Yeah, I have no real data on that, but my observations of humans tell me that you're 100% correct.
One of those observations is of myself writing personal account passwords in a little black book. Go ahead and roast me, but I only log into the trash company's website once every few years to update the expired credit card number. There's no guarantee it'll still be saved in my web browser after that much time. If I try to reset the password it'll ask me security questions that are either so obscure even I won't know what my answers are or something anybody could find in 5 minutes on Ancestry.com. Better to write it down so I don't have to go through the rigamarole. It's equally as safe as everything else in my house. If they can steal my password book, they can also take all my valuables and drive away with them in my own car. Is having website passwords written down really what I should worry about? I'm also not a bank, so I don't expect a security audit any time soon. Someone once told me that the Russians keep their top-level secrets on paper only. According to this anecdote it's because no digital system can ever be as hack-resistant as a bunch of stern faced guards with rifles. It might not be true. The story of the Russian's cheap pencil vs NASA's million-dollar space pen turned out to be false, and maybe this isn't true either. I'd argue that in both cases the moral of the story is true even if the facts aren't. So everybody quick write down your passwords and hire Russian mercenaries to protect that piece of paper. Hmm, I wonder if those bank auditors would find that solution acceptable. -Adam ________________________________ From: AF <[email protected]> on behalf of Steve Jones <[email protected]> Sent: Tuesday, September 9, 2025 10:57 AM To: AnimalFarm Microwave Users Group <[email protected]> Subject: Re: [AFMUG] OT: Gmail filters Im a firm believer that complexity requirements as they grow security vulnerabilities increase. When the bank auditors come in one of the first things they do is flip keyboards and open drawers looking for sticky notes. When you have to have a 16 digit password with all that complexity, its getting written down or emailed to yourself, or saved in a text file called passwords.txt, particularly in the age group with the keys to the financial castles right now. The password cracker calculators that say it would only take X amount of time to brute force that password make me laugh, because if a login attempt flag doesnt raise, its not a secure service thats being accessed anyway and a brute force toolset probably wouldnt be the tool used, so there really isnt a gain in end user password complexity, its more than likely a net loss in security Doesnt matter anyway cause bill already has our passwords and account information. Im beginning to wonder if he isnt also behind extended warranties, i just dont know what his depravity limits are at this point On Tue, Sep 9, 2025 at 9:30 AM Ken Hohhof <[email protected]<mailto:[email protected]>> wrote: I sometimes use 8675309, I figure nobody under 60 will guess it. A WISP we bought out had ihtmanpn19 as the password on everything, for “I have to make a new password now” and apparently they had done it 19 times. 20 years ago when WEP was still a thing, hardly anyone could come up with a 10 digit hex password. You’d tell them it has to be exactly 10 characters and you can only use 0-9 and A-F, and their brains would just freeze up. So we’d tell them to use their 10 digit phone number as their WiFi password. Some are still using that password, although the landline phone is probably gone. I wonder what the meetings are like where they come up with password complexity rules. Let’s make them use upper and lower case letters. And no dictionary words. Oh, and numbers. That was fun, let’s require special characters now, watch them struggle. How about you can’t repeat the same character. Or use any of your last 10 passwords. Can we make them eat a bug? From: AF <[email protected]<mailto:[email protected]>> On Behalf Of Steve Jones Sent: Tuesday, September 9, 2025 8:52 AM To: AnimalFarm Microwave Users Group <[email protected]<mailto:[email protected]>> Subject: Re: [AFMUG] OT: Gmail filters thats ingenious, hiding in plain sight On Mon, Sep 8, 2025 at 4:27 PM Bill Prince <[email protected]<mailto:[email protected]>> wrote: I always use 12345678! The bang at the always throws them off. bp <part15sbs{at}gmail{dot}com> On 9/8/2025 2:15 PM, Steve Jones wrote: based on your recent shady antics i think its you. Are you the Google bill? do you have my passwords? is this what its all been about? dude, its Password1, its always been Password1 On Mon, Sep 8, 2025 at 3:01 PM Bill Prince <[email protected]<mailto:[email protected]>> wrote: Darn good question. Exactly who is/are the intermediaries? How many hands(eyes) do your credentials pass through? bp <part15sbs{at}gmail{dot}com> On 9/8/2025 10:59 AM, Ken Hohhof wrote: This is why I hate all the sites that say “or log in with Google”. Like paywalled content sites. What does that even mean, log in with Google? From: AF <[email protected]><mailto:[email protected]> On Behalf Of Bill Prince Sent: Monday, September 8, 2025 12:10 PM To: [email protected]<mailto:[email protected]> Subject: Re: [AFMUG] OT: Gmail filters The history did not show anything that looked even remotely suspicious, and this account has no forwarding rules. There was one filter that I put in so long ago, I don't remember when it was. This new filter just appeared out of nowhere (at least to me). I use Thunderbird most of the time, and rarely use web mail. The one other activity that I'd been doing in the time frame was archiving a bunch of older emails to clear space, but I did that in Thunderbird. In fact, I thought I'd accidentally created a filter in Thunderbird (that's what I used to archive the old emails), but after I did the archiving, I purged the Thunderbird filters). bp <part15sbs{at}gmail{dot}com> On 9/8/2025 9:15 AM, Steve Jones wrote: you can look in your login history to see if your account was accessed from elsewhere, also just for kicks check your forwarding rules to make sure there isnt a forwarder set up On Sat, Sep 6, 2025 at 5:36 PM Bill Prince <[email protected]<mailto:[email protected]>> wrote: Just a few days ago, I changed all my google account passwords (in case you hadn't heard, there was a breach of ~~ 2.5 billion accounts). As is probably the case with most of you, I have several google accounts for different purposes (including this one). So I went through them one by one. Just changed the passwords, and nothing else. Right after that, all my AF incoming started going directly to trash (not spam). I couldn't for the life of me figure out why until I checked filters, and somehow a filter had been applied that directed all incoming to the inbox was sent to trash. I did not do that, and I don't know how it happened. My SO thinks I was hacked, but I have a hard time believing that. None of my other google accounts was affected. -- bp <part15sbs{at}gmail{dot}com> -- AF mailing list [email protected]<mailto:[email protected]> http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected]<mailto:[email protected]> http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected]<mailto:[email protected]> http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected]<mailto:[email protected]> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
