Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How strong is your password?

16 Feb 2011   #21
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Quote   Quote: Originally Posted by richnrockville View Post
FWIW:
I have always wondered why many financial institutions and other security sites allow almost an unlimited try at entering a password. That's how those password crackers work, keep testing. I would like to see a 15-30 minute timeout after say 3 bad password trys. This way the computers who try 10,000 different passwords won't keep trying as it won't be worth their time. then after about 3 times the timeout it keeps expanding the time between trys.

Just an idea. Some financial institutions have implemented a 5 times and your out and then requires a phone call to the place to explain why you failed.
Rich

Hi there

BANKS PHONE CALL SYSTEMS are really horrible -- I don't know how it works in the US but in Europe Banks tend to use these EXCRUTIATINGLY HIDEOUS Indian call centres --

After you've done the Zillions of multi-level menu options none of which fits your problem you then get 99.999% of the time typical messages like "Unfortunately due to the high volume of calls all our operators are busy -- but your Call is important to us and will be answered as soon as an operator is available" -- then unpleasant music and another 20 minutes wait meanwhile paying xxx EUR CENT a minute.

This occurs ANY time of the day or night on ANY day of the week so we all know its a Cash generating scam.

Finally when you DO get connected you then have to go through all sorts of B/S security which is probably sold on the streets of Bangalore for a few dollars.

Then the bozos at the other end usually read from prepared scripts so anything deviating from their normal business totally fazes them.

I remember back in Iceland before all this off shoring was done you would be told how many people were in the queue before your call was going to be answered and you had the option to press a number which would then automatically call you back when your turn was ready. This was available over 15 years ago -- nothing like this seems to exist anymore so where's the technology or Customer Service gone.

The whole area of telephone support has gone BACKWARDS in the last 10 years -- and just when you thought the whole horrid experience couldn't get any worse some places now make you SPEAK to an automated vocal questionare before you even get through to some sort of human at the other end -- great security when you are in a crowded office and need to discuss private Financial matters etc.

I've gone back to using old fashioned FAX -- don't laugh but it actually gets a quite a quick response.

The best solution is actually after your password has been invalidated x times is for you to have to set up the account again from scratch and the Bank will email you when it's activated.

No Phones, No stress etc etc.


Cheers
jimbo


My System SpecsSystem Spec
.
16 Feb 2011   #22
Fayla

Windows 7 Professional 64 Bit SP1
 
 

I have a college diploma and honors degree in Computer Networking and I.T. Support. This kind of career path would have led to one of such call center jobs (one possible route), but like you said, most companies seem to do this foreign call center setup. It's quite hard to find work in this field nowadays, even more so when the few remaining hands on technical supports are fast vanishing.

I've pretty much written off my education as wasted time and look for work elsewhere

Quote   Quote: Originally Posted by jimbo45 View Post
Quote   Quote: Originally Posted by richnrockville View Post
FWIW:
I have always wondered why many financial institutions and other security sites allow almost an unlimited try at entering a password. That's how those password crackers work, keep testing. I would like to see a 15-30 minute timeout after say 3 bad password trys. This way the computers who try 10,000 different passwords won't keep trying as it won't be worth their time. then after about 3 times the timeout it keeps expanding the time between trys.

Just an idea. Some financial institutions have implemented a 5 times and your out and then requires a phone call to the place to explain why you failed.
Rich
...
BANKS PHONE CALL SYSTEMS are really horrible -- I don't know how it works in the US but in Europe Banks tend to use these EXCRUTIATINGLY HIDEOUS Indian call centres --
...

Cheers
jimbo
My System SpecsSystem Spec
16 Feb 2011   #23
Kari

 

Quote   Quote: Originally Posted by jimbo45 View Post
BANKS PHONE CALL SYSTEMS are really horrible -- I don't know how it works in the US but in Europe Banks tend to use these EXCRUTIATINGLY HIDEOUS Indian call centres --
Both my German banks, as well the on back in Finland, have local call centers. I have never waited longer than a minute or two, and when calling to my German banks the person who takes my call is German, answering in Germany. Same thing when I call my bank in Finland. All have the same kind of identification system, where first a computer takes care of my login before I'm connected to a person.

