Post-it
Level 1
- Sep 11, 2015
- 8
101 characters, is that for your master password I guess? 96% is a very good score, congrats
LastPass Users - Post Your Security Challenge Score
- Thread starter BoraMurdar
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
101 characters, is that for your master password I guess? 96% is a very good score, congrats
- May 11, 2014
- 1,639
Yes, that's the master password - I change that every 7 days, you can never be too sure this day. Terrible times, which will only get worse, with great inventions it enables, and opens up so many more avenues and doors, which criminals will benefit and use.
- Sep 9, 2015
- 43
Congrats Tyrizian too!
I know I have some sites to review and I expect to join the +90% ligue
Thank you
I'm sure you'll get there
Post-it
Level 1
- Sep 11, 2015
- 8
- Feb 19, 2018
- 182
Post-it
Level 1
- Sep 11, 2015
- 8
Where does it say you can improve most: Weak or old passwords, re-used passwords?
- Feb 19, 2018
- 182
old passwords. I set a unique 10-15 digit alpha numeric password for every site I use and don't bother to change them afterwards unless a news of breach appears. Call me lazy, but 2FA is also there.
Post-it
Level 1
- Sep 11, 2015
- 8
I try to renew regularly the accounts for all sites with sensitive information (banking, merchants, taxes etc.)
We know that when breaches are made public it's most of the time 9-12 mth after the events.
I too use 2FA whenever possible and try to use 22 digits all characters.
It's actually time for me to think of a new master password....Any idea?
We know that when breaches are made public it's most of the time 9-12 mth after the events.
I too use 2FA whenever possible and try to use 22 digits all characters.
It's actually time for me to think of a new master password....Any idea?
- Feb 19, 2018
- 182
I try to renew regularly the accounts for all sites with sensitive information (banking, merchants, taxes etc.)
We know that when breaches are made public it's most of the time 9-12 mth after the events.
I too use 2FA whenever possible and try to use 22 digits all characters.
It's actually time for me to think of a new master password....Any idea?
You can call it my personal bias, but I deem bank and tax passwords too sensitive to save them anywhere. I just don't feel comfortable to save them on computer. And I do change them every 3 months.
Regarding master password, I think of a random sentence and replace some of the alphabets with alpha numerics and add some special characters. Like- Tommy is a bad boy and it becomes Tommy_1s_@_BaD_boY[67¥].
- Feb 19, 2018
- 182
Actually if you think about it, this scenario is insane. Let's assume you change your password every month, and the breach happened just after the day you changed it. Now just as you said that breach might go unnoticed for a long time(as it was in case of Dropbox and Yahoo). Now your exposed credentials are out there which are completely functional for next 28 days.
There is a term in business administration known as 'systematic risk' means the kind of risk which one can't avoid no matter what, such risks are inherent to the system. Same goes for the breaches. The only thing we can do is set a password, setup 2FA and pray to God that nothing happens.
Post-it
Level 1
- Sep 11, 2015
- 8
I totally agree the risk zero doesn't exist. I don't change my passwords that often but do change them every 6-12 mth depending on the type of account. When databases get hacked, the information is not used right away, some passwords take time to crack and also the data is often sold to others.
Some other passwords like, forum logins, may even be much older in my vault.
I think the most important thing is to have unique and complex passwords
- Feb 19, 2018
- 182
I totally agree with you, and I think enabling 2FA is just as important.
- Sep 20, 2017
- 93
i would separate sites into 3 category
1) unimportant sites like Sign up | Tumblr where i registered to download a picture or something i dont remember... if someone hacks that account there is nothing to gain from it... here is my password for it 2VJ5YgnQmCseAry0 and i am never going to change it
2) important sites like this forum... i wouldnot like it to be hacked so if there is a breach i would change a password but this kind of sites are not so important that i enable 2FA i am too lazy for that
3) very important sites like cloud account where i have personal files or banking account or email where i register all the other accounts... there i have strong passwords with 2FA enabled
p.s.
i have saved a lot of passwords from other people thats why my score is so low
1) unimportant sites like Sign up | Tumblr where i registered to download a picture or something i dont remember... if someone hacks that account there is nothing to gain from it... here is my password for it 2VJ5YgnQmCseAry0 and i am never going to change it
2) important sites like this forum... i wouldnot like it to be hacked so if there is a breach i would change a password but this kind of sites are not so important that i enable 2FA i am too lazy for that
3) very important sites like cloud account where i have personal files or banking account or email where i register all the other accounts... there i have strong passwords with 2FA enabled
p.s.
i have saved a lot of passwords from other people thats why my score is so low
I don't use a password manager because I hardly have any passwords to manage, don't use many services.
It's just another potential attack vector I don't need. If your browser/extension can decrypt it, so can an attacker. If it's stored on an online server, even worse.
It's just another potential attack vector I don't need. If your browser/extension can decrypt it, so can an attacker. If it's stored on an online server, even worse.
Last edited by a moderator:
I think in the modern age, a password manager is almost a requirement. Even someone that rarely uses services probably has dozens of passwords to manage.. Forums, Banking, Credit Cards, Financials, Shopping/Commerce, etc..
With that in mind, I prefer Bit Warden, but also secure it with TFA and PW Decoration methods. MP is changed bi-monthly, individual passwords are changed quarterly, decoration is changed quarterly along with the passwords and never recorded anywhere but in my brain. The decoration method ensures even if I gave you my unlocked database and TFA, you still couldn't compromise my sites. It's an absolute 100% assiduity of security based on the principle of trusting nobody. Unless a keylogger is implanted on my system then you aren't going to accomplish a single thing.
I agree with you though, a password manager is definitely helpful and will suit for most. But since I don't need one I don't use one, the less the better for me
Last edited by a moderator:
- Apr 5, 2017
- 836
My score is pretty poor, it's only at 73% but my failing is that i have used a duplicate password for sites that hold no information about me nor they mean anything to me so i'm not too worried about them. My master password however is 100%.
I realise how quickly i have become used to a password manager and barely remember a single password for anything nowadays but i suppose it's better than having the same 2 passwords for about 50 sites which is what i used to do
I realise how quickly i have become used to a password manager and barely remember a single password for anything nowadays but i suppose it's better than having the same 2 passwords for about 50 sites which is what i used to do
- Jul 6, 2017
- 2,392
I do not use any password manager .. because I do not have so many sites.
I keep it in my little brain.
I keep it in my little brain.
