William Benson
vbacreations at gmail.com
Mon Jan 23 00:14:15 CST 2012
I agree with that Darryl. A password strategy like you advocate is good.. if you are consistent. I am just saying a user who uses the same mail account to mix bank and news is asking for trouble. Segregating email accounts according to security category is better cost/benefit result than changing passwords every time I wipe my ...lips. IMHO. I use email addresses specific to purpose and degree of risk. IF someone steals my my mrbillbenson at gmail account they can ONLY affect areas of my life that I used that email for. I do not use that account to get password reminders for financial sites. In order for someone to attack my financial accounts they would need to hack a site that stores the email and pwd I use for financial ( only) transactions. _ > > On Jan 23, 2012 12:08 AM, "Darryl Collins" < darryl at whittleconsulting.com.au> wrote: >> >> Actually, I think it does have a lot to do about password use. Using the SAME password and email combo with external sites is where the weakness lies - regardless of how "strong" the password is. >> >> For example if you are using the same email account and password for both your email password login. (ie Myemail at yahoo.com.au with the password "Frogger") as being a registered user of the "OneEyedNews" comments section (so using "Myemail at yahoo.com.au" and "Frogger" password on the "OneEyedNews" site is the risk. A lot of folks do this as it is easier to recall just one password related your email account. >> >> Here's why, Because if the hacker can get the password and email details from "OneEyedNews", the can then use that combination to attempt to login to your email account. If the password is the same and they get access then you are at their mercy. They can either use your account without your knowledge, or lock you out of your own account (Change your own password to "Frogger2") and use the "Forgot Password" link on any other website you can use - many of which the can find out from your saved emails etc. >> >> In many cases clicking on the "Forget Password" link results in the site emailing you a new password or a link to reset your password the site. Clearly if this is a bank then your money is at risk - this is what happened in his example. >> >> So the warning is not to use you same email account and password combination. The lesson is to use a basic and throwaway type password that is wildly different to the ones you use to access your email account you signed up with when signing up to any external sites. >> >> Cheers >> Darryl >>