The "This Might Be A Stupid Question, But...." Thread

[Betelnut]

We have about 8 different passwords, then we hear the advice not to use the same one for everything, and sometimes a password won't be accepted because it doesn't meet the criteria the site has set up. I have 53 passworded accounts - credit cards, teachers' union, financial institutions, magazines, etc. No way could I remember which goes with which.

I have a method to print them on a spreadsheet with the numbers coded, and I want my kids to be sure to be able to get into my accounts when the time comes.

I know there is a program called Onepassword, but I don't know if I can trust it.

How do others keep track of all this stuff?

I use an Excel spreadsheet.  But, I'll admit, I use the same 2-3 passwords in various forms so I'm not very safe.

[clio917]

So based on the number of bounce backs in my in-box, plus my copy for each of my email addresses, because I'm in my address book, I think one of my yahoo accounts sent out a spam today.   I was able to get into my account, so it's not completely hijacked. 

Is there anything I need to do? Should I change my password?

Email seemed to be a link, that I was not willing to try, even with my cat killing curiousity level.  I guess I should be happy I'm not destitute in a foreign country, or needing emergency medical care (as seen in the scam thread...)

Change your password, and also go to your Yahoo account info (mouse over your name in the top right when you are logged into your mail), click on View Recent Sign-in Activity to see if there is anything weird there (like you signed in from China when you live in St. Louis...).

Then go back to the account info and click on Manage Apps and Website Connections. When my Yahoo mail was hacked, they managed to get in through some security flaw in a mobile email app, so if you have anything strange in your list of app permissions, delete them.

[Tea Drinker]

If the system will allow long passwords without special characters, there's the xkcd method of picking a password, which is to run together four English words, such as "correcthorsebatterystaple" and make up a little story connecting them. (http://xkcd.com/936/) This kind of password is actually harder password cracking software to find randomly, than the 8-12 characters with numbers or random punctuation would be. (The difficulty of guessing is the number of characters times the possible number of choices for each, and you have the advantage that the password cracking program doesn't know you've done something xkcd-style, so it has to try all the things with numbers and capital letters and percent signs too.)

[Elfmama]

We have about 8 different passwords, then we hear the advice not to use the same one for everything, and sometimes a password won't be accepted because it doesn't meet the criteria the site has set up. I have 53 passworded accounts - credit cards, teachers' union, financial institutions, magazines, etc. No way could I remember which goes with which.

I have a method to print them on a spreadsheet with the numbers coded, and I want my kids to be sure to be able to get into my accounts when the time comes.

I know there is a program called Onepassword, but I don't know if I can trust it.

How do others keep track of all this stuff?

I have a text file on my computer marked "passwords."  Clever, no?   It has its own unique password, completely unrelated to anything else: it's a historical event and a date related to that event.  If some hacker gets into that, the passwords inside are coded; "household name" or "M*R*4877" mean something to me or to DH, but not to anyone outside the family. 

[Bluenomi]

Uni trained me well for passwords. You were given a password for the IT nextwork that couldn't be changed and was comprised of 6 random letters. I still use those letter with different variations (swap them around, add letters or numbers) Very handy!

[JoW]

Definately change your password.  Make it very complicated.  Make it so complicated you have to write it on scrap paper and hide it under your monitor.  If you are feeling ambitious change the passwords for all of your accounts.

Do not write it down and store it under your monitor; that's a good way for it to get hacked if anyone breaks into your house.

.........

I didn't think of your house being broken into. 

You could write it on paper and store it in a more secure location.  I once saw a female police officer on TV suggesting you store valuables in a box of lady product under the bathroom sink.  According to her most thieves are men and most men won't look there.  Or maybe in the freezer because no one keeps paper in the freezer.   

[Softly Spoken]

Definately change your password.  Make it very complicated.  Make it so complicated you have to write it on scrap paper and hide it under your monitor.  If you are feeling ambitious change the passwords for all of your accounts.

Do not write it down and store it under your monitor; that's a good way for it to get hacked if anyone breaks into your house.

.........

I didn't think of your house being broken into. 

You could write it on paper and store it in a more secure location.  I once saw a female police officer on TV suggesting you store valuables in a box of lady product under the bathroom sink.  According to her most thieves are men and most men won't look there. Or maybe in the freezer because no one keeps paper in the freezer.   

The bolded above actually inspires a stupid question I've often thought to myself when watching television - how productive are security advisories like this? Not the advice itself, but the fact that it is given on television - which I'm sure quite a few criminal types own or at least have access to.

If Mrs. Smith starts hiding her money in the 'feminine hygiene' box under the sink because "I saw it on CSI"  , what's to stop Barry the Burglar from checking that box because he saw the same episode?

[Iris]

Definately change your password.  Make it very complicated.  Make it so complicated you have to write it on scrap paper and hide it under your monitor.  If you are feeling ambitious change the passwords for all of your accounts.

Do not write it down and store it under your monitor; that's a good way for it to get hacked if anyone breaks into your house.

.........

I didn't think of your house being broken into. 

You could write it on paper and store it in a more secure location.  I once saw a female police officer on TV suggesting you store valuables in a box of lady product under the bathroom sink.  According to her most thieves are men and most men won't look there. Or maybe in the freezer because no one keeps paper in the freezer.   

The bolded above actually inspires a stupid question I've often thought to myself when watching television - how productive are security advisories like this? Not the advice itself, but the fact that it is given on television - which I'm sure quite a few criminal types own or at least have access to.

If Mrs. Smith starts hiding her money in the 'feminine hygiene' box under the sink because "I saw it on CSI"  , what's to stop Barry the Burglar from checking that box because he saw the same episode?

