making new passwords on the fly

Winemaking Talk - Winemaking Forum

Help Support Winemaking Talk - Winemaking Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

winemaker81

wine dabbler
Staff member
Super Moderator
Supporting Member
Joined
Nov 5, 2006
Messages
11,384
Reaction score
33,278
Location
Raleigh, NC, USA
I've been fighting with an online financial system -- It reassigned my preferred user ID, and now it's giving me fits regarding the password.

I try to login. The site says the user ID or password is wrong, sends me to a screen that asks 20,000 questions to verify who I can, and then I reset the PWD. Then I try to login, get a message stating the UID/PWD is wrong, and start the process over -- until it decides I've had too many attempts today and locks me out for 24 hours.

I tried this weekend before last ... but customer service doesn't work weekends. Didn't get back to it until Saturday ... which was deja vu.

Ok, not going to make THAT mistake again. Went through several iterations after work today, same result.

Most have heard the saying: Repeating the same thing over and over again, expecting a different result, is a sign of insanity.

Not saying I'm sane, but I did NOT expect a different result, and I was not disappointed!

So I called customer service and got one heckuva runaround with the automated system. It took 10 minutes before I frustrated the automated system and it gave up, connecting me to a real person. It took her only 5 minutes to reset my access so I could log in.

Except ... I had to enter a new password. I use long passwords (12+ characters, 20+ for sensitive stuff). I hate making passwords up quickly, so I punted.

I will need to login later and change the PWD. I was polite to the person on the phone (the situation is NOT her fault) but I was irritated, and my profanity-laced password reflects that. 🤣

On the plus side, only people who have had to deal with this site have any chance of guessing my password!
 
I will need to login later and change the PWD. I was polite to the person on the phone (the situation is NOT her fault) but I was irritated, and my profanity-laced password reflects that. 🤣
If my passwords didn't have profanity I wouldn't remember them. 🤣
 
I believe that KeePass (and that's what I use) has a means to import some types of files, like a csv, maybe. It is a one time hassle to get them all in there, but easy to update later on.
I'll have to check again -- last time I looked at KeePass, it either didn't or it didn't work well. It's been quite a while.

I wrote a MS Access DB in v2 ... yeah, that was a very long time ago. It's worked well, but a self-contained application is a better choice.


EDIT: KeePass has changed a LOT since I last looked at it. I'll investigate further.
 
Last edited:
I use 1Password as my password manager. It is not free but it works across devices. Some phone apps will confuse its automatic form fill in, occasionally you have to cut and paste passwords from the manager. You generate and hold the main, emergency, last resort, encryption key offline printed on a piece of paper or on a USB thumb drive.
 
I don't use an online password manager. EVERYTHING online will be hacked, at some point.
Dashlane uses zero knowledge encryption: https://www.dashlane.com/security That means that your passwords are encrypted in transit and storage, and that your master password is never stored either on your computer or their servers. Your passwords are decrypted on your local machine, not on their servers. For a more technical explanation of how it works, here is a whitepaper: https://go.dashlane.com/rs/403-EXY-689/images/Dashlane_Security_White_Paper_June2020.pdf

So even if the Dashlane servers got hacked (unlikely), all they could get is the encrypted form of your passwords, with no way to decrypt them. This is actually much more secure than storing the passwords in a file on your own computer, where a hacker could get to them. It's not free, but it is well worth the money. Password managers have come a long ways from the early days of the Internet.

Here is a list of top password managers from PC Magazine: https://www.pcmag.com/picks/the-best-password-managers
 
Dashlane uses zero knowledge encryption
That actually sounds good, as good as is possible.

So even if the Dashlane servers got hacked (unlikely)
I disagree on this point. ANY system can be broken into.

I assume you're aware of the following general information, but for folks that are not:

My employer subjects us to at least a dozen security "training" videos each year, that go into detail about all the ways intruders get into system. The scene in the movies where the hacker is typing in mysterious commands does happen, but it's a minority. The majority are "social engineering" attacks, where an employee is either careless or tricked into doing something.

