I’m sure it is! Once you put it out on the net in cleartext, it’s out there forever… But I generally apply that to anything we put on the net.
The general rule I apply when it comes to network security is keep the protection in line with the value of the asset and risk of loss/damage. Joe Schmoe’s X-Box account doesn’t need a ton of protections – or at least, I’d hope not.
I’ve noticed that too…and not just at zero-dark (because I’m retired, 0800 is early) but full light! Must be the “bed head” hair
When I was in the Naval Postgraduate School, a student was doing his thesis on password memorization and we were roped into his study - going back to a computer at some interval and reentering the password that you memorized. I probably messed up his numbers. My password for that study was “IForgot”…in stead of remembering it, I forgot it…and that seemed to work.
Seriously though, it’s all about the chain of trust and how much pain you want to go through to protect something.
But on the other hand, at last job we had a Cisco Fellow come in to evaluate our mesh network. Secured using AES128 encryption. Took him 24 minutes to break in…
I have no idea what most of my passwords are. They are all complex and unrelated. That’s the beauty of LastPass. It saves you the burden of remembering them, and a good biometrically secure phone app allows you to have them with you. Everything financial, network, or communications related has 2FA or PIN enabled. Sure, they can be beat by man in the middle attacks, but since LP won’t fill in domains that it doesn’t know, it helps prevent that. One can make an argument that nothing is secure, but like @BeachAV8R swimming from sharks, I just don’t want to make it easy for the bad guys.
Getting my wife and later my kids to follow suit is the challenge. I’ve just succeeded at getting Claudia to enable 2FA on everything she can.
I do love 2FA…I love it for Paypal and all of those things that make my phone buzz. Of course, it’s a Pavlovian response - whenever my phone buzzes from a Paypal transaction it just means I’ve bought something at an X-Plane ORG sale or something…
Of course, I blame @PaulRix for all my impulse purchases…
Our forum software has 2FA enabled for it if people want. My greatest fear is someone will steal my Mudspike account and then start writing in a much gooder way than me, so gotta lock it write down.
Also, I remember a few flight sim sites and even products where you could ask for a password reset and they’d send you the plain text version of what it was. (shivers).
I have every password written down—on paper. I have my company passwords displayed for all to see on a slice of masking tape taped to my company ipad. I have two company passwords which change every 90 days. They both must be a different length and must not be similar to past passwords. Plus the standard restrictions of mixing caps, lower case, numbers, symbols. All company training materials use entirely different passwords. We get so many fake phishing security emails that most of us no longer reply to (or even read) company emails for fear that we will be scolded for replying to a fake scam. Man, I would give anything to throw that stupid ipad into the bin and go back to paper flight plans and paper Jepps! And because then ipad allows infinite document sizes our 737 manual, once 1000 pages is now 2800; the FOM, once 500 pages, now 1200; the new WOM, once nonexistent, now 800 pages.
I would gladly give all of this up for a rotary phone, a turntable and a sizeable Blue Note jazz collection. No sims, no forum, no iphone, no PASSWORDS. An analogue life lived in the moment = heaven.
This reminds me…I’m pretty sure everybody has heard this…told to me by a Vietnam veteran…
"So we had been out in the jungle for weeks and all of us only had one set of underwear, which were getting pretty rank. So the sergeant lines us up and announces ‘You all will now get a chance to change underwear!’ A big shout of joy from all of us followed. After we quieted down, our sergeant looked at his clipboard and began to read, "Smith, you change with Johnson. Johnson, you change with Jones… "