Well, I think it comes down to practicality. Many thieves are just after some quick cash and are going to snatch things that are obviously of value and putting something in an out of the way place will work. Sheer probability would suggest that out of all of the possible hiding places recommended by all of the shows on telly you'd have to be pretty unlucky to have much crossover.

OTOH I had a friend whose parents were hit by professional thieves (at least that what the police told them had happened) who picked a time when they were away and went through the *whole house* - emptied out canisters in the kitchen, went through every drawer, the whole 9 yards. That was about 30 years ago so no CSI then!

[ladyknight1]

One of my closest friends was burglarized two years ago. The burglar stole her work-issued laptop, her jar of coins, some of her underwear, their xbox, and various DVD's. He smashed through their sliding glass door to gain entrance. He also spread the remaining underwear throughout the house.

He was never caught and the laptop never recovered.

[Twik]

Okay, stupid question regarding the Messiah/Hallelujah chorus and standing -- why do people stand up? What is the reasoning behind the protocol?

This question can be applied to the (US) national anthem . . . or the recitation of the pledge to the flag.

Is standing up more respectful? Why?

During Hellelujah - because supposedly the first time King George heard it performed he stood.  No one knows why though - some say its because its about Christ so it was out of respect, while some say its because he thought it was intermission and he had to pee, but either way, when the King stands, everyone stands.  And so it became a tradition to stand.  Prior to that story though, no one stood.

As for the anthem or pledge, I think its just a respect thing, much like standing to greet someone, or standing attention, etc - its just more formal to stand.

Yes, standing up is more respectful.

There is a whole book of etiquette regarding that that's not much in use any more. For example, if you and your DH were eating in a restaurant, and a female friend dropped by to chat, your DH would have to stand the entire time, out of respect.

[Virg]

GreenHall wrote:

"So based on the number of bounce backs in my in-box, plus my copy for each of my email addresses, because I'm in my address book, I think one of my yahoo accounts sent out a spam today.   I was able to get into my account, so it's not completely hijacked."

You should change your email password, but that might not entirely fix the problem because most harvesters will use the addresses in your address book and your email address as the sender since it's valid.

For changing passwords, I'll suggest my usual pattern for them.  Invent a reasonable 8 character base.  It's a good idea to use mixed case, use only letters and numbers for the times when a password isn't allowed to use punctuation and don't make it a word that you'll find in a dictionary (for example, a good base for me might be AbCdVirg).  Next, come up with two non-letter, non-number characters like %^ or whatever.  Then, to build a password, use your base, then the two characters, then the name of whatever you're using the password for.  So, you can come up with a password like AbCdVirg%^etiquettehell for here, which is tough for a computer or person to guess, but all you need to remember is your base and characters, and the rest you'll recall from where you're trying to log in.  For sites that don't allow them, you can skip the characters, and if there's a size limit on the password, just use the full pattern and then truncate it to the maximum allowed length.  To change it, change your base only and it's still very tough to guess, plus you can write a list of all the bases you've ever used on a card in your wallet for all it matters, since your base alone won't unlock anything.

Luci45 wrote:

"I have a method to print them on a spreadsheet with the numbers coded, and I want my kids to be sure to be able to get into my accounts when the time comes."

If you're worried about access to your accounts in the case of your incapacity, then write down your pattern and where your accounts are, and put them in your safe deposit box.  If you don't have a safe deposit box, then put it all on an encrypted thumb drive (see http://www.truecrypt.org for my favorite program, because you can put the program on the drive with the file so you never have to worry about not being able to find the program to decrypt it) and give it to your kids or whoever's likely to end up as their guardian if they're too young themselves.  Put the password to that thumb drive in your will, assuming you don't just want to give it to them directly, and even if someone breaks in and steals your will they won't have the drive itself.

Virg

[Mental Magpie]

Definately change your password.  Make it very complicated.  Make it so complicated you have to write it on scrap paper and hide it under your monitor.  If you are feeling ambitious change the passwords for all of your accounts.

Do not write it down and store it under your monitor; that's a good way for it to get hacked if anyone breaks into your house.

.........

I didn't think of your house being broken into. 

You could write it on paper and store it in a more secure location.  I once saw a female police officer on TV suggesting you store valuables in a box of lady product under the bathroom sink.  According to her most thieves are men and most men won't look there.  Or maybe in the freezer because no one keeps paper in the freezer.   

I always kept a slip of paper in my wallet with the passwords on it.   It's very safe.  The paper doesn't say anything about what the strange list of numbers and letters are - it's just a small list. 
Yeah, someone could try them on everything over and over, but that's work. 

For valuables...for a short time, I kept a pile of cash in my apartment, and one of my friends suggested that I double-bag it in ziploc baggies, and bury it at the bottom of the litter box.  We called it the Bank of [cat's name].    I also keep valuables buried in my fabric 'wall'.   You'd have to pull every piece out to find the money, and yes, there is a LOT of fabric - hence the name Fabric Wall.

I don't think that list is very safe at all, if it was an odd string of letters and numbers I would guess it a password/code very quickly; but to each his own.

[Outdoor Girl]

I have a hard time remembering my PIN number for all my various cards.  And some of them can't be changed.  I ended up inputing them into my cell to make them look like local phone numbers and used a name that would remind me what those numbers are.  So if I used Acme Bank, the name in my phone would be Amy B, as a made up example.

[lady_disdain]

The list may be safe enough if you lose the wallet and a stranger picks it up or if it is stolen. However, if someone closer to you (coworker, child, friend, etc) snoops around and finds the list, they may have a good idea of the sites you frequent and your user names, specially email. Since it isn't a long list, they may be snoopy enough to try them all out to get access to your email and Facebook accounts.

[Mental Magpie]

Not to mention the software that will just run through them all to every webpage you've visited and the usernames that have been inputted repeatedly.