My employer's InfoSec (Information Security) sends out a few fake emails each year containing dangerous links. Well, not truly dangerous as InfoSec is doing it, but intelligent, trained people still click the links. Getting a nastygram from InfoSec politely telling you that you stupidly clicked a malicious link is good reinforcement.

I'm paranoid about this stuff and *I* got nailed a few years ago. Yeah, I clicked a link I should not have. I was honestly embarrassed, as I should have known better.

All of life's lessons can be learned from Star Trek. As Scotty said, "Fool me once, shame on you. Fool me twice, shame on me!" InfoSec hasn't got me again ... but unfortunately every time they send the fake emails, someone clicks the link, and it only takes 1 person doing it ...

As a caution -- always verify links before you click 'em. I moused over one of Raptor99's link in his last post and this was displayed in my browser's status bar:

1722781124934.png

This exactly matched the URL I was looking at, so I know it's real (what you see on screen and the underlying URL are NOT necessarily the same thing). The URL not being hidden doesn't mean it's not malicious, but if what you see in the status bar is different, be sure it's not in your best interest to click it.

And this concludes today's lesson in How to Avoid Hacking 101!
 
That actually sounds good, as good as is possible.


I disagree on this point. ANY system can be broken into.

I assume you're aware of the following general information, but for folks that are not:

My employer subjects us to at least a dozen security "training" videos each year, that go into detail about all the ways intruders get into system. The scene in the movies where the hacker is typing in mysterious commands does happen, but it's a minority. The majority are "social engineering" attacks, where an employee is either careless or tricked into doing something.

My employer's InfoSec (Information Security) sends out a few fake emails each year containing dangerous links. Well, not truly dangerous as InfoSec is doing it, but intelligent, trained people still click the links. Getting a nastygram from InfoSec politely telling you that you stupidly clicked a malicious link is good reinforcement.

I'm paranoid about this stuff and *I* got nailed a few years ago. Yeah, I clicked a link I should not have. I was honestly embarrassed, as I should have known better.

All of life's lessons can be learned from Star Trek. As Scotty said, "Fool me once, shame on you. Fool me twice, shame on me!" InfoSec hasn't got me again ... but unfortunately every time they send the fake emails, someone clicks the link, and it only takes 1 person doing it ...

As a caution -- always verify links before you click 'em. I moused over one of Raptor99's link in his last post and this was displayed in my browser's status bar:

View attachment 114574

This exactly matched the URL I was looking at, so I know it's real (what you see on screen and the underlying URL are NOT necessarily the same thing). The URL not being hidden doesn't mean it's not malicious, but if what you see in the status bar is different, be sure it's not in your best interest to click it.

And this concludes today's lesson in How to Avoid Hacking 101!
Google "Kevin Mitnick"
 
As a moderator, I get a notice when certain suspicious thing occur. We look at a bunch of things (that I won't explain) to determine if something is a problem, and nuke it if we believe it is. This morning a new user was conducting a survey and posted a link for a short survey. It looked perfectly fine ... but my spidey sense was tingling.

I submitted the URL to the Sucuri security checker (there are a lot of checkers available) and it flagged as malware.

https://sitecheck.sucuri.net

If anyone thinks a link is suspicious, run it through your favorite security checker, and if it flags as malware or even suspicious, notify any of the moderators. Or better yet, notify all of us, to ensure we look at it ASAP.

This is the internet: distrust and verify. Then kill it with fire. ;)
 
As a moderator, I get a notice when certain suspicious thing occur. We look at a bunch of things (that I won't explain) to determine if something is a problem, and nuke it if we believe it is. This morning a new user was conducting a survey and posted a link for a short survey. It looked perfectly fine ... but my spidey sense was tingling.