Login procedure, both phone banking and online banking, is also similar in all banks I use. Three strikes and out. Only way to reactivate the service is to order new one-time credentials, then log in using these to set up username, password and preferred identification methods. These one-time credentials are sent in my name, only to address what is known by the bank as my address, and I have to proof my identity in Post office when collecting the letter. By phone, I can only order new credentials using the number which is registered by the bank as my number.

I find European online and phone banking both secure, easy and fast. Full 10 points from me (Intel pushes password-pumping mojo).

Kari
My System SpecsSystem Spec
.

16 Feb 2011   #24
Maguscreed

Microsoft Community Contributor Award Recipient

Windows 7 x64
 
 

Pc password is mediocre but that's what I expected, My network and wifi passwords come up as best.
My System SpecsSystem Spec
16 Feb 2011   #25
Julio Cortez

Windows 10 1703
 
 

Quote   Quote: Originally Posted by richnrockville View Post
Just an idea. Some financial institutions have implemented a 5 times and your out and then requires a phone call to the place to explain why you failed.
Surely it should be this way.
Plus, many banks here in Italy (but I assume this works in the rest of the world too) use one-time-password generators with numerical 6-character passwords lasting 20 seconds, to use in addition to the passwords (usually two, one for the login and a separate one for allowing operations on the account) chosen by the user.

Back in topic, anyway:
Quote   Quote: Originally Posted by jimbo45 View Post
You don't need to make all sorts of random and forgettable passwords which you probably store on a mobile phone or write down somewhere.
Of course you don't have to start from a completely random pattern (which you'll sooner or later have to write down), but from something you know you'll remember

Well, that's how usually a password of mine looks like (this is of course NOT any password of mine and never will be now that I unveiled it):
V0||3yb@||_Add!c7#14

If you read carefully you could read volleyball addict (which is something I don't risk to forget) and 14 (which is the number I use to wear when I play football and/or volley) in it. Couldn't you?
Then I made some substitutions (in a similar-to-leetspeek fashion, which I learnt some years ago and which comes automatic to me now every time I have to make a strong password):
  • the first letters of the words are always uppercase
  • 0 instead of the o
  • | (pipe) instead of l (lowercase L letter)
  • 3 instead of e
  • @ instead of a (but I left the uppercase A at the beginning of the word)
  • _ instead of the space
  • ! instead of the i
  • 7 instead of the t
  • # before the number
  • (in addition, I often put a K instead of the C and a k instead of the c, depending on the pronunciation, but in this password it doesn't apply)
(of course, anyone could adapt this set of substitutions to a set he/she likes the most or remembers the best: this is the one I've been using for years and I feel quite comfortable with it)

And here you can see the results:

PASSWORD METER
How strong is your password?-tpm.png

MS PASSWORD CHECKER
How strong is your password?-ms.png

If anyone has ideas on how to improve this (I'm always open to suggestions), feel free to share!!


My System SpecsSystem Spec
16 Feb 2011   #26
Shadowjk

Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
 
 

All of mine are Strong or Best so it is all good
My System SpecsSystem Spec
16 Feb 2011   #27
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi there

even MS password checker gave me MEDIUM on that joke password I posted earlier

ðPa55wordÞ



So the trick of using at least two special characters saves a lot of creating impossible to remember passwords which actually are MORE of a security risk because you have to cannot remember so you write them down or store on a phone etc where other people might have access.



Another one

say a you are a Chelsea FC fan - Stamford Bridge easy to remember (It's Chelsea's home ground)

the MS password checker rates STRONG this !StamFordBridge?


So forget all the random Pw generators --use something simple with mixed case and a special character at each end. Add some numerics too if you want.


Cheers
jimbo
My System SpecsSystem Spec
16 Feb 2011   #28
Maguscreed

Microsoft Community Contributor Award Recipient

Windows 7 x64
 
 

Well to have a decent strength password you really just need to realize that most password crackers are using 'dictionaries'. Just stay away from words you can find in the dictionary, use a mix of lower, uppercase, and even numbers in it, and you are generally fine. 'leet-speak' as mentioned above is also a good way around that.
My System SpecsSystem Spec
16 Feb 2011   #29
Dinesh

Windows® 8 Pro (64-bit)
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Quote   Quote: Originally Posted by richnrockville View Post
FWIW:
I have always wondered why many financial institutions and other security sites allow almost an unlimited try at entering a password. That's how those password crackers work, keep testing. I would like to see a 15-30 minute timeout after say 3 bad password trys. This way the computers who try 10,000 different passwords won't keep trying as it won't be worth their time. then after about 3 times the timeout it keeps expanding the time between trys.

