Password Security

I can think of several scenarios, without knowing how likely they are.

Suppose someone manages to steal a password database from a system, and starts trying to crack all the passwords in the database. And this person is willing to devote as much time as necessary. It will take a while to do this. Any passwords that will have been changed while the password cracking process is being run will be unguessable.

Suppose someone manages to steal a password database from a system, but the place they have access to is a place that has backups of the data from the system. The password database that they steal will not be current. It might be a couple of months old.

We often see the situation where person A in the company goes on vacation, and gives their password to person B so that person B can do some of the things that Person A needs to do. Or there is a password for a common account that is shared by several people. When person B leaves the company, his account is terminated. No problem! He can use person A’s password - if person A hasn’t changed it in the interval. The person that knows the password for the common account can use it even after he has left the company - unless the password has been changed. etc.

Don’t use any of THESE as passwords.

I sure am a dummy.

Internet --> ISP modem --> Router/switch --> Zone Alarm or equivalent --> computer never left un-attended or powered up when not in attended use --> and all that maleware finding sweeps, registry cleaning, processes checking that are going on …

Is just a personal computer, not running a server or anything, but you know, my bank has not been hacked yet & you would think it would be in the first month or so of operation.

Anyone who puts or accesses the internet and thinks that they are 100% safe is not to swift, this includes governments, hackers, and LINUX users. I am one of the later myself. I also use M$ cause I want to.

:rolleyes::rolleyes::rolleyes:

No need to get all huffy / hurt/ offended because I didn’t say that at all. I noted first that I didn’t know if that was what you meant, and secondly, if you are doing this

then you are doing everything a private person can do. I was talking about “not very computer-informed” people - those people who don’t know the difference between a Mac and a Win PC, or between OS and program software, etc. You know, the old relatives and cow-orkers who ask you why they need a normal user account when surfing, instead of a full-power admin account, or tell you that they don’t bother with Zone Alarm because “who wants to hack my PC?”.

I do not do it but some folks who use their computer for their cell phone connections apparently do and others I hear of that leave their computers up & running and connected to broad band 24/7.

Out of curiosity I have tried that with Win.98, XP- PRO and it does not seem to last. I will find it locked up, or crashed, or a connection maybe got a bit corroded and the HD quit and I have to wiggle stuff to get it back. Cooling fans quit, etc.

But i all the hardware worked fine, is the average home computer just as safe as if it is done like I do it?

I have quality hardware but i have never had all connections or power supplies or something quit from apparently the 24/7 thing. They never go bad with regular cycles and I do use the computer a lot in hours/day so a month of 24/7 would only take about 4 months of regular use to have the hours.

Mostly I am concerned about attacks from the outside when they might not be noticed if it was on all the time.

So? Any real increased risk for a 24/7 machine?

IANMASafety or hardware expert. Whenever I read about the old question “Should I shut the PC down when I’m not using it or leave it on?” half the experts seem to say that shutting it down every evening is stressful on the hardware (contraction and expansion and so on), and leaving it on better; and the other half says keeping it running is stressful for the hardware.

I shut my PC down to save electricity, although I have an internet flat rate.

As for the safety, the Computerwoche did a test some time ago, connecting a new PC with new Windows (store-bought) to the Internet and going to all the necessary sites to download the latest updates for Win, then install a Virusscanner and Firewall. It took them 45 min. before the PC was safe; but it was attacked in the first 5 min. :frowning:
Therefore, their recommendation was to use either a CD with all the necessary programs (like the CD that comes with PC-World :)) or to use an already safe second PC to download the programs and then install on the new PC before connecting it to the internet. In other words, you need an Internet already to get onto the net.
I personally don’t think that sitting in front of it means you will be able to see and prevent an attack, if the PC itself is safe with AV and firewall, and you follow the usual caution in clicking on links, and surf with a restricted user account.
Still, there’s no 100% safety. It’s all St. Florians principle, anyway.

A method I’ve employed (which I saw an article somewhere recommending, not long ago… Slate.com?) is to use mnemonics with some simple, consistent transposition rules. For example, take a phrase like “a bird in the hand is worth two in the bush”— substitute digits for the numbers/quantities and capitalize the initial for each noun, and it becomes ‘1BitH=2itB’.