[AccessD] Tonya.Miller

William Benson vbacreations at gmail.com
Mon Jan 23 00:14:15 CST 2012


I agree with that Darryl. A password strategy like you advocate is good..
if you are consistent.

I am just saying a user who uses the same mail account to mix bank and news
is asking for trouble. Segregating email accounts according to security
category is better cost/benefit result than changing passwords every time I
wipe my ...lips.

IMHO.

 I use email addresses specific to purpose and degree of risk. IF someone
steals my my mrbillbenson at gmail account they can ONLY affect areas of my
life that I used that email for. I do not use that account to get password
reminders for financial sites. In order for someone to attack my financial
accounts they would need to hack a site that stores the email and pwd I use
for financial ( only) transactions.
_
>
> On Jan 23, 2012 12:08 AM, "Darryl Collins" <
darryl at whittleconsulting.com.au> wrote:
>>
>> Actually, I think it does have a lot to do about password use.  Using
the SAME password and email combo with external sites is where the weakness
lies - regardless of how "strong" the password is.
>>
>> For example if you are using the same email account and password for
both your email password login. (ie Myemail at yahoo.com.au with the password
"Frogger") as being a registered user of the "OneEyedNews" comments section
(so using "Myemail at yahoo.com.au"  and "Frogger" password on the
"OneEyedNews" site is the risk.  A lot of folks do this as it is easier to
recall just one password related your email account.
>>
>> Here's why, Because if the hacker can get the password and email details
from "OneEyedNews", the can then use that combination to attempt to login
to your email account.  If the password is the same and they get access
then you are at their mercy.  They can either use your account without your
knowledge, or lock you out of your own account (Change your own password to
"Frogger2") and use the "Forgot Password" link on any other website you can
use - many of which the can find out from your saved emails etc.
>>
>> In many cases clicking on the "Forget Password" link results in the site
emailing you a new password or a link to reset your password the site.
 Clearly if this is a bank then your money is at risk - this is what
happened in his example.
>>
>> So the warning is not to use you same email account and password
combination.  The lesson is to use a basic and throwaway type password that
is wildly different to the ones you use to access your email account you
signed up with when signing up to any external sites.
>>
>> Cheers
>> Darryl
>>


More information about the AccessD mailing list