Just an idea. Some financial institutions have implemented a 5 times and your out and then requires a phone call to the place to explain why you failed.
Rich

Hi there

BANKS PHONE CALL SYSTEMS are really horrible -- I don't know how it works in the US but in Europe Banks tend to use these EXCRUTIATINGLY HIDEOUS Indian call centres --

After you've done the Zillions of multi-level menu options none of which fits your problem you then get 99.999% of the time typical messages like "Unfortunately due to the high volume of calls all our operators are busy -- but your Call is important to us and will be answered as soon as an operator is available" -- then unpleasant music and another 20 minutes wait meanwhile paying xxx EUR CENT a minute.

This occurs ANY time of the day or night on ANY day of the week so we all know its a Cash generating scam.

Finally when you DO get connected you then have to go through all sorts of B/S security which is probably sold on the streets of Bangalore for a few dollars.

Then the bozos at the other end usually read from prepared scripts so anything deviating from their normal business totally fazes them.

I remember back in Iceland before all this off shoring was done you would be told how many people were in the queue before your call was going to be answered and you had the option to press a number which would then automatically call you back when your turn was ready. This was available over 15 years ago -- nothing like this seems to exist anymore so where's the technology or Customer Service gone.

The whole area of telephone support has gone BACKWARDS in the last 10 years -- and just when you thought the whole horrid experience couldn't get any worse some places now make you SPEAK to an automated vocal questionare before you even get through to some sort of human at the other end -- great security when you are in a crowded office and need to discuss private Financial matters etc.

I've gone back to using old fashioned FAX -- don't laugh but it actually gets a quite a quick response.

The best solution is actually after your password has been invalidated x times is for you to have to set up the account again from scratch and the Bank will email you when it's activated.

No Phones, No stress etc etc.


Cheers
jimbo
My System SpecsSystem Spec
17 Feb 2011   #30
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi there
not sure what the previous post means but IS IT OR IS IT NOT TRUE that the usual call centre experience for most users is REALLY HORRIBLE these days and the facilities offered such as telling you how many people are in the queue and the ability to call you back when you are at the top of the queue are NOT OFFERED any more even though this was seen as necessary 15 to 20 years ago when Call centres first started to be used.

Also it's only INDIAN call centres who are starting to use this "automated Voice input stuff " where the request comes out like this " Are you calling about your Own account - please answer yes or no".

Then you have to give the account number and zillion other questions in a loud voice .

All in all for most people a totally HORRID experience.


If they want to do it properly allow the user to input by the phone keyboard the account number and the option - and then if the whole call centre is busy ring the caller back when the next agent is available.

We almost had that 20 years ago -- why have we gone BACKWARDS.

In fact the ring back idea is actually BETTER security since the call back would verify that the caller is the owner of the account in question or could certainly be better checked.

Cheers
jimbo
My System SpecsSystem Spec
Reply

 How strong is your password?




Thread Tools




Similar help and support threads
Thread Forum
is this psu strong enough?
is this psu good enough for the pc in my sig? And which would you choose? http://www.ebuyer.com/264510-ocz-zs-series-750w-80-bronze-psu-with-135mm-fan-single-ocz-zs750w-uk OR http://www.ebuyer.com/200490-coolermaster-gx-750w-psu-rs750-acaae3-uk thank you for your time and patience
Hardware & Devices
How strong is your password?
In this age where password and password security are becoming more and more important, how secure is yours? For example, here is the result of my Forums password (blanked out for security reasons): It can also be used for usernames as well as passwords. A strong username/password should...
System Security
Is Your Password Strong ?
Your online accounts, computer files, and personal information are more secure when you use strong passwords to help protect them.But do you? check your password why strong passwords are needed: How I?d Hack Your Weak Passwords - Passwords - Lifehacker Weak passwords dominate statistics for...
System Security
Windows live essentials do not support strong password!
Hi all, I had changed my live account password and tryed to login some times but it could not login. i searched about this problem but i could not find helpful instruction. Today, i saw that Windows live essentials do not support strong (more than 16 words and numbers) password. i can not...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:58.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App