Is STEN guaranteed to produce a unique password for every website?
No, it is quite possible that two different words will yield an identical STEN result. Your aim is to produce a unique password for every website, so you need to test your ...
What if my website doesn't allow certain characters or has other restrictions on length etc.?
The STEN method can generate passwords of different length, and will contain whatever ...
What is wrong with using Password123?
Password123 meets come complexity requirements (it contains a mixture of numbers, capital and lowercase letters), but it contains a dictionary word and is almost certainly in the dictionaries of a hacker.
What about 2bontbtitq?
A common technique for creating secure, hard-to-guess passwords is to use a memorable sentence (song lyric, line of poem etc.) and take the first letter of each word in the sentence, changing some letters into numbers or symbols to add complexity. So, "To be or not to be, that is the question!" would become 2bontbtitq!
What is wrong with writing passwords down?
It is probably better to create unique, complex passwords for each website, write them down on a piece of paper and keep the piece of paper in your wallet, than it is either to use simple passwords which you can remember in your head, or to have a single complex password which you use for every website.
But what if your wallet is lost or stolen, or you leave the piece of paper lying on your desk and someone makes a note of your password while you are fetching a coffee?
But what if your wallet is lost or stolen, or you leave the piece of paper lying on your desk and someone makes a note of your password while you are fetching a coffee?
What about password safes?
There are a number of software applications which claim to store your passwords securely - in an encrypted "safe". To use these you typically need to install the application on your PC or keep it on a USB stick (or in some cases use a cloud service), and remember a single master password which lets you into the "safe".
Some of these systems are sold by reputable companies, are well-regarded, and may meet your needs. The advantages of using STEN are ...
Some of these systems are sold by reputable companies, are well-regarded, and may meet your needs. The advantages of using STEN are ...
How can I use the STEN method at my workplace?
At work you are probably given a unique user account name and password to access the corporate network. You will typically be asked to change your password when you first use it, and most workplaces require you to change the password at regular intervals, such as every 30 days. The STEN method was invented ...
How do I use STEN if I need to change my password every 30 days?
Some systems require you to change your password at regular intervals, such as every 30, 60 or 90 days. This is most common for your computer account at work, but some websites may require it too. If you are a systems administrator, it is good practice to change admin account password for routers and firewalls periodically. Even for social media and other websites, it is not a bad idea to change your password every year or so.
This is not a problem for the STEN method. You can
This is not a problem for the STEN method. You can
What is wrong with using the same password at every website?
If you use the same password at every website, however long and complex it may be, then if a hacker manages to work out your password at one site they will be able to use it for all your websites. You may not be too worried if a hacker discovers your facebook or twitter password, but what if they can then use the same password to access your paypal, ebay, amazon or other online banking and e-commerce sites? What if they can use the same password to access your personal email? Or use web access to your work email and steal confidential information from your employer?
Hackers stealing passwords is not uncommon and there have been a number of high profile cases of entire password databases being stolen. Research into those databases also shows that (a) a significant number of people use simple, easy-to guess passwords, and (b) a significant number of people use the same password on multiple sites.
Hackers stealing passwords is not uncommon and there have been a number of high profile cases of entire password databases being stolen. Research into those databases also shows that (a) a significant number of people use simple, easy-to guess passwords, and (b) a significant number of people use the same password on multiple sites.
How do I know whether a website stores my password as plain text?
A secure website will store an encrypted or "hashed" version of your password (hashing is like a one-way encryption of the password so that the password cannot be deduced from the hash). This is done so that even the system and database administrators working at the website cannot work out what your password is.
Some websites are less secure than others though. One way you can be sure the website password system is insecure, is if you use the "forgot password" feature of the site, and the site sends you your password by email. If the site sends you a new password, it may be secure, but if the site sends you your original password, then that means your password was being stored in a database without any encryption at all. Avoid these sites if you can - if not, at least make sure that the password you use for that site is unique, so it can't be used to access any other website.
Some websites are less secure than others though. One way you can be sure the website password system is insecure, is if you use the "forgot password" feature of the site, and the site sends you your password by email. If the site sends you a new password, it may be secure, but if the site sends you your original password, then that means your password was being stored in a database without any encryption at all. Avoid these sites if you can - if not, at least make sure that the password you use for that site is unique, so it can't be used to access any other website.
Subscribe to:
Posts (Atom)