The Average user password poll : How good are their passwords?

[+Warwagon MVC]

Through out the years of doing computer repair for the average user, I've noticed that they use the same password on pretty much every website. This one time I was helping a user setup a new computer and for some reason we had to order some stuff for her which required Amazon and Paypal. We ended up having to do password resets on both because she couldn't remember the passwords.

 

So then I recommended a password manager such as lastpass or roboform. For her I choose roboform. So as we set the account up I tell her "you only have to remember this ONE password, it's called your master password .....DO NOT LOOSE  / FORGET THIS PASSWORD. if you loose or forget this password, YOU ARE SCREWED!!!!!

 

This was 6 months ago. Today she calls me telling me she can't remember her master password and she can't find where she wrote it down. She asked me "Can we just reset it" ... I said NO!!!!!! ... you're screwed if you can't find it.

 

She as going to keep looking

 

*face palm*

 

This one time I got a call from this family where their son had his Facebook account hacked. At the end of the conversation I asked him what his old password was , they said "Football".

 

I've setup internet for people and when I ask them what their ISP email password is they say stuff like "Internet" .. I tell them "That is a HORRIBLE password!"

[spikey_richie]

To be honest you shouldn't be asking people their password, and if they tell you then you should respond with "never tell anyone your password".

 

I therefore can't vote in the poll, as I don't know the password(s) used by anyone whose PC I have repaired. I've always asked them to enter their password into any dialogue boxes and passed them control.

[Lord Method Man]

Actually heard a guy at work last month tell someone that he writes his ATM pin on his card. He was actually suggesting it to the other guy as though it was a great idea.

[+Warwagon MVC]

Actually heard a guy at work last month tell someone that he writes his ATM pin on his card. He was actually suggesting it to the other guy as though it was a great idea.

 

That's AMAZING! :laugh:

[spikey_richie]

Actually heard a guy at work last month tell someone that he writes his ATM pin on his card. He was actually suggesting it to the other guy as though it was a great idea.

 

Does he HASH it or just put the plain 4 digits down in the correct order?

[Lord Method Man]

Does he HASH it or just put the plain 4 digits down in the correct order?

 

Knowing this guy its just the 4 digits written with a sharpie. Because remembering 4 numbers R HARD.

[Skiver Veteran]

I used to be pretty terrible at this myself. I have now started using Last Pass with randomly generated passwords but my Master Password is probably not strong enough. I just know if I change it I will forget it so haven't plucked up the courage yet.

[+Warwagon MVC]

Knowing this guy its just the 4 digits written with a sharpie. Because remembering 4 numbers R HARD.

 

Technically those 4 numbers are worthless anyway. At any store i've been to or at any gas pump, they can just "run the card as a credit card" and by pass the pin completely. Although an ATM machine would be a different story.

[+Warwagon MVC]

I used to be pretty terrible at this myself. I have now started using Last Pass with randomly generated passwords but my Master Password is probably not strong enough. I just know if I change it I will forget it so haven't plucked up the courage yet.

 

Don't forget to print out your passwords every 6 months or so and put them in a safety deposit box.

[Lord Method Man]

Technically those 4 numbers are worthless anyway. At any store i've been to or at any gas pump, they can just "run the card as a credit card" and by pass the pin completely. Although an ATM machine would be a different story.

 

Yeah you only need the PIN when withdrawing cash. Some cards/banks require transactions to be processed as Debit instead of Credit when being conducted out of state, too.

[cork1958]

To be honest you shouldn't be asking people their password, and if they tell you then you should respond with "never tell anyone your password".

 

I therefore can't vote in the poll, as I don't know the password(s) used by anyone whose PC I have repaired. I've always asked them to enter their password into any dialogue boxes and passed them control.

"To be honest you shouldn't be asking people their password"

 

Was exactly my first thought! As many computers as I've worked on over the years, I don't think I've ever asked anyone what their password was, except to login to Windows, when necessary. That one almost goes along with the topic though. I can't believe how many people have a password to login to Windows even. I know it's not much as far as any real security, but still, at least try!

[exotoxic]

I used to be pretty terrible at this myself. I have now started using Last Pass with randomly generated passwords but my Master Password is probably not strong enough. I just know if I change it I will forget it so haven't plucked up the courage yet.

 

You could get lastpass premium and use yubikey multifactor auth.

[Liana]

I don't think the average user uses a password manager. Most people will use the same password for everything and won't think twice about it until something bad happens to them. If someone could get the news media to encourage people to use password managers and demonstrate their importance, we might see a decent rate of adoption. I've always used KeePass and have been very happy with it.

 

Another problem is with businesses requiring their employees to change their passwords every so often, yet sometimes employees can reuse the same password and just add a number to the end. When it was time to change passwords at my workplace, everyone in my department would just reuse their password and count up one. so password "football1" just became "football2", because it's easy to remember.

 

Another place I worked for (that manufactured big data storage systems) had no Windows user account restrictions on any of the computers; everyone had full admin rights...seriously.

[timster]

my passwords are all at least 15 characters in length.

 

and I use a password manager (AI Roboform 7). I've actually memorized a few of the passwords too

[Skiver Veteran]

You could get lastpass premium and use yubikey multifactor auth.

I'm far too cheap to pay for it, maybe it's wrong but I am not that paranoid about my passwords. There aren't things like online banking etc, and to be honest a vast majority of my passwords in there are internal to my companys network so even if they did get hold of them they wouldnt be much use.

[Nick H. Supervisor]

To be honest you shouldn't be asking people their password, and if they tell you then you should respond with "never tell anyone your password".

It's for this reason that I can't answer the poll. I've never asked someone for their password, and anyone that has tried giving it to me has been cut short with an explanation about how they should never do that.

[BoondockSaint]

Technically those 4 numbers are worthless anyway. At any store i've been to or at any gas pump, they can just "run the card as a credit card" and by pass the pin completely. Although an ATM machine would be a different story.

 

Everywhere I've been to in Europe (thus far) always requires a PIN, no matter what the transaction is (unless you are using Paypass, but that's only for small items), there is no facility to sign for a transaction anymore.

[cacoe]

I use different words with the same string of numbers (unrelated to a date!) with capital letters in varying places.

[compl3x]

I've found it easy to create pretty strong password based on simple phrases. Think of a phrase you wouldn't forget. Example:

 

My car is red, I bought it in 2001

 

take every first letter of every word & the year

 

mciribii2001

 

alternate capital letters

 

McIrIbIi2001

 

throw in a random special character or 2 (usually at the beginning or end so it is easy to remember placement)

 

*McIrIbIi2001!

 

 

Easy to remember, practically impossible to guess. Seems to work fine for me.