Hackers Have Access To 1 in 5 Microsoft Logins

[exfileme]

Microsoft blames the re-use of passwords for the high account hacking rate.

Hackers Have Access To 1 in 5 Microsoft Logins : Read more

 

[A Bad Day]

Reusing passwords, '1234' password.

The problem often exist between the chair and the keyboard.

 

[nukemaster]

[citation][nom]A Bad Day[/nom]Reusing passwords, '1234' password.The problem often exist between the chair and the keyboard.[/citation]
That's the kind of thing an idiot would have on his luggage!

 

[_Cubase_]

I'm all for being safe, making sure passwords are different across multiple accounts, and using a full ASCII character set (with no dictionary words). But damn, that's a lot of complicated passwords to try and remember!

Heck, as a result: some of my accounts are so secure, even I can't get into them any more!!

 

[Camikazi]

[citation][nom]_Cubase_[/nom]I'm all for being safe, making sure passwords are different across multiple accounts, and using a full ASCII character set (with no dictionary words). But damn, that's a lot of complicated passwords to try and remember!Heck, as a result: some of my accounts are so secure, even I can't get into them any more!![/citation]
Yep that has happened to me too, I made the password so good and so secure that I forgot them and had to reset the password.

 

[captaincharisma]

[citation][nom]A Bad Day[/nom]Reusing passwords, '1234' password.The problem often exist between the chair and the keyboard.[/citation]

hey passwords have to be at least 8 characters long these days so it would be "12345678"

 

[tomfreak]

well Cubase, I got a whole list of diff accounts and services with diff long passwords that some of the rarely use login I couldnt remember at all. Good thing is I write all of them in 1 place and keep safe somewhere just for reminder. So unless someonebreak into my house, it is much harder to retrive all my login via online hacking.

 

[ltdementhial]

My last pasword was mA476FC31q7p8, i often have the same password for several things (MSN, Facebook, Steam, Twitter, xbox live-gfwl, PSN,here and there) but i change them every 2 months even sometimes earlyer (like when psn got hacked, or the steam leaked credit cards) but it works for me i have 6 years with my hotmail and i never been "hacked" with twitter, fb and sites that require registration i never had a problem, fb and twitter the same, only twitter once i became a "bot" by making a retweet but that was easy to fix, xbox live, PSN and steam only if they hack it i change password...i have only changed 3 times my xbox live-gfwl password, and thats because A: i forgot it or B: i feel that change them is better.

 

[Guest]

I use a password "manager", like Keypass. (heck, it is keypass, but there are other solutions).

Use the same password if it doesn't matter, but use a unique password if it does. That means I have about 14 different passwords, which I could never remember. Also remember length is a lot better than different characters. i.e. correcthorsebatterystaple is a lot better than Tr0ub4do&3 (check out xkcd if you don't believe this).

But with a software like KeyPass, you can generate long random passwords in 1 second and never have to worry about remembering.

 

[velocityg4]

The main problem with multiple passwords is people can't remember them all or what password goes to which service. I'd imagine a large portion of that 80% of matching usernames with different passwords are because those usernames belong to different people. Since so many just use their name or popular word and just accept a number placed after it. So JSmith12@gmail.com is likely different than JSmith12 at Toms Hardware.

Password managers have a similar flaw to using the same password for every site. Namely all that needs to be broken is the password for the manager then all are broken. As many use remote servers a hacker just needs to gain access to that server then they have all passwords of all users stored on that server.

The other weakness never discussed are security questions. This has two fatal flaws. Usually the answer is much weaker than the password (ie Best friend in High School? Joe.). To counteract this my security question answers are as tough as my passwords. The second being that the password can be reset. This means the account is not encrypted by its unique password. While that means you can recover your account. That also means a hacker just needs to gain access to the system for access to thousands or millions of accounts.

 

[therabiddeer]

[citation][nom]A Bad Day[/nom]Reusing passwords, '1234' password.The problem often exist between the chair and the keyboard.[/citation]
That's amazing, I've got the same combination on my luggage!

