How strong is your password?

jimbo45 said:

BANKS PHONE CALL SYSTEMS are really horrible -- I don't know how it works in the US but in Europe Banks tend to use these EXCRUTIATINGLY HIDEOUS Indian call centres --

Both my German banks, as well the on back in Finland, have local call centers. I have never waited longer than a minute or two, and when calling to my German banks the person who takes my call is German, answering in Germany. Same thing when I call my bank in Finland. All have the same kind of identification system, where first a computer takes care of my login before I'm connected to a person.

Login procedure, both phone banking and online banking, is also similar in all banks I use. Three strikes and out. Only way to reactivate the service is to order new one-time credentials, then log in using these to set up username, password and preferred identification methods. These one-time credentials are sent in my name, only to address what is known by the bank as my address, and I have to proof my identity in Post office when collecting the letter. By phone, I can only order new credentials using the number which is registered by the bank as my number.

I find European online and phone banking both secure, easy and fast. Full 10 points from me (https://www.sevenforums.com/security-...ml#post1242166).

Kari

Pc password is mediocre but that's what I expected, My network and wifi passwords come up as best.

richnrockville said:

Just an idea. Some financial institutions have implemented a 5 times and your out and then requires a phone call to the place to explain why you failed.

Surely it should be this way.
Plus, many banks here in Italy (but I assume this works in the rest of the world too) use one-time-password generators with numerical 6-character passwords lasting 20 seconds, to use in addition to the passwords (usually two, one for the login and a separate one for allowing operations on the account) chosen by the user.

Back in topic, anyway:

jimbo45 said:

You don't need to make all sorts of random and forgettable passwords which you probably store on a mobile phone or write down somewhere.

Of course you don't have to start from a completely random pattern (which you'll sooner or later have to write down), but from something you know you'll remember

Well, that's how usually a password of mine looks like (this is of course NOT any password of mine and never will be now that I unveiled it):
V0||3yb@||_Add!c7#14

If you read carefully you could read volleyball addict (which is something I don't risk to forget) and 14 (which is the number I use to wear when I play football and/or volley) in it. Couldn't you?
Then I made some substitutions (in a similar-to-leetspeek fashion, which I learnt some years ago and which comes automatic to me now every time I have to make a strong password):

• the first letters of the words are always uppercase
• 0 instead of the o
• | (pipe) instead of l (lowercase L letter)
• 3 instead of e
• @ instead of a (but I left the uppercase A at the beginning of the word)
• _ instead of the space
• ! instead of the i
• 7 instead of the t
• # before the number
• (in addition, I often put a K instead of the C and a k instead of the c, depending on the pronunciation, but in this password it doesn't apply)

(of course, anyone could adapt this set of substitutions to a set he/she likes the most or remembers the best: this is the one I've been using for years and I feel quite comfortable with it)

And here you can see the results:

PASSWORD METER


MS PASSWORD CHECKER


If anyone has ideas on how to improve this (I'm always open to suggestions), feel free to share!!

All of mine are Strong or Best so it is all good :)

Well to have a decent strength password you really just need to realize that most password crackers are using 'dictionaries'. Just stay away from words you can find in the dictionary, use a mix of lower, uppercase, and even numbers in it, and you are generally fine. 'leet-speak' as mentioned above is also a good way around that.

jimbo45 said:

richnrockville said:

FWIW:
I have always wondered why many financial institutions and other security sites allow almost an unlimited try at entering a password. That's how those password crackers work, keep testing. I would like to see a 15-30 minute timeout after say 3 bad password trys. This way the computers who try 10,000 different passwords won't keep trying as it won't be worth their time. then after about 3 times the timeout it keeps expanding the time between trys.

Just an idea. Some financial institutions have implemented a 5 times and your out and then requires a phone call to the place to explain why you failed.
Rich

Hi there

BANKS PHONE CALL SYSTEMS are really horrible -- I don't know how it works in the US but in Europe Banks tend to use these EXCRUTIATINGLY HIDEOUS Indian call centres --

After you've done the Zillions of multi-level menu options none of which fits your problem you then get 99.999% of the time typical messages like "Unfortunately due to the high volume of calls all our operators are busy -- but your Call is important to us and will be answered as soon as an operator is available" -- then unpleasant music and another 20 minutes wait meanwhile paying xxx EUR CENT a minute.

This occurs ANY time of the day or night on ANY day of the week so we all know its a Cash generating scam.

Finally when you DO get connected you then have to go through all sorts of B/S security which is probably sold on the streets of Bangalore for a few dollars.

Then the bozos at the other end usually read from prepared scripts so anything deviating from their normal business totally fazes them.

I remember back in Iceland before all this off shoring was done you would be told how many people were in the queue before your call was going to be answered and you had the option to press a number which would then automatically call you back when your turn was ready. This was available over 15 years ago -- nothing like this seems to exist anymore so where's the technology or Customer Service gone.

The whole area of telephone support has gone BACKWARDS in the last 10 years -- and just when you thought the whole horrid experience couldn't get any worse some places now make you SPEAK to an automated vocal questionare before you even get through to some sort of human at the other end -- great security when you are in a crowded office and need to discuss private Financial matters etc.

I've gone back to using old fashioned FAX -- don't laugh but it actually gets a quite a quick response.

The best solution is actually after your password has been invalidated x times is for you to have to set up the account again from scratch and the Bank will email you when it's activated.

No Phones, No stress etc etc.


Cheers
jimbo