Encrypting Usernames and Passwords to and from their Destinations

If your memory is not good, that is what a password manager like Roboform is for! It doesn’t “protect” your passwords, but it is supposed to help you remember them!

Basically, you are saying that changing your password is useless because someone will find it, as there are millions of passwords listed on sites.

You have only to make a longer password.

I searched for “HarrypOTTER^incarcerous[at-bypass]me” and guess what? Google didn’t find anything. (Remember I used quotes…without quotes Google found some things, but those aren’t in the right order anyway.)

I just generated a password with LastPass:

E7vT6R8bz4

I Googled it. And did not find anything.

v941726, the chances of people finding either of those two passwords above are less than zero.

CIS 4 does not protect against a website taking your password. It protects against remote attacks and malware.

[b]If you:
(a) use a different password for each site you go to (Roboform should remember them for you),
(b) do not use common dictionary words in your password, unless you have non-dictionary words in it too, and put some numbers and symbols into the password, (it should be longer than 8 characters)
(c) make sure you don’t have viruses/spyware/keyloggers on your computer, and
(d) don’t give your password to any unknown sites (maybe use the WOT browser add-on to tell you about a site)

You won’t lose your passwords.[/b]

yeah. i’ll change it here… no problem. no. i dont save pwds in my browsers…its been compromised cuz it was easy to find on the internet though…not cuz i gave it out

go figure… i cant change my password here cuz its not correct…ha…

help mod? can you send me a temp to my email?

but im talking about googling a username and getting a password to go with it…the one you generated could have just easily have been sniffed…

i know what you mean about my password in question not being all that secure…i get that…i use it for sites that cant hurt me…at least financially…but now i may have been wrong…cuz some of those u/n and pwds i saw on the list were quite “goofy”, for lack of a better word…i mean not out of the dic. with a number added…you know what i mean…

sorry if im kind answering out of order here…im playing catch up

Hi,

can’t help you with that, I don’t have that power to do. Only admins can do that… Can’t you try to logout and use the password reset option ? (“I forgot my password”)

cheers,
eXp

that was a shout out and i guess someone heard it…lol its changed…but it will be interesting to see if it the change will turn up within a week or so

Google doesn’t just start finding people’s passwords…it must have been only because you either used it in an insecure site, on an infected computer, or they bruteforced it.

im not saying google found it…someone else did and posted them on the web…all i did was google my username for kicks to find it…i wasnt even expecting that. i was surprised as hell

Seems like a bunch of reasons why this is happening to you. Maybe you are a victim of a phishing site, maybe there was a keylogger on your pc or maybe your password was bruteforced.

I also notice that firefox has a password manager that can remember your passwords and then perhaps that is yet another reason. Maybe ppl can find a way to extract your passwords from those managers embedded in your browser(s) but I dunno. I never have my browser remember my passwords and I try to make my passwords longer than the standard 6 characters.

yes. i agree. there could be a bunch…i don’t save pwds except through roboform, which encrypts them…but we all know they can be snatched from the wire too…my pc im quite sure has been safe for a few yrs…

but i still think its a good thought and maybe good challenge for comodo

There isn’t much software can do to totally protect you…mostly up to you.

Use a different strong pass for each site.

i do agree that most is up to the individual…some of those pwd lists could be kind of old too…we all have lapses in judgment and let our guard down occasionally though…

i think i may have found a few programs that claim to, but i havent played with them yet.

http://news.yahoo.com/s/ytech_wguy/20100413/tc_ytech_wguy/ytech_wguy_tc1590
…just thought i would throw this in for fun

FYI, I didn’t say you have to change your passwords often I don’t think I did anyway 88)).

But there may be one point that that study overlooked: If someone is out to find your password, they may use the bruteforce technique. There is much less chance of them succeeding if you change passwords often.

But then again, a single strong password doesn’t really need to be changed.

I recently changed the password to my password manager (LastPass…I’m sure you have heard :P) because it was the same one to my email account. It was strong…but I wanted something better. My new one is quite memorable, yet almost impossible to guess. :smiley:

Made a security-fanatic’s day.

i came across it and couldnt resist posting it…i know you mentioned a strong password…not necessarily changing it often…

its if they can be snatched over the wire or not. a brute force attack would have to be connected to a computer…is it mine, yours, or whomever’s? or the servers you pass them to? just thoughtsif they can snatch them over the wire(which they can) download them to their machines and if encrypted run the bfa locally, or if not encrypted it wouldnt matter how strong the pwd was…so if they were encrypted from machine to machine, then a strong pwd would matter greatly…whoa! i hope that makes sense…lol…i better re-read this in a.m. i know what i mean…lol

btw, ive ried lastpass in the past…wasnt great then. stuck with roboform instead

give me a hint ;D

Most sites where you need to submit your password encrypt it, so people can’t steal it (like if you are in a public wi-fi hotspot).

For example, go to PayPal.com. In your browser somewhere, you should see a lock. If you click on it, it may say the connection is encrypted.

Because of this, your password and other details should stay safe.

Just make sure you see a lock, and the connection is encrypted, before you enter your details.

yes. but i mean on its way to their servers

The passwords are encrypted from your computer to their servers, I believe.

thats what i was wondering too…i read where some companies, including banks, are sloppy and take the cheap way out and leave them unencrypted in transit…

Don’t use that company or bank. :stuck_out_tongue: