password manager.

  4. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,752
    Thanks
    171
    Thanked 650 Times in 573 Posts
    Why does a password manager worry you? Fred said he wouldn't want to remember 16-character passwords.

  5. #5
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    Perhaps I didn’t express myself clearly enough. I use 10 characters to log in to Lastpass, which is about the maximum I can remember at my age, and even then I had to keep a written record for quite a while before confident enough of remembering it.

    Obviously LastPass itself needs a secure p/w to prevent a hacker gaining access to my bank and savings accounts, so 12, 14, 16 or more characters are now essential, but I’m not very happy about keeping it on a notepad beside the PC. But what other option is there?

    I have considered keeping it on a USB stick, but then they fail sometimes, and it would then probably be recorded somewhere in temp files, which a hacker would be able to access.

    Fred said he wouldn't want to remember 16-character passwords, but he has to remember the one for his p/w manager, perhaps with 700 p/ws he is using it so often he can remember it.
    Last edited by georgelee; 2016-02-25 at 06:52. Reason: added space between paragraphs

  6. #6
    WS Lounge VIP access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    1,725
    Thanks
    147
    Thanked 156 Times in 149 Posts
    George, you're right that a notepad next the PC isn't very good. But it could be placed somewhere not obvious (in a drawer say).

    Another possibility - I have many of my books on shelves in my room. I could make a password from one of them say LondonRailwayAtlas. You could use zeros for Os etc, or add some punctuation - L0ndonRa1lwayAtlas4thedition. So you could have quite a long password and it would be hidden in plain sight!

    There are other ways as well - if you have a spreadsheet with many tabs, then one of them could have the password (but not on a tab called password!).
    Talk is cheap because supply exceeds demand

  7. The Following User Says Thank You to access-mdb For This Useful Post:

    georgelee (2016-02-26)

  8. #7
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Delaware, US
    Posts
    1,171
    Thanks
    19
    Thanked 99 Times in 88 Posts
    I'm sorry, but this whole business of length and nature of passwords is completely wrong headed - to my way of thinking. It's putting the responsibility squarely on the shoulders of the person least capable of ensuring security - the end user.

    There are web sites I routinely access that give you a limited number of tries at login. Get it wrong and you are locked out until you re-authenticate yourself and reset the password. That completely stops brute force attacks.

    I've used VPNs with three different companies that require 3rd-party authentication by way of numeric token that changes every 30 seconds. And there are dozens of different ways to accomplish this.

    My bank won't let you log in from a computer other than your regular one without a phone call to authenticate. Plus, it automatically resets that every couple weeks so that you have to re authenticate.

    IOW, the holder of the content can and should take the responsibility of securing that content. They are far better equipped to protect it than someone to whom a computer is a thing of total mystery.
    Last edited by gsmith-plm; 2016-02-25 at 11:32.
    Graham Smith
    DataSmith, Delaware
    "For every expert there is an equal and opposite expert.", Arthur C. Clarke (1917 - 2008)

  9. #8
    Silver Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    2,378
    Thanks
    235
    Thanked 147 Times in 136 Posts
    Quote Originally Posted by georgelee View Post
    Perhaps I didn’t express myself clearly enough. I use 10 characters to log in to Lastpass, which is about the maximum I can remember at my age, and even then I had to keep a written record for quite a while before confident enough of remembering it.
    .
    George
    One easy method you could employ would be to use your existing PW and prefix or suffix a pass phrase that is easy to remember.
    example:

    One green fox jumped oVer the %arn.

    I think even I could remember that, and you could always write that down and let 'em guess what to do with it

    David

    Just because you don't know where you are going doesn't mean any road will get you there.

  10. #9
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    [QUOTE=access-mdb;1046342]George, you're right that a notepad next the PC isn't very good. But it could be placed somewhere not obvious (in a drawer say)./QUOTE]

    Of course you are right, I can keep the notepad beside the PC, and only hide it when the house is unoccupied. As it will be used every day, it should avoid a previous mistake – 3-4 years ago I bought a couple of Krugerrands, kept them in my desk drawer for quite a long time, then decided to put them somewhere more secure. Unfortunately they can’t be found, but must still be in the house somewhere.

    Your second option has been considered, and rejected, as requiring a really long password, which is too prone to error even with my one finger typing. Also, remembering which letters had been replaced by numbers or symbols would probably necessitate employing the above option.

    Your third suggestion is appealing, it would be really well hidden if added as a comment somewhere on a spread sheet with many comments, and it would save typing errors by copy and pasting to log in to Lastpass. I shall definitely test how practical this is, whilst hiding away my notebook at night and when leaving the house.

    Many thanks
    George

  11. #10
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    [QUOTE=gsmith-plm;1046344]I'm sorry, but this whole business of length and nature of passwords is completely wrong headed - to my way of thinking. It's putting the responsibility squarely on the shoulders of the person least capable of ensuring security - the end user./QUOTE]

    I agree wholeheartedly, but there is little one can do about it.

    My bank, and some other sites only request 3 or 4 characters from the password, and I often wonder whether this is more or less secure than asking for the whole password. After all, it shoudn't take too long to crack 4 characters, and some sites still ask for the same characters if one makes a mistake, with no indication of how many errors are allowed before blocking further attempts.
    Last edited by georgelee; 2016-02-26 at 08:56. Reason: typos

  12. #11
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    Wavy, thanks but as mentioned two posts ago - too much typing.

  13. #12
    Silver Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    2,378
    Thanks
    235
    Thanked 147 Times in 136 Posts
    Quote Originally Posted by georgelee View Post
    Wavy, thanks but as mentioned two posts ago - too much typing.
    Well you want a long password w/o the memory reqs and now its too long? You are just too hard to please
    fingerprint reader
    https://www.cdw.com/shop/products/Di...g!69695845134!

    David

    Just because you don't know where you are going doesn't mean any road will get you there.

  14. The Following User Says Thank You to wavy For This Useful Post:

    georgelee (2016-02-27)

  15. #13
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by wavy View Post
    Well you want a long password w/o the memory reqs and now its too long? You are just too hard to please
    Too true! But it turned out that you supplied the answer.

    Changing the password proved surprisingly difficult, as every time I generated a 12 character password and entered it, a note said it was very weak, as it shows in the vault as generated p/w for LastPass. Even deleting that and creating another, writing it on a notepad and manually entering it rather than pasting, still showed the ‘generated password’ message.

    On reflection, I don’t see why that makes it weak, as one has to know the p/w to open the vault, but that didn’t occur to me at the time - getting senile.

    Eventually deciding it was necessary to skip the p/w generator and create my own, I began adapting one of the generated p/words when I remembered your suggestion, which now seemed worthwhile. Adding my 7 digit RAF number from 1950 to the existing 10 character p/w gives a nice long password that I can easily remember without the need for written records.

    Problem solved. Sincere thanks to you Wavy.

  16. #14
    Silver Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    2,378
    Thanks
    235
    Thanked 147 Times in 136 Posts
    Glad to have helped George.
    David

    Just because you don't know where you are going doesn't mean any road will get you there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •