Wimpy Passwords and Password Management

Last week my Yahoo account finally got hacked. I've used the same user name and password a whole lot more than I ever should have so I finally decided to do something about it. I installed KeePassX on my computer and have been busy putting individual and "strong" passwords on each of the sites that I visit regularly. One thing that I have noticed is that the three banks/brokerage firms that I have accounts with require (demand!) the wimpiest passwords of all. KeePass allows me to generate passwords with up to 25 characters with combinations of upper and lower case letters, numerals, special symbols and a few other options. I used several of these very strong passwords on various message boards but the banks each limited me to something like 6 to 12 characters using numerals and upper and lower case letters only.
Are the shorter, simpler passwords all that is really necessary?
Is a longer and more complicated password useless overkill?

George

mattoleriver wrote:Last week my Yahoo account finally got hacked. I've used the same user name and password a whole lot more than I ever should have so I finally decided to do something about it. I installed KeePassX on my computer and have been busy putting individual and "strong" passwords on each of the sites that I visit regularly. One thing that I have noticed is that the three banks/brokerage firms that I have accounts with require (demand!) the wimpiest passwords of all. KeePass allows me to generate passwords with up to 25 characters with combinations of upper and lower case letters, numerals, special symbols and a few other options. I used several of these very strong passwords on various message boards but the banks each limited me to something like 6 to 12 characters using numerals and upper and lower case letters only.
Are the shorter, simpler passwords all that is really necessary?
Is a longer and more complicated password useless overkill?

George

Probably.

Access requires two components, a user name and a password.

Most people use the the same user name for everything and often, the same password. I probably have 100 sites that require a log in and 90+ of them are all the same. I really don't care if someone hacks me on this board.

Everything that has to do with money has a different user name and password. Both have numbers, letters and large and small letters.

I have a system where I can look at the account and know what the user name and password is so I dont have to remember any of that stuff or write it down.

For example, I might take every 3rd letter of the account name, alternating large and small letters and the number of letters as a digit to build the user name plus my year of birth. Password is also built in such a manner, just different.

That way you always know the user name and password no matter where you are.

If you are allowed to use punctuation marks (not all passwords can use them) you will
drastically increase the difficulty of cracking them.  Bad password  "grandson" Better
Password  " gRand123" Better again " gR184Xzy" or Best Password " 185Gcd!%". If
they allow 16 characters use that instead of the standard 8 character password for
even better protection. Example " Xg369Ig9864!Xzp% "

Use small and large letters.
Use number and letters.
Use as many numbers and letters as they allow (16characters much better than 8)
Add punctuation marks if allowed.
Do not use words. (scramble the letters might be OK, I know people need hints)
Do not use names. (hey maybe backwards)
Do not use things like your address or what others can figure out from public information.

We will have a quiz on this next week LOL.



Z