Comments on: Do strong passwords and virtual keyboards fit the bill?

By: Patrick

Patrick — Mon, 21 May 2007 18:04:56 +0000

I have to remember about 10 “strong” passwords for work (I work at 2 locations with numerous on-line systems), and I make sure my personal passwords are also “strong.” When I have to change the passwords because it has been a few months, I change as many as possible at the same time. I never get them all, but I try!

It is a pain, and worthless if somehow keylogger software got onto your computer. (I scan my computer frequently, but you never know about the workplace).

The virtual keyboards can prevent against your PIN being stolen, but what about the password or account #? I would rather my password or account number be secured because theives can still do damage with the account number. But I am glad to see companies improving security.

By: Shadox

Shadox — Mon, 21 May 2007 02:37:44 +0000

I CLOSED my ING Direct account because I was so annoyed by their supposedly strong security features. Bank of America, in my opinion, has much more powerful security – identifying your computer and protecting you against phishing – without being annoying. So, security can be imporved without alienating customers.

In addition strong passwords are a nightmare. At work they have started making us change our passwords every three months in addition to being forced to use 8 character passwords. What did it get them? Now I can’t remember my password and I put a sticky note with my password on my laptop, just so I can remember my password… that is much less secure in my opinion than letting me use my old 6 char. password…

You can only annoy users so much before you start to get some unintended consequences that only hurt security in the long run.

By: Bryan

Bryan — Fri, 18 May 2007 06:12:09 +0000

I support these stuffs.Strong password is really an important thing to protect our hard earned assets from clever spammers and hackers.Whereas jumbled up keyboards are not that tough to use.

@Dimes your comment really makes me laugh:)

By: mbhunter

mbhunter — Fri, 18 May 2007 05:11:20 +0000

Thanks for your comments!

@Chris: I registered my computer. Perhaps it’s a security setting? Or you’re not accepting cookies?

@Dimes: I laughed out loud at your comment. But what about just adding an exclamation point at the end to get it up to 8 characters?

By: dimes

dimes — Fri, 18 May 2007 01:00:44 +0000

I feel that the multi-character type passwords make you tend to overuse a password again and again (I can’t tell you how many times I used to use the word “A$$h0le” until they changed the character minimum to eight) just so you have a hope of remembering it, because something like Kf8j#pL6 is generally too free of context to be memorable.

They’re less annoying than those awful security questions “The name of the city where your paternal grandmother was conceived?” “What was the middle name of your Maid of Honor?” Those things I absolutely hate. Like Chris said, I can never remember if I entered “Rogers,” “Mrs. Rogers” or “Carol Rogers” for the name of my second grade teacher.

By: Chris

Chris — Thu, 17 May 2007 13:32:47 +0000

I’m a bit annoyed by it, and it keeps me from signing in to my ING account regularly. It’s not really the virtual number pad or the user name and password, its the random questions they also ask you (it says you can ‘register’ the computer to bypass this, but it doesn’t work)…some 12 questions you filled out when you opened the account and it asks you a couple every time you sign in. What was my first cats name again? Mimzy? Or did I spell it Mimsy, or mimsy, or mimzy?

By: KMC

KMC — Thu, 17 May 2007 12:17:43 +0000

I like these types of things. It’s at least an improvement. I agree, it’s a pain to locate the jumbled letters and numbers, but it really only takes a few seconds more.
I think, however, a more immediate concern is strong passwords. I read an article about how long it takes to crack various lengths/types of passwords and was shocked. I’ve converted to strong passwords when I can. What that means, though, is I have to create and maintain a password file. I then keep it on a memory stick. That’s the best I could think of.