Because it happens all the time :
I know you most likely know all of these and so do most people here. But if just one person does not. Here are
yashima's rules of passwording
- different site, different password
- longer passwords are better than shorter ones–longish begins around 12 characters, passwords of length 5-6 are a big-nono, I generate passwords with keepass and when away from keepass have a “scheme” that creates lengthy passwords I can remember until I get a chance to put them into keepass
- beware though that some sites limit password length and instead of telling you they just snip off a part and if their login form sucks your password will not match either.
- passwords with not just letters are better than just letter ones (but password length matters more)
- don’t use words or dates or other stuff you can easily remember–long and obscure phrases might work
- use two factor when your finances could be affected severely (aka banking not online shopping) or you value that account very highly (email for password recovery on other sites counts)–guard your 2 factor and the restoration codes! Two factor becomes a problem if you lose the 2nd factor which is absolutely possible and happens.
- much off those hacks are automated, so anything that will fool automation helps. f.e. use different logins to each site
- bonus content: do not store your credit/bank account data permanently at any site (I make an exception for paypal because without it that won’t function). Sites get hacked all the time and most of the time they will not tell you
- more bonus content: one of the more likely ways to lose an account are fishing emails. These are quite sophisticated these days. Any unsoliticited email that wants you to click on a link has an 80:20 chance that it is a fishing mail. My colleague almost fell for one the only thing that saved her was that she had been warned IT were testing every one. If it had been a real one out of context, she would have clicked on it. She’s a software dev!
- one more: clean up after yourself. If you stop using a site for good, take out your content and have your account deleted.
I use a password manager (keepass) mine is offline. There are various versions of storing all those different passwords. My dad uses a paper notebook. Which actually is one of the more secure ways to store passwords. Just not very comfortable to use and also does not protect him from key-loggers.
@ other techies please correct me or add to this list.
Saw this on r/coolguides the other day and I admit even I was shocked how short times are–even if they are not totally accurate, these numbers are shocking but quite believable:
I get interesting knowledge here about languages, history and other things. If this is me stating the obvious stuff, I apologize but if it helps anyone I would love to be able to help.