Wednesday, 17 February 2021

Proofreading help request

This is something I have written for a project I am currently writing. Any corrections/suggestions gratefully recieved.

Advice on setting and managing passwords

This is a selection of advice on setting and managing password when signing up to a site on the internet. The idea is that anyone who doesn't have a lot of experience with the world wide web isn't just thrown in at the deep end.

If you just want the short version: use a password manager and take advantage of not having to remember all your passwords to set a different complex password on every site. Also take especially good care of your email account password.

Password Managers

If you take nothing else away from reading this then I hope you start using a password manager. You may have heard that they are a risk. Yes they are, like all software it is incredibly difficult to ensure they are entirely free of errors however I subscribe to the view that Password managers don't have to be perfect, they just have to be better than not having one[1]. There are three main options for you:

3rd party password managers

When people talk about password managers, they invariably mean 3rd party software that you use to store your passwords. The full run down on how to pick on and why that one will be the right one for you would take a very long article itself but there are three main questions to ask yourself.

Are you signing into lots of websites and apps across several computers/devices?
If this is the case you'll need to look at the options for sharing the passwords across devices. This may come as standard or as a paid upgrade. Some managers use your existing storage (Dropbox, Google Drive, One Drive etc.) to do this, in that case you need to make very sure that you don't put anything that can be used to guess your master password in that storage.
Are you good at remembering passwords?
It might seem silly to ask this when talking about finding a service designed to remember passwords for you, but you still have to remember one very important one, that gets you into your password manager. As a general principle those password managers that are a web based service themselves are more likely to have account recovery tools, but do make sure to double check.
Will you want to share passwords with other people?
This is easy in some managers although you may need to pay extra for it, while in others you can't do it without sharing the whole set of passwords and giving the other person your master password.

A few that you might want to look into are: Lastpass, 1Password, Bitwarden, Enpass, keepass.

Browser built ins

If you use the same web browser whenever you use the internet then you can just use that to store passwords (it is probably nagging you to do this already). This can even work across multiple computers/devices if you are signed into the browser and it is syncing your data. All the major browsers offer this, although it can run into issues if you don't use the same brand of devices as your main computer. These built in password managers offer encrypted storage and complex password suggestions.

A diary

If you have ever worked in an office you have probably been told that writing passwords down is a terrible thing to do. And they will have been right, when thinking about the risks that exist in an office, which are mainly other employees and those attempting to get private company information to sell to competitors[2]. In your home life the risks are very different, and for most people that is online ne'er-do-wells trying to get your personal information and bank card numbers, in this situation passwords, written in a book, locked in a drawer is a sensible choice.

Creating a Password

Completely random strings

Now you have been convinced to use a password manager, you can just use the “generate password” feature and away you go (although you may need to fiddle with the settings to deal with different rules sites have about what needs to be in a password).

If you are not using a password manager, or yours doesn't come with a random password generator, try one of these ideas:

Three random words

Otherwise known as Correct Horse Battery Staple after a cartoon, Three random words or #thinkrandom is a way to generate passwords that are both strong and memorable. This is the method the “Generate Password” button uses. I would actually advise against using this function if you have to remember the password as it will always be more memorable if you come up with the words yourself. However if you need inspiration or are using a password manager to remember the password, go right ahead. If you are on a site that wants numbers or punctuation characters, you can add some at the end or swap out letters i or l becomes 1, a becomes 4 and so on, or make up your own.

I see a little silhouetto of a man, Scaramouche, Scaramouche, Will you do the Fandango?

Another way to create memorable passwords that are difficult for someone else to guess is to take a phrase, saying, quote, song lyric or similar and use the initials. So “I see a little silhouetto of a man, Scaramouche, Scaramouche, Will you do the Fandango?” becomes “IsalsoamSSWydtF?” if the password rules require numbers or punctuation characters you can substitute them in, or just use a phrase that has them in to start with “There are 106 miles to Chicago, we have a full tank of gas, half a pack of cigarettes, it's dark and we're wearing sunglasses!”

