Subject: a note about choosing passwords

I found my wife was using the same password for a jive school site as she uses for her main email. So if you've got an unscrupulous underpaid civil servant webmaster he's got both the email and the password and he can do identity theft and much more.

So never use your main password at other sites because it only takes one morally compromised person with access to the database. Some places encrypt the password "at rest" as they say, but there's still a decent chance that the morally compromised person has access to the decryption code.  So don't do that.  I'm not one of these super paranoid folks, but you certainly shouldn't make it easy for 'em.  

Side note: Internet security is getting even more annoying as we have two factor and multi-factor auth and have to go grab our phones to login to something.  And since I gave my phone number for some Xbox stuff I get these text messages when the boys are trying to auth into some game.

I thought when I first started to work on the web back in the late 90s that we'd figure out Internet security and auth but here we are.

MrFixit aka Denny

FWIW, a site with a encrypted password NEVER decrypts it.  They usually can't.  Instead they encrypt the password that you type in and see if the results match.  Assuming they use a good algorithm, finding a random string that produces a particular encrypted result is as hard as cracking the password itself.

👌🏻👏👏👏

thnx for this Denny. Always on my mom about the pw thing. Thankfully getting through to her and she’s better w it now, but I’m super careful and even I’ve had some issues in the past w info getting out. Malwares on the rise and everyone after millennials basically came out of the womb knowing how to write code, so hacks are getting more common. +all the spammers, robocalls, bot farms, etc.. 😵‍💫 it’s a lot. Good PSA

I’d also add to anyone who doesn’t know that even w some silly sites, like dominos pizza or something, if theres payment info attached, like a card on file, always make the password long w no personal identifiers (ie, nix your pets names, hometown, & bdays..esp anything that can be found on social media) and write it down in a notebook. Hard copy that won’t get lost! Just my 2 cents

*Really* surprised that Nellie is just learning jive this late in life.  What with her natural hip-ness, sassy gangsta swagger, and so forth, and your musical history (and hers, too??).........seems like that would have been her third language, if not (first or?) second.  At least it's good to know there are still some schools out there offering jive lessons.  Need to keep that lingo alive, if for no other reason than in case there happens to be yet another "Airplane!" movie later on down the line. 

[And as an aside...........am surprised nobody noted Leslie Nielsen on the "comedians with the driest wit" thread.]

Lol kumquat I’m so glad you mentioned airplane bc as soon as I read your comment abt jive I was like, hey what movie is that where …(then thankfully didn’t have to ponder too long.) and yea, my dad would murder me for not mentioning Leslie, SURELY. (And then you say..)

And, don't call me Shirley! Roger, Roger? :)

I use Password Safe for the majority of my passwords. Makes it pretty easy to keep them all different, but sure is a pain when logging-in to streaming services on the TV. I have noted that there is an increasing number of websites that skip passwords altogether and just send a code to your phone. I agree it's annoying when the kids/grand-kids device logins require 2-factor. It'll be interesting to see how the process evolves in the future.

What, you mean my stripper name (childhood pet + childhood street) isn't good enough???

Dusty Duval 

BillWolfe- yes, that's the theory but if you believe that's actually done everywhere well I have a bridge I'd like to talk to you about. Like I said I'm not super paranoid but just don't make it easy for 'em. Same thing applies to credit card numbers. Some sites will store 'em for you. I usually let the browser help me rather than have that info off somewhere out of my control where I just have to trust.

outskirts - I don't have a stripper name, I use my rapper name Lil Doozy tho and my childhood pet was Jupiter and then I just append 456! and tada Secure Password. LilDoozyJupiter456! Notice how my use for 456 makes it way more secure than just 123.  I'm kinda a security guru. You should listen to me!

I used to use the same moderately difficult password for everything until I got a message from Netflix that someone in China had successfully accessed my account to watch a movie. Now I use the Keeper Security app to autogenerate 20-character passwords that are unique to each web site, so no two will ever be the same. The app is free, but I upgraded to $35/year for extra features. The peace of mind is worth it. 

