Announcement

Collapse
No announcement yet.

are you changing your passwords because of heartbleed?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • are you changing your passwords because of heartbleed?

    aloha!!!

    i am going through my MANY different accounts and changing my passwords because of the HeartBleed issue.

    man, do i have a lot of different accounts... music, shopping, banking, forums, etc.

    i have a spreadsheet of the list of accounts and it's crazy long.

    i am glad i am doing this as i am not adding complexity into the password where some were pretty easy.

    are you changing your passwords?

    joel

  • #2
    Re: are you changing your passwords because of heartbleed?

    I changed a few, depending on the sensitivity of the information the service has received from me. I use 1Password so I use random, complex passwords and change many of them every year already. The primary change as a result of Heartbleed was that I finally got a couple of people I'd been urging to use password managers to use one!

    Comment


    • #3
      Re: are you changing your passwords because of heartbleed?

      Everywhere except here.
      Be Yourself. Everyone Else Is Taken!
      ~ ~
      Kaʻonohiʻulaʻokahōkūmiomioʻehiku
      Spreading the virus of ALOHA.
      Oh Chu. If only you could have seen what I've seen, with your eyes.

      Comment


      • #4
        Re: are you changing your passwords because of heartbleed?

        I work in the computer industry and need to memorize dozens or hundreds of passwords. Managing my passwords securely was always a challenge, so several years ago, I sat down and made a concerted effort to come up with a solution. I've been refining this solution for over a decade, and I've got it to the point now where I can have different passwords for hundreds of systems, they all appear to be random strings of mixed characters, I can change them at regular or intermittent intervals, and I never have to write any of them down or store them anywhere.

        The catch is I have to write down an index number for each system on a cheat sheet. This cheat sheet tells me, for example, that System A is currently on password #5, System B is on password #20, etc. When it's time to change the password on a system, I just use the next password for that system, and note that on my cheat sheet. Having to dig out the cheat sheet is a little cumbersome, but this is only for systems I don't log into regularly.

        For logins I use all the time, I use a different indexing method that makes it easy to remember what number a system is on off the top of my head. I won't explain that system, though, because I feel it gives away too much.

        The trick to my method is I don't actually memorize hundreds of passwords. I only have to memorize one algorithm that allows me to "calculate" what a password is for a particular system for a particular index number. My algorithm is pretty elaborate, but it's something I can calculate in my head about as fast as I can type a password. There's also no way anyone could determine my passwords just by looking at my cheat sheet. I've been refining this for a long time. I've got it to the point now where my passwords look like a totally random mix of upper/lower/numbers/symbols, and even if you saw one, there's no way you could determine the next one.. or what the password of another system might be. My passwords are even designed to hard to be "shoulder surfed".

        If anyone is REALLY curious, I will take the time to try to explain it.
        Last edited by zff; June 19, 2014, 04:01 PM.

        Comment


        • #5
          Re: are you changing your passwords because of heartbleed?

          Originally posted by pzarquon View Post
          I use 1Password so I use random, complex passwords and change many of them every year already.
          My concern is that someone will hack into a site like 1 Password and then have access to all your passwords. If a site proclaims that it is impregnable, that is only fodder for a clever hacker and he will figure a way to get access to all data passed through that site.
          Peace, Love, and Local Grindz

          People who form FIRM opinions with so little knowledge only pretend to be open-minded. They select their facts like food from a buffet. David R. Dow

          Comment


          • #6
            Re: are you changing your passwords because of heartbleed?

            Originally posted by zff View Post
            The catch is I have to write down an index number for each system on a cheat sheet.
            So if I understand correctly, you have hundreds of random passwords written down on a cheat sheet? Any chance that cheat sheet could be stolen or compromised?

            I only have to memorize one algorithm that allows me to "calculate" what a password is for a particular system for a particular index number. My algorithm is pretty elaborate, but it's something I can calculate in my head about as fast as I can type a password.
            You lost me.

            If anyone is REALLY curious, I will take the time to try to explain it.
            Yes, I am always looking for a better security system. Could a fingerprint reader or retina identification be the answer for a secure system?
            Peace, Love, and Local Grindz

            People who form FIRM opinions with so little knowledge only pretend to be open-minded. They select their facts like food from a buffet. David R. Dow

            Comment


            • #7
              Re: are you changing your passwords because of heartbleed?