Other considerations

But this page contradicts what I have been told by someone

For a start, different risks need different levels of protection, this advice is good enough for most websites but might not fly for systems containing large amounts of sensitive, personal, or financial information. It also benefits from not having to line up with lots of external rules and regulations. If you want a good all round read on passwords try “Password policy: updating your approach”.

You've got mail

Even if they have other steps involved like security questions (don't forget you don't have to tell the truth for these, three random words works especially well for them if you might need to use them over the phone) most self-service password reset systems rely on the idea that your email account is secure and you are the only person who has access to it (or at least you trust everyone who does implicitly) so use a strong and unique password for your email (and if you can think about turning on 2 factor authentication).

What if my password is stolen

One of the reasons to not remember passwords yourself is that best practice is to use a different one for every different login. Why? Because when someone gets hold of a stolen database of passwords, they will often try those passwords out on other sites, if people have used the same details there then they can get in. This is especially a problem these days where most sites don't ask you to set a separate user-name, but just use email addresses. There is a service called “Pwned Passwords” that will allow you to check if a password has appeared in one of the many databases that has been stolen and posted on the internet[3]. This is what we use to check your password before we will accept it. This functionality or similar is now being built into several password managers and similar products. If you are wondering about the name, then just understand that like any group nerds have their own jargon.

How worried should I be if my password is in the pwnedpasswords.com list

It depends. If your password is Fido2018 then it might not be your password but someone else's that is in the list and they don't have the association with your email address. After all how many hundreds of people will have got a dog in 2018 and called it Fido. You should probably still change it just in case it is your actual password (and in this case it is a very poor password). On the other hand if it is unlikely that anyone else has the same password and you have used it on multiple sites then it is probably best if the first thing you do after getting your new password manager is spend an evening changing all your passwords.


[1] There are of course people working in high security jobs for whom this doesn't hold true, but I don't expect them to be reading this advice.

[2] Your company risk profile may vary, but whatever it is, it is unlikely to be the cat trying to order Dreamies in bulk which is a multi-million-pound issue in home information security.

[3] There is a companion service called “Have I Been Pwned” that will take your email address and let you know if they appear in any stolen databases that they know of.

[4] This section of a very long blog post about the system explains how we can check a password is or isn't in the data set without either revealing the password to the service or downloading 650 million passwords to search ourselves.

19 comments:

Jessica Knight said...

LiveWebTutors provides reliable Homework help services in USA at affordable rates. Order Now and get get the plagiarism-free work within the deadlines.

https://www.livewebtutors.com/usa/homework-help

Home Services said...

Providing IT professionals with a unique blend of original content, Read the latest news and tips special reports, videos & photos of industries as well as useful tricks and tips to help you get your finite element.

Wade Wilson said...

That's a wonderful blog and that's right, the password must be special. I remember my Buy Assignment service friends had some work to do. So they didn't have much trouble opening the puck because we all have a special code.

nsdigitalworld said...

Setting an internet password for all our sites could be very important & very beneficial article on creating and managing password is included through a totally useful article in your blog. I will recommend all my friends to read this & get the benefit. I am operating in BPO & I would like to inform you that experienced https://www.techclient.com/top-7-bpo-companies-and-why-should-you-use-hire-such-specialists/companies help you to reduce cost, save time & optimize the workflow. One may take a look at the Techclient forum where the distinct article on top BOP organizations & the need to hire them is published. Believe me, guys this forum is excellent at is always posted a very useful article.

normangdrum789 said...

That's an exceptional blog and that is correct, the password should be special. If you have got a hassle in creating & managing your passwords then this text is meant for you. This publication will properly guide on this. Another beneficial article on fine Mobile App Development Company Hiring Tips is also posted by the https://www.techglobex.net/2021/09/mobile-app-development-company-hiring-tips.html forum, I will endorse all of you to examine these awesome hints. This short guide ought to help you to make the selections you want to before then you hire a mobile App Development Company I should say Techglobex forum is one of the first-class forums because it alwyays publishes an editorial beneficial to all categories of people.

billirogers said...

