Question:
How secure is a password?
anonymous
2007-04-19 01:33:47 UTC
So many sites require you to register nowadays that I have a number of passwords (and user IDs). I've also given my credit card information to many of these sites in order to make a purchase.

What I wonder is that, if I use a password for one site, how easy would it be for an employee of the company to find out my password and see if I used the same on on other sites. So who would have access to my password?

I think this varies from site to site as one site, that I use for secure email, tells me that if I forget my password then that's it. However asking to be reminded of my password is standard procedure when I log on to another site. I would guess that bank sites are more secure than, say, chat sites.

If you don't know the answer to this question please don't reply.
Nine answers:
Elomis
2007-04-19 01:40:32 UTC
It is possible for employees to view the passwords but usually difficult and always against employment contracts and illegal. Sites that store your password usually do it in an encrypted password store, if employees found passwords and used them on other sites the company would be sued, so they look after them.



I am a computer systems engineer and have a lot of people's passwords stored in my systems, but I can't see them. I can change them if I want, but if I did the customer would realise (because their password wouldn't work any more). This is what NORMALLY happens.



Yes it does vary from site to site, so ensure you always use different passwords for everything. A bank will store your password in a highly encrypted system and fire/sue any employees who try to look it up without a reason. A chat site will probably do what it likes.
Unicornrider
2007-04-19 01:45:58 UTC
First off, do you check to see if the site is secure before entering your credit card number?

Yes fraud can happen to anyone, but I can promise you the employee has signed a document stating they will not use your information for any purpose that is illegal and not for you.

They would be sued beyond their means, believe me. Certainly a bank employee would not be likely to know how to get to the passwords, as a lot of the server work gets outsourced to people under a even stricter contract.

Do not have a computer store it for you, ever. That way there's a local copy, and a simple password cracker can see it and crack it, I did that once to use the net on my dad's PC as a kid.

It's more likely for the security leak to be on your machine than at the site you gave the data to.

Make sure to clear ALL personal information off your PC every time you have done any transaction. Delete browsing history, temp files, the works.

My average password is no shorter than 10 characters (up to 18), containing alphaneumeric characters plus special characters. It's also different for each site, Never have I had an account of any kind hacked into.

There's also a lot of ways to keep it and store it without it being in a format anyone would know to be a password.



Passwords are a pain in the behind, but well worth the peace of mind.
Red (UK)
2007-04-19 01:45:48 UTC
I would use different passwords for different sites - even if they only vary by a letter. One of the best ways to get a password is to use the first letters of a sentence, rather than a random jumble of letters(hard to remember but more secure) or a word(easy to remeber but less secure)

eg the quick brown fox jumped the lazy dog = tqbfjtld



you can add a number or other character too.



I'd assume that any password could be accessessed by someone sometime so keep them secure and change them often, and vary them from site to site.
anonymous
2007-04-19 01:45:27 UTC
There IS no one answer to your question. On some sites it may be very easy for a staff member to retrieve your password, on others (as you already wrote yourself) it's hard if not impossible.



Some sites store passwords in so-called plain-text format, which means that anyone who has access to the file that stores the password, can also read it.



Others, like the company I work for, stores passwords in hashed format, which means that it cannot be read by the staff here.



But in any case, it's always wise to simply use a different password for each site, and if you want to be truly safe, you make this password hard to guess (use a password of at least 8 characters that cannot be found in a dictionary; if possible use UPPERCASE and lowercase letters, one or more digits, and one or more special characters such as !@#$%); you change it regularly (as in: often); you don't share it with anyone else; and you memorize your passwords (as opposed to writing them down).
anonymous
2007-04-19 09:00:05 UTC
It depends on the password used, passwords using peoples names or small passwords are fairly easy to crack Its best to use a mixture of words and numbers and on sites used a lot change the password often.
?
2007-04-19 01:49:35 UTC
I agree with Elomis on this, with the addition that the bigger companies have entire IT security departments who can track what employees look at.



I worked once with a guy who apparently was looking where he shouldn't; one day the security boys marched in and took him away & he was subsequently charged under the Computer Misuse Act and Data Protection Act. I believe he's finding it difficult to get a job now . . .



Companies take it very seriously, THEY can be done too if anything goes wrong.
?
2016-12-26 19:44:34 UTC
you pick to apply what's called "distinctive levels of complexity." I generally use 3 out of four levels. a point of complexity is rather a form of character so which you have right here 4 levels: lowercase letters (a,b,c,d,e, etc.) uppercase letters (A,B,C,D,E, etc.) numbers (a million,2,3,4,5, erc.) particular characters (i.e. !@#$%^ etc.) you in addition to mght pick to apply a minimum of 6 yet ideally 8 or greater characters. some examples of take care of passwords with 3 out of four levels of complexity and a minimum of 8 characters are: Password1 password1$ #Password Now in case you pick to be incredibly take care of, use all the regulations above yet evade making use of words: LKj*$3Ke $9kJ8#sL those passwords are heavily greater reliable to keep in mind so do exactly what works right for you.
Ex Head
2007-04-19 04:19:35 UTC
As the others have said, it is all true. About the only;y thing I can add is make the Password as Strong as possible. IF you are limited to a certain amount of spaces USE THEM ALL, and mix #'s and letters. (lower and upper case)
jassu m
2007-04-19 01:43:28 UTC
you could secure a password by any software & a genune password : _ _ _ _ _ _ _ _ _ _ first four letter after that digit and last 2 letters.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...