MSGID: 2:221/1.58@fidonet 293656f3   
   REPLY: 2:280/464 698718f2   
   PID: OpenXP/5.0.64 (Win32)   
   CHRS: ASCII 1   
   TZUTC: -0500   
   Hello Wilfred!   
      
    AA>> I don't know about you, but many of my site/system logins are NOT   
    AA>> email addresses.   
      
    WvV> You often don't have choice...   
      
   So.. a simple algorythm for the username might also be a good idea -     
   something that you can reconstitute based on the site you are using.   
      
      
    AA>> I think unencryted databases are the true target.   
      
    WvV> Those are the targets with high reward, but they shouldn't exist   
    WvV> anymore. ;-)   
      
   Yeah.. an encrypted set of files are useless blobs.   
      
   Seems ironic that even with the most strict rules about good usernames and     
   complex passwords, the most successful way to hack a system is via "click     
   here" emails.   
      
      
    AA>> And length is not as critical as to avoid outright guessable.  I have   
    AA>> a friend who simply uses her first name and 1234 for her hotmail   
    AA>> account, and her name is in the email address itself!   
      
    WvV> Hmmm... I'm surprised that is still allowed by hotmail...   
      
   Well.. that was a number a years ago.  Since then, she has replaced her     
   laptop at least twice. Maybe she used the "forgot password" process and was     
   forced to "upgrade"/change the password, dunno.   
      
      
    AA>> Another fellow uses the layout of the keyboard to guide him to   
    AA>> "remember" his passswords.  Eg. the leftmost keys on the kb =   
    AA>> qweasdzxc, or qazwsxed, and then some numbers.  Personally, I would   
    AA>> not use that scheme as the sole pw. Instead, maybe the qweasdzxc or   
    AA>> qazwsxedc strings could be one of the parts in [A] [B] [C] as a   
    AA>> minimum.   
      
    WvV> I don't use such easy scheme's, but i sometimes use easy to type   
    WvV> passwords (for me) when I can't use a password manager.   
      
   What do you mean "easy to type"?  Everything is easy to type. If you are     
   processing something in your head to come up with a password string (and that     
   you hope to remember later) then you are already using something akin to my     
   scheme - you just have to modify it in such a way that you wouldn't have to     
   actually "remember" the pw, but how to rebuild the pw.   
      
      
    WvV> My financial accounts all use some kind of 2 factor authentication   
    WvV> nowadays anyway...   
      
   2FA [sending an sms string to a phone] seems secure.  But my bank doesn't     
   always go through that route when I need to relogin the same day from the     
   same device a little while later.   
      
   I could be held hostage and someone else could be forcing me to enter the 1st     
   layer of login, and the perps could be in control of my phone.   
      
      
    AA>> "you have to use another device that you used before".   That   
    AA>> requirement is stupid!   
      
    WvV> Indeed. Devices come and go, they shouldn't use a scheme that depends on   
    WvV> it. It would cause a lot of trouble...   
      
   Yes.. I am sure many people only have ONE phone that they use for their FB,     
   twitter, instagram, etc. If that device is lost or stolen or damaged, there     
   is no way to fulfill the stupid FB requirement to "use a another device that     
   you logged in with before" requirement.   And, those people may not even     
   realize they will be in trouble to fulfill that requirement in the future.   
      
      
    AA>> I think this might be the perfect time to drop Facebook.   
      
    WvV> It's always a good time to drop Facebook! ;-)   
      
   I've always felt frustrated watching businesses feeling compelled to register     
   with all the social media apps out there: FB, X, IG, etc..   What a stupid     
   management nightmare to keep fresh and updated!   
      
   I only started using FB for my business recently. It actually started to be     
   handy to post a sale or a quick announcement. And, I only recently added a     
   new image for my top "banner".  https://facebook.com/AshliesBooks   ..but     
   ultimately, FB is still a walled-garden and only other FB members can see the     
   full content anyway.   
      
   Meanwhile, Google Business has introduced a "Posts" option.  I think I can     
   duplicate most of the same FB functions I was used to, and just use the     
   Google system.  No one needs to have a Google account to be able to see my     
   business content.   
      
   --    
     ../|ug   
      
   --- OpenXP 5.0.64   
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)   
   SEEN-BY: 50/22 103/705 105/81 106/201 124/5016 128/187 153/757 7715   
   SEEN-BY: 154/10 30 110 203/0 218/700 221/1 6 226/30 227/114 229/110   
   SEEN-BY: 229/112 134 206 317 400 426 428 470 664 700 705 240/1120   
   SEEN-BY: 240/5832 266/512 280/464 5003 5006 291/111 292/854 8125 301/1   
   SEEN-BY: 310/31 320/219 322/757 341/66 234 342/200 396/45 423/81 120   
   SEEN-BY: 460/58 256 1124 633/280 712/848 770/1 902/26 5020/400 8912   
   SEEN-BY: 5054/30 5075/35   
   PATH: 221/1 280/464 460/58 229/426