 

[therabiddeer]

Also, I cant be bothered to use unique passwords for every single site that I go to. I will admit it, I reuse passwords. If it is something that I have an interest in protecting, I will keep it unique. Otherwise, its probably a reused password. I am sorry that I cant remember 30+ passwords and different usernames with different password rules. Off-site authentication (keychains, SMS, or others) is the best security option

 

[jhansonxi]

[citation][nom]Andy Chow[/nom]I use a password "manager", like Keypass.[/citation]
KeypassX is the Linux version and uses the same database as Keypass on Windows.

 

[bebangs]

im just tired of changing password, i just dont care anymore for all the passwords in any website or forums (including microsoft).

 

[jaquith]

[citation][nom]jhansonxi[/nom]KeypassX is the Linux version and uses the same database as Keypass on Windows.[/citation]
Until someone finds an exploit then all your passwords are open game. My critical stuff has the passwords changed every month and I type gibberish -- &)*YT &)^ hdHSfg87gy9%$^%&

 

[shahrooz]

[citation][nom]_Cubase_[/nom]I'm all for being safe, making sure passwords are different across multiple accounts, and using a full ASCII character set (with no dictionary words). But damn, that's a lot of complicated passwords to try and remember!Heck, as a result: some of my accounts are so secure, even I can't get into them any more!![/citation]
dude you can use lastpass addon like me lastpass . com

 

[kyuuketsuki]

I'm all for strong passwords, but a couple problems:

1) Some websites use ridiculous restrictions that actually make it harder to make a secure password (i.e. has to be exactly 8 characters, no special characters, no spaces, no punctuation, etc.).

2) As has been pointed out numerous times already, expecting people to keep unique, strong passwords for 10, 20, 30, however many different sites they use is simply unrealistic. I myself reuse 3 or 4 relatively low-strength passwords for forums and other things where getting the account breached isn't really a huge concern. For any financial website (e.g. banking), I will take the time to create and remember a complex, unique password (although there are a couple financial websites I use where I CAN'T make a good password because of the aforementioned dumbass restrictions).

All websites need to move to passphrases (e.g. "See spot run to the bathroom.") rather than passwords. Passphrases are both easy to remember and more secure than even a strong, complex password. Of course, you can't do anything about the idiots that use things like their kids' names and other things that are easy to guess no matter what you do.

As for things like Keypass, I don't feel that having all my passwords recorded in one place that somebody could conceivably breach is terribly secure. Might as well write all my passwords down on a piece of paper and toss it in my desk drawer.

 

[molo9000]

The problem is that you need an account for EVERYTHING these days. Nobody can remember 30 different passwords.

Strong, unique passwords for email-accounts, paypal, etc. are a must, but for everything else it's just not possible.

 

[CaedenV]

*sigh* it really is a problem. I have this friend (for lack of a better word) who has a knack of being hacked. She uses the same password for EVERYTHING, and we all told her that her day was coming... and then it came.
Day one her Yahoo acct was compromised
Day 2 her windows login, FB, and several other sites were done
Day 3 every site she used (banks, forums, social media, etc) were all shot to hell.

Fast forward a year and she has it all cleaned up now... but she still uses a single password for everything, and it is based on the name of a family member.
Suffice to say that at work she is now required to change her password every 2 weeks, and she still doesn't understand why.

BTW: this is an otherwise relatively intelligent person.

 

[john_4]

[citation][nom]molo9000[/nom]The problem is that you need an account for EVERYTHING these days. Nobody can remember 30 different passwords.Strong, unique passwords for email-accounts, paypal, etc. are a must, but for everything else it's just not possible.[/citation]
I prefer to use the password "password" on all my sensitive accounts, end sarcasm.
Actually You could use a Libre Office document that is passworded or you could encrypt a text file (Truecrypt comes to mind) and list all your accounts there. Works great just don't loose it, keep a updated backup somewhere safe. There are programs that do this for you but I don't trust them.