Who uses a passcode on their phone?

[Maljunulo]

I have Touch ID and a complex password. The only time I need to put in the complex password is when I reboot the device and I've only done that two or three times since I've had it so it's not an issue.

Mine (SE running 9.3) asks for it every so often. I'm not sure why. It is certainly not the 48 hour thing, and I haven't restarted it yet.

 

[MaxSmarties]

Mine (SE running 9.3) asks for it every so often. I'm not sure why. It is certainly not the 48 hour thing, and I haven't restarted it yet.

how often ? My iPad asks for it once in a while, but not so often.
My iPhone asks for it only when restarted, mostly.

TBH the passcode sometimes is asked even if the device was used and unlocked within the 48 hours time frame, but not so often.

 

[James See]

I use passcode to avoid my girl friend from messing my phone:biggrin:

 

[BalrogWing]

I have a passcode that's literally a full sentence with special characters included. Only time I have to actually use it is when I have to restart my phone since k have TouchID

 

[Sherry_B]

I'm not concerned with security THAT much. 15 characters? Nah, too much hassle.

Most of the passwords I use, except the passcode on my phone, are 15 digits (uppercase, lowercase, numbers etc). Emails, all social media sites, cPanel for my web site account, banking, everything.

10 million years to crack my password(s): https://howsecureismypassword.net

 

[MaxSmarties]

Most of the passwords I use, except the passcode on my phone, are 15 digits (uppercase, lowercase, numbers etc). Emails, all social media sites, cPanel for my web site account, banking, everything.

10 million years to crack my password(s): https://howsecureismypassword.net

excuse me, you use a 15 characters password and then put it on an unknown website to check it ???
Speaking about security.......

 

[Sherry_B]

excuse me, you use a 15 characters password and then put it on an unknown website to check it ???
Speaking about security.......

The gentleman that runs that site is very respectable, and has been around for many, many years. Back in the day a lot of us web hosting owners used his site for passwords when we set up a clients account. Read about the site before making false assumptions.

 

[robertk328]

excuse me, you use a 15 characters password and then put it on an unknown website to check it ???
Speaking about security.......

How is the site going to know what site you use it on? Certainly you don't use the same password on multiple sites!

 

[Ledsteplin]

Most of the passwords I use, except the passcode on my phone, are 15 digits (uppercase, lowercase, numbers etc). Emails, all social media sites, cPanel for my web site account, banking, everything.

10 million years to crack my password(s): https://howsecureismypassword.net

10 million years? 41 years suits me. I'll be 104 and won't care much.

 

[MaxSmarties]

The gentleman that runs that site is very respectable, and has been around for many, many years. Back in the day a lot of us web hosting owners used his site for passwords when we set up a clients account. Read about the site before making false assumptions.

I didn't make any assumptions at all.
I'm just not risking any of my passwords on a website unless I don't personally know the website owner (and even in that case his website could be hacked).
Key loggers are quite common.
I've seen very respectable websites hacked....

How is the site going to know what site you use it on? Certainly you don't use the same password on multiple sites!

I wouldn't take chances on my security nonetheless....

 

[Sherry_B]

Key loggers are quite common.
I've seen very respectable websites hacked

Thats due to the site owners stupidity. If they install 3rd party software and never update it or use typically easy passwords for their cpanel access, or easy passwords for email accounts associated with their site, then yes. They leave themselves wide open. I don't see that guy using easy passwords or an easy log in for his website.

If someone gets a keylogger on their machine via flyby install then they probably weren't smart enough to even consider checking their password for security strength to begin with.

 

[MaxSmarties]

Thats due to the site owners stupidity. If they install 3rd party software and never update it or use typically easy passwords for their cpanel access, or easy passwords for email accounts associated with their site, then yes. They leave themselves wide open. I don't see that guy using easy passwords or an easy log in for his website.

If someone gets a keylogger on their machine via flyby install then they probably weren't smart enough to even consider checking their password for security strength to begin with.

Ars Technica website hacked one year ago... just an example of competent people being victims of hackers.

you are entitled to your opinion, I am entitled to have mine, as an IT guy: I won't put one of my passwords on any non-secure website.

 

[Sherry_B]

Ars Technica website hacked one year ago... just an example of competent people being victims of hackers.

Yes, because they use(ed) phpBB, which I (and many others than I knew back in the day) eventually banned on my hosting server for a reason. The devs for phpBB are notorious for leaving vulnerabilities all over the place in their code, and for not using the best methods for security. Had ARS Technica researched and been promptly following and reading about security updates for the 3rd party software they used on their site, they would of known the history with phpBB.

Web hosts offer 3rd party software for their customers to install, but it always comes with a warning that the web host is not responsible for keeping it updated once a client installs it on their accounts. That bit is completely up to the client.

you are entitled to your opinion, I am entitled to have mine,

I stated what I saw and experienced as a web hosting owner and server administrator. My server was never hacked. Only 2 or 3 hosting clients who did not stay on top of keeping their installed software updated had their accounts (hackers never got past their accounts or in to my server) compromised. Every time it was due to phpBB being installed and outdated on their accounts. I eventually removed it from Fantastico and had my security team set measures in place to prevent it from being installed at all.

 

[robertk328]

I didn't make any assumptions at all.
I'm just not risking any of my passwords on a website unless I don't personally know the website owner (and even in that case his website could be hacked).
Key loggers are quite common.
I've seen very respectable websites hacked....


I wouldn't take chances on my security nonetheless....

Even if the website was hacked, it doesn't seem like you're entering any information to tie your online presence to the password you're checking. So I don't have to put "robert@imore" in and then the password I'm checking, just a random string of characters. I understand your skepticism but seems a bit over the top. When you only have half of the key, it's not going to work. Without the other half (username, email address, etc.) the password is useless.

The good news is, many sites use a guide when changing your password to show you how secure your password is. And if you use a password program to generate and save the passwords (I use Lastpass but many like 1Password) it will create the secure password for you, and save it as well. It also shows how good the password is when generating.