After my PayPal incident (which they didn't actually sort out properly, the money did leave my bank account and I had to manually transfer it back) I've been changing passwords and such and I've realised how annoying the insistence on short passwords is.

 

I've just had to change the password for my Tesco Clubcard Credit Card and they insist on it being 6-8 alphanumeric characters. I want /MORE/.

 

Whereas when I changed my Uni/Work password they wanted it to be particularly secure.

 

Upper case
Lower case
Number
Other character
and possibly also at least so long.

 

I should probably use KeePass though.

I've been using KeepAss since then and... it's alreet, when you get used to it. My favourite part being: not having to remember anything.

It's tempting, but how does it work with a work computer?

 

I use between 3 and 6 different computers usually.

I've put the key file and database in my dropbox. That way it's backed up and
available anywhere where I can install dropbox :Y

(I realise it's not the most secure solution in the world but it's enough for me)

But how do you get your password to log in to Dropbox from a different computer? :P

 

Or do you have to remember that password? :O

 

Also, do you have to remember a master KeePass password?

Well I use the same few computers and my dropbox account is set up on all of them and ... I don't even know what my password is, actually. Dropbox is one of those once-you're-logged-in-it-never-logs-out things innit.

But yeah, dropbox is one of the few things I can't use KeepAss for, obviously :D

I don't use a master password, no, just the keyfile. A password on top of that would strengthen it up but I can't be arsed.

Yeah, I've got Dropbox on all my main computers (Laptop, Server, Other PC and main work PC) so it'll be fine for them, but it's the logging on on other computers. Bah, sounds like too much effort to get working just as I want. I feel like PB.

Well you could always just stick a portable copy of KeepAss plus the database and keyfile on a USB stick (prolly best to password it then cos if you lose that and someone finds it and knows what to do with it... (which is unlikely, sure)).

But yeah, no simple way. Although Ken mentioned that he uses one which stores everything in the CLOUD, so if he pops in you could ask him about that.

I'm sure Matt mentioned the USB option too. Maybe if I'm bored enough I'll do it.

I think this is the one Ken uses: https://lastpass.com/

I'd use it, cos it certainly sounds easier/less hassle. But I'm kinda nervous about all my passwords being on the servers of a fickle and hackable commercial company.

Thing is, there's no valid reason for limiting it to 8 characters, either. It's not like encrypting a 20-character password takes 5 minutes or anything.

Yup that's what I use and I loves it. Pretty sure there is even an app for android for it. I use a plugin for chrome on all my computers and its just painless and seemless.

 

Edit- there is an app and I've just installed it. Now I just need to remember the master password!

Have you tried complaining to the idiots at Tesco Clubcard?

If it really is a Credit Card, they're probably answerable to the FSA, and requiring insecure passwords may well be counter to their regulations, so if you make a little bit of a fuss about that, maybe they'll actually fix it.

It is odd because it's all underwritten by RBS and I'm with NatWest (which are RBS) and their online banking can take any length passwords, or it could at least take the much longer length of my new one (yj). Thinking about it, Tesco couldn't even take the full length of my old one (yj).

Having the same underwriter doesn't mean the systems are in any way similar.
(That's a bit like saying two people that use the same garage must have the same driving styles.)

Even within a single company, with one department, different systems can have different requirements depending on when they were written - and the developers may well know that it never should have been done that way and really needs fixing but not be able to get authorisation from the rest of the business.

Mentioning FSA and PCI and stuff can be a good way to get the business to realise they do actually need to do something (especially if it comes from an angry customer, as opposed to a whining developer).

I agree that same underwriter doesn't really mean a thing. It's more a case of hoping a large bank would do things properly, which clearly they don't.

 

That's 2 letters I need to write.

Yeah, for some reason the big banks seems to be the worst, and they're the ones supposed to be setting the standards in the first place.

Is rather worrying to have someone at a (relatively small) company having to tell a multinational financial company not to send a bunch of live credit cards as test data. :/

Name and shame Peter.

 

Name. And. Shame.

Not sure I want to potentially risk getting sued or anything. :S

 

You know how those Americans can be. Especially the expensive/snobby ones always rushing about.

It's your public duty. Just give us a few clues :-)