Knowledge Base
Community

Password Length

Started by: k89bpa
On: 14/01/2019 | 00:48
Replies: 28
Reply

Go to best answer
by: k89bpa
on: 14/01/2019 | 22:24

@4128334 wrote:


You do not scare me with what you are saying, you seem to be trying to.
However you may frighten other elderly members on here.
So please tone down your responses.

No.

 

This is a real issue, things like this really happen, people need to be aware and they need to take their online security seriously.

 

I know people who have been affected in such a manner as I have described and I know of many more, which is one of the reasons that I'm disgusted with myself for not changing that particular password referred to in the opening post for five years, (even though that particular account did have two factor authentication enabled). 

 

I did and do know better and still managed to not bother following my own advice when the most recent compromising of online accounts among those I know personally was 2017, (you'd think that would have prompted me to do my own security audit, but no, lol). 

 

Look, at the end of the day as individuals people can do whatever they want, I don't care, (really I don't, I couldn't give a monkey's if you all get hacked/compromised, it's none of my business).

 

However, from a company perspective that's different and giffgaff actually have a responsibility to promote healthy online security practices, PARTICULARLY after we have seen their users have their accounts here compromised because of the things we are talking about here and the abysmal responses from the support department that people have shared.

 

Prevention is clearly better than cure.

 

And that's the point of the thread. 

Huawei P20 Pro | 9.0.0 | Data Plan: 80GB

Message 21 of 29
by: pault1974
on: 14/01/2019 | 23:12

Well, you've convinced me @k89bpa.

 

Up until an hour ago I used the same password for everything, and I mean EVERYTHING, now they are all different and made up of a random number of letters, numbers, and symbols.  All now stored in a password manager.

 

I'm not sure about making users members change their passwords every three to six months though.  Perhaps make it opt in like Microsoft do with the option to force you to change your password every 72 days (I think it's every 72 days) 

 

I would even be happy with 2FA as long as you have the choice of receiving a code via text, call, or email.

Message 22 of 29
by: k89bpa
on: 14/01/2019 | 23:37 edited: 14/01/2019 | 23:39

@pault1974 wrote:

 

Up until an hour ago I used the same password for everything, and I mean EVERYTHING, now they are all different and made up of a random number of letters, numbers, and symbols.  All now stored in a password manager.

Nice one! You've just increased your online security and reduced the potential risks to yourself manyfold!

 

My passwords are the same, (although I haven't bothered with symbols - I've gone for length instead where possible - as you could have probably guessed from me talking about the password managers master password, lol). 

 

@pault1974 wrote:

 

 

I'm not sure about making users members change their passwords every three to six months though.  Perhaps make it opt in like Microsoft do with the option to force you to change your password every 72 days (I think it's every 72 days) 

That could be an option. 

 

The concern would be that giffgaff are gonna continually look bad if people keep getting caught out in the way that those who've experienced unauthorized SIM swaps have been continue to be caught out in such a manner and support remains so poor. 

 

It's not actually giffgaff's fault when this happens, but it leads to a situation which from where I'm sitting does expose the very poor levels of support available from the company and it does so in a very public way. 

 

Clearly giffgaff aren't gonna bother increasing the level of support which people receive, (I've been looking and the pattern of really poor support goes back a really long time), and so the next best thing to do is to work to decrease the number of instances where people are exposed to this level of support. 

 

If they do as you have done, great! That's gonna stop the unauthorized account access cases, (the overwhelming majority anyway - there are still some attack vectors), but if they don't, (which the majority probably won't), the problem will persist. 

 

Forcing a change of password will reduce this quite dramatically. 

 

If it's optional, and we have the majority of people not using unique passwords, then it's not gonna have the desired effect so it has to very much be an all or nothing kinda thing I think. I wouldn't say no to the opt-in anyway, some people would use it, but in terms of reducing the exposure to fraudulent activity and the exposure publicly how bad support is, it's gonna be virtually useless. 

 

Two factor authentication is the best of all world's, but it's been suggested repeatedly for years, giffgaff clearly have zero interest in such a solution. 

Huawei P20 Pro | 9.0.0 | Data Plan: 80GB

Message 23 of 29
by: 4128334
on: 15/01/2019 | 00:26 edited: 15/01/2019 | 00:27

@k89bpa
Good Morning,
I expected you to respect my wishes and not post to me again.
I an not interested in what you are saying, I am quite happy with my security as it is.
So I hope you will stop addressing these long posts to me, it is falling on stony ground.

Get a free giffgaff Sim
Message 24 of 29
by: k89bpa
on: 15/01/2019 | 02:17

@4128334 just an FYI...

 

If someone quotes one of your posts and responds, they are responding to the comments they are quoting, they are not necessarily directing their response to the person they are quoting.

 

I did respect your wishes which is why you did not receive a notification, however I wanted to answer what you said because some people may be interested and may find it beneficial. 

 

If someone "at mentions" you, (as I have at the beginning of this post), then they are directing their comments towards you. 

 

Please note the difference.

 

And for clarity, I've directed this post at you to give you a direct response to your accusation, (the claim that I did not respect your wishes), and for no other reason. 

Huawei P20 Pro | 9.0.0 | Data Plan: 80GB

Message 25 of 29
by: endorphin
on: 15/01/2019 | 11:29

@k89bpa wrote:

If someone quotes one of your posts and responds, they are responding to the comments they are quoting, they are not necessarily directing their response to the person they are quoting.

FYI when you quote a post an automatic @ mention is included which will send the poster quoted a notification.

 

I too had a couple of passwords which I slightly altered according to a rule I had devised for each website. I was always worried that if one of these passwords were uncovered then the hackers could easily discover what my rule was and attack other sites. I was given a jolt when I received an email which quoted one of my passwords but not the site it was used on. This led me to start using a password manager and changing the passwords on all my accounts.

 

I now feel a lot more secure knowing that I have unique and very strong passwords everywhere.

Get a free giffgaff SIM/microSIM/nanoSIM with free £5 credit
Message 26 of 29
by: k89bpa
on: 15/01/2019 | 13:07 edited: 15/01/2019 | 13:11

@endorphin wrote:

FYI when you quote a post an automatic @ mention is included which will send the poster quoted a notification.

Not true.

 

I have never received a notification when someone has quoted something I have said, either in the site notification feed or by email. The "at mention" in the quote is entirely cosmetic.

 

In terms of the discussion about passwords that's a good lesson for people. 

Huawei P20 Pro | 9.0.0 | Data Plan: 80GB

Message 27 of 29
Highlighted
by: endorphin
on: 15/01/2019 | 17:53

@k89bpa wrote:

@endorphin wrote:

FYI when you quote a post an automatic @ mention is included which will send the poster quoted a notification.

Not true.

You're right! My bad!

 

Click to reveal
Must try harder.
Get a free giffgaff SIM/microSIM/nanoSIM with free £5 credit
Message 28 of 29
by: sandramoakley6
on: 23/01/2019 | 23:54

talking to a secutity assesor most pasword hakers use comon lits of passwords or most likely ones or a brut force use every letter aproach. one thing that they struggle with is case sensative passwords. 

so password 1234 nano second

PAssWorD1234 not esay. 

now randomly change case over 16 letters with symboles and number and the hackers will start to have trouble. 

for an exra layer on your own pc instal an old language.. russian ...manderin and use and unusual symbol.. i the hacker is using normal pc it unlikley have the more unusual symbols.. 

 

Message 29 of 29