              Originally posted by matapule View Post
              My concern is that someone will hack into a site like 1 Password and then have access to all your passwords. If a site proclaims that it is impregnable, that is only fodder for a clever hacker and he will figure a way to get access to all data passed through that site.
              My concern was a little different than yours. I was thinking of using something similar to 1pass (in this case, LastPass, which is similar to 1pass), but began to wonder how that would work with the quirky password system of Quicken.

              While I was in the LastPass/Quicken quandary, I developed a temporary system, and it worked (somewhat). So I stuck with it. I don't think it's anywhere as good (or as complicated and effective) as Ziff's, but I think it'll hold the line for the time being. Like Ziff (or anyone else who has tried to sort out their passwords), I am amazed at the number of passwords I have, many of which I've probably forgotten. I can't wait until biometircs develops to a degree where it becomes standard.

              Comment


              • #8
                Re: are you changing your passwords because of heartbleed?

                I think the easiest way to explain my system is to start with a very simple version, then gradually explain the additional layers of complexity.

                First, you need an ordered list. An ordered list is a list of items that always appear in the same order. For the purposes of my explanation, I will use the 12 months of a year. In practice, though, your ordered list should be something that's not so well-known. Ideally, it should be something very few people know. Your 1st-12th grade teachers' names would be a very good one, if you know them.

                Using the months in a year, you could make your passwords like this (again, this is a very simple example):

                JAN01jan)!
                FEB02feb)@
                MAR03mar)#
                APR04apr)$
                ...and so on.

                So in this example, your algorithm is:
                3-letter month in caps, followed by...
                2-digit month number
                3-letter month in lowercase
                2-digit month number while holding down shift key

                Now on your cheat sheet, just write down what number you're on. It's easy to figure out your password based on the number. When you reach 12, just go back to 1. Most sites/system will let you reuse passwords after 12 different ones.

                Comment


                • #9
                  Re: are you changing your passwords because of heartbleed?

                  Now let's add a second layer of complexity that includes the name of the system you're logging into. Let's say you need passwords for Yahoo mail, Gmail and Bank of Hawaii. Let's also say your second layer of complexity is to use the first 3 letters of the site/system.

                  So for Yahoo mail, we'll use yah
                  For Gmail, we'll use gma
                  For your Bank of Hawaii login, we'll use boh


                  Now come up with an algorithm that includes this new additional layer of complexity. So all said and done, your new algorithm might be:
                  3-letter month in caps, followed by...
                  3-letter system name in lowercase
                  2-digit month number
                  3-letter month in lowercase
                  2-digit month number while holding down shift key

                  ...so for Yahoo mail, your first few passwords would be...

                  JANyah01jan)!
                  FEByah02feb)@
                  MARyah03mar)#
                  ..and so on.

                  For gmail, your first password would be JANgma01jan)!

                  Now on your cheat sheet, you would have your different systems listed along with the password number each system is using. Again, figuring out your password for any given system is a piece of cake, and unless someone knows your ordered list, there's no way to know your password simply by looking at your cheat sheet.
                  Last edited by zff; June 19, 2014, 09:32 PM. Reason: edited for clarity

                  Comment


                  • #10
                    Re: are you changing your passwords because of heartbleed?

                    Ultimately, you need to come up with your own algorithm using your own ordered list. It needs to be something you'll remember easily, and something you can figure out in your head very quickly.

                    The examples I gave above are oversimplified. The system I actually use is much more complicated, but I've been using and refining it for years, so I'm very familiar with mine.

                    There are things you can do like, instead of doing "JANyah" (January and Yahoo), you could do "JyAaNh" (using every other letter from each one). Very simple, yet adds a high level of randomness to your password.

                    You could use keyboard tricks. Take a letter from the system you're logging into, then use the number that appears over that letter on a keyboard. So Q, A or Z would fall under 1. W, S or X would fall under 2, and so on. To be really tricky, use the 2nd letter of the system instead of the first.

                    I don't know if this system sounds really complicated, but since I've been doing this for years, my system comes very naturally to me. The real trick is using an ordered list and an algorithm that's right for you.

                    I hope someone here finds this useful.

                    Comment

                    Working...
                    X