GlockTalk.com
Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.

 
  
Reply
 
Thread Tools Display Modes
Old 10-16-2008, 05:45   #1
wallyglock
Senior Member
 
wallyglock's Avatar
 
Join Date: Mar 2005
Location: in.
Posts: 844
password security

i am only an occassional computer user and am not at all big into computers.

a friend got me to thinking........he says it is possible to get anyones password and tap into their mail. i have no idea if this is true or not, and i am not sure if he has ever done this.
he does know his way around a computer very well.

maybe their IS a way to accomplish this, but i would think this should be protected somehow !

any opinions ?
__________________
straight shot
wallyglock is offline   Reply With Quote
Old 10-16-2008, 06:06   #2
gdvan01
Senior Member
 
Join Date: Jan 2008
Location: Home of the first First Lady
Posts: 303
It is possible to get anyone's password...how long that would take is the question. Simple passwords are easier to crack with freely available programs. Complex passwords, especially those that are longer and don't use common words, will take longer.

Using passwords that contain upper and lower case letters, numbers and special characters is the better way to go. Don't make your passwords something that can be easily identifiable to you: your dogs name, type of car you drive etc...
__________________
NRA Endowment Life Member

Proud Son of a former Tomb Guard
gdvan01 is offline   Reply With Quote
Old 10-16-2008, 06:45   #3
sdsnet
CLM Number 43
NRA Member
 
sdsnet's Avatar
 
Join Date: Feb 2007
Location: Texas
Posts: 4,751


One way to add complexity to your passwords is to take a word you can remember and substitue zero's for O's, 3's for E's, ones for L's etc. w1nt3r instead of winter for example.
__________________
NRA Member
Black Rifle Club # 1995
Kalashnikov Klub # 1995
Ham Shack Club # 1995
Walther Club # 1995

-My username has nothing to do with Students for Democratic Society-
sdsnet is offline   Reply With Quote
Old 10-16-2008, 07:16   #4
Sgt. Schultz
Annoying Member
 
Sgt. Schultz's Avatar
 
Join Date: May 2004
Location: West Columbia, South Carolina
Posts: 2,811
If your e-mail program is Windows based then it so simple to get your password that it’s scary. There are several programs available that will display the actual password by moving your mouse pointer over the “hidden” password. Windows shows them as asterisks but the passwords are not really hidden and these fields can be queried for the text inside it.
__________________
Sgt. Schultz

"I have come here to chew bubble gum and kick ass ... and I'm all out of bubble gum"
Sgt. Schultz is offline   Reply With Quote
Old 10-16-2008, 08:09   #5
Green_Manelishi
Knicker Knotter
 
Green_Manelishi's Avatar
 
Join Date: May 2006
Location: On the edge but not quite over ...
Posts: 6,821
Quote:
Originally Posted by wallyglock View Post
i am only an occassional computer user and am not at all big into computers.

a friend got me to thinking........he says it is possible to get anyones password and tap into their mail. i have no idea if this is true or not, and i am not sure if he has ever done this.
he does know his way around a computer very well.

maybe their IS a way to accomplish this, but i would think this should be protected somehow !

any opinions ?
"Getting" a password is one thing; guessing a password, or the answer to a security question is completely different.

It's true there is software available for almost any purpose, nefarious or otherwise, but in most cases it's not necessary to get the p-word, only SWAG your way into the account.Too many people use their name, DOB, relative name, etc. for security. They also use the same password for every account they might need to access.

They do a similar thing with a security question such as "What's your mother's maiden name?" They supply the actual maiden name rather than make up a non-sense answer.

I once had a boss, the CIO/CTO no less, who sent an email to the entire company regarding passwords. This is almost verbatim what he stated:

If you are like me you suffer from information overload. Going forward we will be requiring regularly scheduled password changes to all of the accounts you access, so I suggest you make it simple on yourself and use the same password for all accounts.

My suggestion is a password that includes mixed case, numbers as well as letters, and at least one special character. Do not use the same pword for all of your accounts unless you do not care if someone accesses the account. Finally, make up a "password" for all security questions.

E.g. "What's your mother's maiden name?"
Answer: ScREaming0YellowZonKer$
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Green_Manelishi is offline   Reply With Quote
Old 10-16-2008, 08:45   #6
Rémy
Senior Member
 
Rémy's Avatar
 
Join Date: Apr 2008
Location: Austria
Posts: 260
Depends what mail connection you use.
If it's a secure connection it's pretty complex... if it's a normal connection then some experienced guys can read your mails.

But you know what?
Guys who can do this aren't interested in your or my mails .

If you use a Mac then there's a built in password generator and a special and secure place to store your passwords (complex is good for safety but bad to remember ).
Rémy is offline   Reply With Quote
Old 10-17-2008, 04:02   #7
ax157
Libertarian
 
Join Date: Oct 2003
Posts: 4,980
Quote:
Originally Posted by wallyglock View Post
i am only an occassional computer user and am not at all big into computers.

a friend got me to thinking........he says it is possible to get anyones password and tap into their mail. i have no idea if this is true or not, and i am not sure if he has ever done this.
he does know his way around a computer very well.

maybe their IS a way to accomplish this, but i would think this should be protected somehow !

any opinions ?
It is possible in the sense that if all that's protecting you is a password, it's always "possible" to get that password. He could point a gun at your head and try and force you to give up the password. So what we're really talking about is security from a technical side.