I'd love to have that bridge, but I live in Saint Louis and I'm still making layaway payments on the Arch that is going to be mine as soon as I finish paying for it.

Yes, I realize that a lot of sites are poorly designed. sigh

BTW: Every time a site puts additional restrictions on the passwords you are allowed to use it makes it easier to do a brute force search.  If you require 10 characters with at least one capital letter, one number and special character a lot of people will choose things like Password1!

Nonetheless I agree this is a good PSA.  I just don't expect it to have much impact

Ah, thanks, pegster. We have clearance, Clarence. 

Gmail has a new free dark web scan feature under its security settings and it shows you if any of your passwords, emails, addresses, phones, ss #, etc shows up on dark web. Only takes a sec. And based off my fams scans, I’m guessing a lot of folks will be unpleasantly surprised. 

Tbh I have no idea how society plans to safeguard personal identity going forward, but there will need to be a major overhaul. I’m not paranoid either Denny but agree it’s always good to be cautious, and from what I’ve seen w all the bot duplicate accounts on ig and fb, it’s rlly not an option not to at least try to be safe online anymore. It’s why I deleted my social media. Also bc I watched “the great hack” and also “the social dilemma” on Netflix. (highly recommend.) 

I def agree abt the credit card stuff too. And Identity theft is rlly hard to battle from what I’ve read.it’s better to be safe than sorry. These days Im just hopeful I’ve not done anything too dumb in the past, but sadly I bet I’ve made some stupid security choices over 30ish years of internet access. 

Lol also I remember some article I read years ago w some creator of “FarmVille” game on fb. He was basically like look I’m an honest guy but I have personal details of everyone who uses this game bc fb sends me the data to make improvements but it’s like way too much and I don’t want it all! And this is just a game! 

I only lol bc the poor guy sounded like he was drowning in info he didn’t want, and like he felt guilty for it but wanted ppl to know he wasn’t going to do anything w it but that other folks won’t be the same and that their data is everywhere and to understand that comes w risks. He said he still has the stuff bc he doesn’t know what to do w it even tho he hadn’t worked there in years or something. It was a crazy enough article to stick w me for years now. 

This is all VERY enlightening - and explains an enduring mystery.  I had been wondering how some/many/several/a lot of losses have shown up on my record of play, when clearly/surely/Shirley I almost never lose.  So............someone *VERY* stinky must have swiped my password and been playing as me.  Thank you, MrFixit for this valuable insight.  Now all that remains is for you to go into the stats and correct all my loss tabulations.  That might take awhile, and be burdensome..........so let's just say........wipe out 95% of the losses, and call it square. Sound fair enough?

What a coincidence, TN. Same thing happened to me. 

In fact, I’m p sure I’ve never lost one yet…

Yes Denny, pls take care of this at once. (And if you wanna comp us a few thousand points for our trouble, I won’t argue..)

 ;)

I don't wanna be putting words in smelly's mouth (gag!)........but I'm pretty confident that, like myself, he's not an elo chaser - so these "points" of which you speak may fall on (smelly) deaf ears.  🦻🦻🙉

It's difficult to argue against that. I've got nothin'. 

Denny: My rapper name is Mz Du Du 😉 short for my stripper name Dusty Duval, look for me on striprap-agram 

It's going to get more annoying when when we all need to log in with passkeys using our phone for every site. I have a patent on a system that sends a map with a faux latitude and longitude created by the server using an offset each time it is sent and allows you to use a place on the map as your password. Every time you reply to the server, your password is a tuple of numbers that are meaningless to anyone but the server which can decode the lat and lon to get the real coordinates. You could print the image with the name of the site and no one could tell where it was (unless you chose the statue of liberty) but you would know instantly where to find it on a map.

That's *exactly* the type and degree of uncertainty one should expect from Schrodinger's cat. 

Hey schrodingerscat, I think your name is my fave so far. 

Could you clear something up for me? Are you alive or dead? And why do you keep a poison vial in your cat box anyway? 

Ps- that’s cool abt the patent. ..I always say cats are so smart