ForumGarden

I have now gone to each financial institution that I do business with as well as other sites where I wish to secure my data and arranged to have access ONLY if I supply 25 separate and distinct passwords.

What do you consider a type of secure password, Lon, and what do you use to construct them with, and do you store them on a computer?

Steve Gibson has a useful resource on his site at https://www.grc.com/passwords.htm for picking up properly randomised text, I find that useful. There are trustworthy packages which do much the same job. The question is whether you're prepared to use a key of sufficient length that has no pattern to it.

Keys based on twiddling words you can pronounce have a lot less variability than randomised keys, even if you drop in punctuation and substitute the occasional number. You're not trying to keep out someone who tries to guess by hand, you're trying to keep out someone running powerful brute force attacks. Anything random up to 7 characters is breakable by brute force on a PC these days, as is anything of any practical length that's dictionary-based (that last bit's just my own opinion, mind).

I ought to reconsider my current passwords, their format dates back ten years or so now. All this while I've been using 6 alphas for trivial sites, 7 alphanumerics for normal, 8 for places I really wanted to keep people out from and around 20 to encrypt my hard drive. The hard drive key is still good but I ought to bin all those others and work out a new scheme.

There's a general assumption that any password ought to be expired after a period and replaced. I've never really agreed with that - if it's compromised once then the damage is already done, that's my view.

The other general assumption is that password security can replace physical security, and it can't. If anyone can touch your box then what you keep there is potentially exposed.

Spot... You may be able to help me...

On my Internet banking I had to give a place name so I did, and one that was significant with me.

Recently, I went to do the banking and could not get Into my account. Cut a long story short, I got through to Santander and went through all my passwords with them and when It came to place name, It had been changed but not ever by me.

I had the option of re-setting every-thing but tbh I could not be arssed at the time. I have had no problems with my account but any clue as to why this happened and should I be concerned?

If Santander screwed up your place name they'd definitely have screwed it up for a proportion of their other users too. Maybe they did, it's not difficult. Maybe they had a problem with that field in the past and they're not aware of it yet. Maybe they're aware of it and not saying.

Or maybe someone with access to your screen while the account was logged in changed the place name.

Or maybe someone really does have your Santander password and changed the place name. That seems least likely but not impossible. If it's possible, even as a remote chance, it's worth changing your Santander password.

If someone's reading everything that's typed through your keyboard you need a new computer. Making the assumption that someone's reading everything that's typed through your keyboard is the only safe fallback you can make. Changing your computer isn't going to stop that person from repeating their previous invasive act, mind.

It's not paranoia, it's a statement regarding computer technology. Paranoia is asking "am I a target", not "can it be done". Calling in a security professional would eliminate a succession of possibilities but still not get a "no". It might give you a "yes". The intrusion, if there is one, could be software based and easiest to find. It could be hardware-based and less easy to unearth. It could be based on emission analysis in which case I'd say it was completely undetectable short of searching all your neighbours' houses which have a line-of-sight on your windows and logging what cars park in your street, at which point you might as well emigrate.

Not the most helpful response, you might think, but it has the advantage of being accurate.

spot;1333425 wrote: If Santander screwed up your place name they'd definitely have screwed it up for a proportion of their other users too. Maybe they did, it's not difficult. Maybe they had a problem with that field in the past and they're not aware of it yet. Maybe they're aware of it and not saying.

Or maybe someone with access to your screen while the account was logged in changed the place name.

Or maybe someone really does have your Santander password and changed the place name. That seems least likely but not impossible. If it's possible, even as a remote chance, it's worth changing your Santander password.

If someone's reading everything that's typed through your keyboard you need a new computer. Making the assumption that someone's reading everything that's typed through your keyboard is the only safe fallback you can make. Changing your computer isn't going to stop that person from repeating their previous invasive act, mind.

It's not paranoia, it's a statement regarding computer technology. Paranoia is asking "am I a target", not "can it be done". Calling in a security professional would eliminate a succession of possibilities but still not get a "no". It might give you a "yes". The intrusion, if there is one, could be software based and easiest to find. It could be hardware-based and less easy to unearth. It could be based on emission analysis in which case I'd say it was completely undetectable short of searching all your neighbours' houses which have a line-of-sight on your windows and logging what cars park in your street, at which point you might as well emigrate.

Not the most helpful response, you might think, but it has the advantage of being accurate. Thank You... That was Informative and I think just to be on the safe side, It would not hurt to get our local man round just to do a check. He Is very knowledgable In this sort of thing.