I submitted the URL to the Sucuri security checker (there are a lot of checkers available) and it flagged as malware.

https://sitecheck.sucuri.net

If anyone thinks a link is suspicious, run it through your favorite security checker, and if it flags as malware or even suspicious, notify any of the moderators. Or better yet, notify all of us, to ensure we look at it ASAP.

This is the internet: distrust and verify. Then kill it with fire. ;)
Thanks for the link!
 
Passwords!!!Don't we all love them!!????@#$#%@@!!
I am an IT person and have been for 40+ years. I have never been hacked. My email has been released multiple times

I have only 3 passwords. All are a derivative of the same password. I use a long phrase that I can remember. However it is very complicated because it uses characters that are available on keyboards. Example: And this is NOT my Password: Here is a phrase that most of us should have learned: We the people of the United States. It is 34 characters long. easy to remember. But can be made this way: W3 +he_Pe0pl3-oF_tH3-unit3D STAT3S
Notice that there are SPACES. That is important. Some of my sites max out at 15 characters {W3 +he_Pe0pl3-o}. others at 24: W3 +he_Pe0pl3-oF_tH3-uni
Or one can just let Google or whatever to generate a password and keep it for you. Or you can do what my wife does: she carries a list with her and never saves the passwords. Then she loses the list!!!! That is the wine in her!!! hehe
 
Last edited:
I've been fighting with an online financial system -- It reassigned my preferred user ID, and now it's giving me fits regarding the password.

I try to login. The site says the user ID or password is wrong, sends me to a screen that asks 20,000 questions to verify who I can, and then I reset the PWD. Then I try to login, get a message stating the UID/PWD is wrong, and start the process over -- until it decides I've had too many attempts today and locks me out for 24 hours.

I tried this weekend before last ... but customer service doesn't work weekends. Didn't get back to it until Saturday ... which was deja vu.

Ok, not going to make THAT mistake again. Went through several iterations after work today, same result.

Most have heard the saying: Repeating the same thing over and over again, expecting a different result, is a sign of insanity.

Not saying I'm sane, but I did NOT expect a different result, and I was not disappointed!

So I called customer service and got one heckuva runaround with the automated system. It took 10 minutes before I frustrated the automated system and it gave up, connecting me to a real person. It took her only 5 minutes to reset my access so I could log in.

Except ... I had to enter a new password. I use long passwords (12+ characters, 20+ for sensitive stuff). I hate making passwords up quickly, so I punted.

I will need to login later and change the PWD. I was polite to the person on the phone (the situation is NOT her fault) but I was irritated, and my profanity-laced password reflects that. 🤣

On the plus side, only people who have had to deal with this site have any chance of guessing my password!
Strong password.jpeg
 
I've been fighting with an online financial system -- It reassigned my preferred user ID, and now it's giving me fits regarding the password.

I try to login. The site says the user ID or password is wrong, sends me to a screen that asks 20,000 questions to verify who I can, and then I reset the PWD. Then I try to login, get a message stating the UID/PWD is wrong, and start the process over -- until it decides I've had too many attempts today and locks me out for 24 hours.

I tried this weekend before last ... but customer service doesn't work weekends. Didn't get back to it until Saturday ... which was deja vu.

Ok, not going to make THAT mistake again. Went through several iterations after work today, same result.

Most have heard the saying: Repeating the same thing over and over again, expecting a different result, is a sign of insanity.

Not saying I'm sane, but I did NOT expect a different result, and I was not disappointed!

So I called customer service and got one heckuva runaround with the automated system. It took 10 minutes before I frustrated the automated system and it gave up, connecting me to a real person. It took her only 5 minutes to reset my access so I could log in.

Except ... I had to enter a new password. I use long passwords (12+ characters, 20+ for sensitive stuff). I hate making passwords up quickly, so I punted.

I will need to login later and change the PWD. I was polite to the person on the phone (the situation is NOT her fault) but I was irritated, and my profanity-laced password reflects that. 🤣

On the plus side, only people who have had to deal with this site have any chance of guessing my password!
password.jpg
 

Latest posts

Back
Top