From a technical point of view, it is NOT true that you can break into anybodies account/get anybodies password. It is all a matter of circumstance and opportunity.

If the mail provider you have is secure, and your password can not be easily guessed, and is not simple in nature (for example, you may not guess the password "2342", but it's possible given the right situation for a computer to guess that password by random trial and error), and the line or contents of communication between your computer and your mail provider is secure, and your computer itself is secure. Then it will be virtually impossible for someone to get access too your mail.

You seem to be asking that if it's possible to get anyones or most peoples password or e-mail then why isn't it more protected. The truth is that generally, it is protected. It's just that the vast majority of the time when someone gets their computer or e-mail "hacked". The problem was in their actions or choices.

Take the recent hacking of Sarah Palins E-mail. That wasn't all that technical a feet, I believe someone just knew the answer to her password recovery question.

Hope that gives you a better understanding.
__________________
ax157 has left GT indefinitely.
ax157 is offline   Reply With Quote
Old 10-17-2008, 09:28   #8
noway
Senior Member
 
noway's Avatar
 
Join Date: Dec 2000
Location: Davie "Cowboy" , FL
Posts: 19,409
My thoughts on this coming from a unix background and admin for over 12 years;

1: passwords should be changed regulary like every month to each quarter. The reason why if somebody did get your encrypted password and you changed it every month or sooner for example, by they time they cracked it ( if it was strong password to begin with ) , the password would be of no good.

And just like mention above don't use the same password for all accounts. I worked in security groups where you sniff out a person "at work" password and the figure out their hotmail or ebay/paypal account and after a few trial-errors with their login name, you now have access to these other accounts.

If I was internet god and master admin, your login wouldn't even be in any relationship to your name ( i.e msmith@yourcompany.com would now be
m3456thyjk1l )


2: Passwords should be 8-10 characters with at least one special char ( i.e ^$#@ ) two is better, and at least one upper case and numbers , two is better.

3: don't use anything that send credentials in the clear, ( telnet, POP,imap ) , in stead opt for services that supports encryption ( ssh, imap-ssl,etc...)

4: Any website that takes personal/privacy information need to be https: vrs http:

5: remote access should be thru some type of vpn ( pptp/ipsec/open-vpn, ssl-vpn )

6: opt for security token/cards with rotating keys and a 4 digit PIN or one time use passwords.

fwiw:
You deploy that or uses services like that and you would be 100% safe.


note:

As a Solaris and Linux admin, I used to grab password files off these systems and even windows and run various cracking tools against users to see what password they where using or to see if they could be cracked with easy wordbased attacks. You would be surprise to see what people uses
noway is offline   Reply With Quote
Old 10-17-2008, 10:30   #9
nursetim
Senior Member
 
nursetim's Avatar
 
Join Date: Mar 2006
Location: liberalville N. M.
Posts: 7,692
Is there technology out there that fits this description? 1) external thumb drive 2) for every site that requires a password it automatically changes it every visit 3) randomly generates new password and remembers it for next visit then changes the password again?
nursetim is offline   Reply With Quote
Old 10-17-2008, 12:22   #10
IWUprof
Member
 
Join Date: Dec 2007
Location: TN
Posts: 28
Password Security

Try using Password Safe. I have used it for a number of years and am very satisfied with it. You can change passwords easily and use the program to generate them on a random basis using your parameters; e.g. special characters, caps, number of characters, etc. You can also use the program on different computers using a jump drive. Address is http://passwordsafe.sourceforge.net
IWUprof is offline   Reply With Quote
Old 10-17-2008, 13:06   #11
cnutco
Senior Member
 
cnutco's Avatar
 
Join Date: Jul 2008
Location: NE GA
Posts: 693
Not my thread, but wanted to thank all for the info and the advise!
cnutco is offline   Reply With Quote
Old 10-17-2008, 18:45   #12
noway
Senior Member
 
noway's Avatar
 
Join Date: Dec 2000
Location: Davie "Cowboy" , FL
Posts: 19,409
Quote:
Originally Posted by nursetim View Post
Is there technology out there that fits this description? 1) external thumb drive 2) for every site that requires a password it automatically changes it every visit 3) randomly generates new password and remembers it for next visit then changes the password again?
None that of aware of. It would then require you to "secure" the thumbdrive.


If you wanted todo all of that, you should have some type of intergration with biometric like a "fingerprint" reader, than when you access the site, it will authenicate once you print is scan and verified.
noway is offline   Reply With Quote
Old 10-17-2008, 20:34   #13
nursetim
Senior Member
 
nursetim's Avatar
 
Join Date: Mar 2006
Location: liberalville N. M.
Posts: 7,692
noway, Okay, sounds good sign me up.
IWUprof, That looks like what I'm looking for, but I'm looking for plug in hardware like device.
nursetim is offline   Reply With Quote
Old 10-18-2008, 07:17   #14
IWUprof
Member
 
Join Date: Dec 2007
Location: TN
Posts: 28
Check out the web site again. You can use the program on a jump drive that you plug into whichever computer you are using. I don't use it in that manner but the feature is listed as available.
IWUprof is offline   Reply With Quote

 
  
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 22:46.




Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 814
214 Members
600 Guests

Most users ever online: 2,672
Aug 11, 2014 at 2:31