Password safety; Storing passwords on sites

  Laurence WM 14:31 14 Feb 2013

Realistically, what are the dangers with passwords? They can be quite a nuisance.

Should every password I have be different?

How safe is it to store passwords on sites?

Is it safe to stay permanently logged into sites, for instance prominent email sites such as Hotmail?

Thanks a lot, Laurence

  johndrew 15:58 14 Feb 2013

There are many articles with regard to passwords both in PCA magazine and on the internet; most are worth reading and will answer your questions fully.

Basically passwords are like your credit/debit card PIN but where your PIN allows direct access to your cash a password allows access to your life. If a hacker gets your password you will find that you have said, ordered, bought, sold or done any manner of things. If it is the password to your PC anything stored there may well be accessible - including your bank account.

Every password should be different.

I'm not sure what you mean "store passwords on sites".

If you choose to stay logged onto a site you should have confidence in the security of that site. Many stay logged into PCA for example but I doubt if many would stay logged into Hotmail as you could end up sending any number of mails all over the world including any you have saved.

Have a read of these:

Item 1.

Item 2.

Item 3.

Item 4.

Check your password security here.

  Nontek 16:09 14 Feb 2013


Thanks for that last link - apparently my hotmail password would take 98Million years to crack!! That's reassuring.

  Forum Editor 16:19 14 Feb 2013

"apparently my hotmail password would take 98Million years to crack!!"

Or half an hour.

That's the thing with passwords - if you're trying to crack one you can simply get lucky.

  johndrew 20:08 14 Feb 2013

As the FE says - especially with modern technology - hackers can crack passwords fairly quickly so regular changing of important ones is essential even if you think it will take 98 million years to achieve. And they can leave their PC to do it whilst they have a coffee!!

  Laurence WM 12:17 16 Feb 2013

Thanks a lot John,

The articles are useful, especially Item 3 from

By 'storing passwords on sites' I mean when I log into a site (with Firefox) a box comes down and asks me whether I would like it to remember the password for this site. Is this safe?

You write: 'If you choose to stay logged onto a site you should have confidence in the security of that site.' How can I tell whether or not to have this confidence? Should I not have confidence in the major email sites - Yahoo, Gmail etc. - but have confidence in sites that belong to reputable organisations such as shopping chains?

Does how often you use a site influence the chances of your account being hacked into?

Does anyone know what proportion of internet users do get their accounts hacked into?

Would using Linux diminish the security risks?

Thanks very much indeed, Laurence

  wee eddie 13:24 16 Feb 2013

A couple of thoughts:

Does changing your Password on a regular basis make it more difficult to crack?

No: If the person trying to crack your Password does not know what it is in the first place, it doesn't matter if it is the same Password you had for the last 5 years or the one you changed yesterday.

Does the inclusion of random symbols make a Password harder to crack?

Yes, however, unless the person trying to access your files is very pressed for time, the Symbols may delay him/her for up to 20 minutes, depending upon the Software he is using to crack the Password.

What your password must be capable of doing is deterring the casual thief. Not doing this is is the equivalent of leaving the back door open and/or the key under the mat.

Your password must be unique to you and be difficult to guess without an intimate knowledge of your personal life. So the Dogs name or your Mistresses address may not be not sufficient, however mixing the two together may easily be sufficiently difficult to guess.

I like a Clerical friend's solution. He picks a line in a favorite Psalm and then uses the first letters of each word in that line, so his helpful hint is the Psalm number followed by the line number: e.g. 234. He has also used Hymns in the same way and his first attempt was the opening lines of the Marriage Service.

My own is the Number of one of my early Cars and the Girlfriend that was current at that time. Many Cars, many Girlfriends. Easy hint e.g. MGA

  johndrew 14:46 16 Feb 2013

When using Firefox and you are asked if you want to remember the password it is saved on your PC not online. As a result it is as safe as your PC is secure. What it allows is for you to log into the site when you revisit it without the need to type all your password details in.

As for confidence in remaining logged into a site, it depends on you to a greater extent but also on the type of site. For example I remain logged into a number of sites I visit (such as PCA) as the likelihood of anyone wanting to gain access to my account and the details held by them is minimal. Sites where I purchase items and a greater level of detail (such as credit card details) may be held I log out from regardless of the encryption they use. I know my details can still be hacked from these sites, but because I remain logged out it makes it more difficult to see if I have been recently active. Whether right or wrong I think it is a good thing to log off from any site where a hacker may gain a level of control causing a loss to the registered user.

I doubt the amount of personal usage of a site will cause an increase in the risk of hacking on a personal basis as hackers tend to go for volume of details that can be sold on or used.

The proportion of internet users who do get their accounts hacked into is like asking how long a piece of string is. Hacking is going on all the time across a range of sites. Many people use more than one site and if, say, two of the sites used by a single person are hacked then the figures of how many people start to get distorted.

Whether Linux is more secure than any other OS is now an open question. It was at one time, but with popularity come risks and Linux is becoming quite popular. All operating systems have their vulnerabilities and those considered by the hacker to be better targets (most users/most lucrative/easiest to access?) are likely to suffer the most.

Using good password character combinations (see wee eddie's post above), avoiding suspect sites by using McAfee SiteAdvisor or WOT, a decent anti-virus program backed up with antimalware and common sense in PC/site usage are your best defence in personal terms. There is little you can do about a site itself unless you refuse to use it.

  Laurence WM 17:31 16 Feb 2013

Thank you very much indeed, John, for this very helpful and full answer.

If a random hacker does hack into your account somewhere, what are they likely to do with it?

Thanks again, Laurence

  johndrew 10:18 17 Feb 2013

If a random hacker does hack into your account somewhere, what are they likely to do with it?

It depends on what is stolen. Most likely your passwords will be used (or sold on to be used) in criminal acts where possible, your e-mail sold to spammers and if you lost bank details - especially to an online account - well you know this anyway.

  mole1944 06:28 18 Feb 2013

my passwords are kept encrypted on a pen drive in my safe at home,no one on the net can then hack into them and there fairly safe (Sorry for the pun),as a thought isn,t it time to do away with passwords and go to biometrics,try replicating your finger or eye print.i have 60 or so assorted passwords and it would make my life sooo much easier going onto sites.and yes i know you can get fingerprint scanners

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

Illustrator of witty, relatable Instagram comics Julia Bernhard touches on our humble moments

iMac Pro review

Quelle est la meilleure application de podcast pour Android (2018) ?