This article at your weblog will help individuals who constantly fail in growing at ease passwords. This newsletter will assist them in the proper way to address their passwords. Thanks for the sort of beneficial article. I will advocate for all my pals to study those who locate difficult to create & manage their network passwords. The other discussion board which I liked the maximum is https://www.voilanorbert.com/blog/ecommerce-customer-experience/ forum which constantly published very useful articles. The latest article at this forum on eCommerce customer experience is hot selected & appreciated by a maximum of the readers. This e-newsletter beautifully covered all of the elements that make a contribution to an outstanding eCommerce user experience. I recommend everyone to examine this on this discussion board.

Roadrunner Support said...

I am happy to be here and this wonderful blog. I have found here lots of important information for my knowledge I need. Thanks for sharing this amazing post. For Instant Support related to Change Roadrunner Email Password please contact roadrunner support team for solution.

Will Kolson said...

You can unique law assignments writing UK, Law dissertations, Law coursework writing, case study, civil law, and proofreading at a cheap price.

jessciacarvin said...

I'm delighted to be here and to be reading this amazing blog. I've found a wealth of useful material here to enhance my existing expertise. Thank you for sharing this fantastic article. My essay writing website, I recall, had some work to do. Because we all had a particular code, they didn't have much issue opening the puck.
https://www.essaywritingservices.ca/website-that-write-essays-for-you/

lena kim said...

If you're in need of a Edmonton foundation repair , then look no further than Rammafoundation. Our team of experienced and qualified professionals will take care of everything from the consultation stage to the final installation. We understand that sometimes things happen that can compromise the integrity of your home's foundation, and that's why we're here to help. With our years of experience, we'll identify the problem and offer a solution that meets your specific needs. Contact us today and let us get started on restoring your home's foundation to its former glory!

Smith Williams said...

The growing demand for electric cars (EVs) is propelling the battery electrolyte market market growth, owing to the growing focus on sustainable development and awareness of the negative effects of utilising petroleum-based automobiles. Furthermore, governments in a number of countries are providing subsidies and implementing favourable policies to encourage the adoption of electric vehicles, which is adding to market growth.


Also Read: soy protein market, baseball equipment market, vegetable protein market

unknown said...

Royalcasino45

dry bulk trucking said...

Looking for a reliable and affordable way to transport large quantities of cargo? Hasten Contracting is your go-to option! We offer a wide range of dry bulk trucking options in Houston, Texas that are perfect for transporting anything from coal to grain. We understand the importance of convenience and reliability, which dry bulk transportation services houstonis why we offer a fully automated trucking system that ensures your cargo is delivered on time and in perfect condition. Contact us today to learn more about our dry bulk trucking services in Houston!

BiggieBigg said...

There are a number of different types of dog training dubai out there, so it's important to find one that matches your needs and preferences. Some offer full-time care, while others offer care during specific hours or on certain days of the week. You can also choose from facilities that are open all year round or those that are seasonal only.

Jenna said...

Rapid NYC Towing is a reliable and affordable option for anyone who needs Emergency Roadside Assistance In Long Island City fast. Contact them today if you need their help!

Loan providers near me said...

Small and medium-sized businesses (SMEs) and corporates, both require funding to support their working capital. The lack of working capital prevents businesses from expanding and growing. TACB’s credit team analyse a client’s business to determine their needs, then propose and arrange financing from banks and otherTrusted financial services company in Dubai institutions.The products stated above will help the company’s cash flow. TACB can aid the firm in a professional manner because of their strong relationships with prominent banks and financial institutions, as well as their significant experience in drafting such proposals.

Unknown said...

The term "proofreading" refers to carefully reviewing your writing to identify and correct typographical mistakes and errors in style, grammar, and spelling. Dubai Mobile App Development

lyrics songs said...

I understand this blog is very well understood, but now I have taken and am taking product for my family and I have got information from very good site https://affitrends.com/ and I So from this I take all the products such as laptop phone gaming TV and much more, then hurry up, the offer should not go out of hand.

Residential vinyl fencing Edmonton alberta said...

Our mission to provide each and every customer with the best possible vinyl fencing edmonton canada and the highest level of customer service. We understand how important security is to you, vinyl fencing system in canada and that is why we have honed our technique for over 20 years to create a perfect fence no matter the project.