Who on earth is going to spend £22 on that tat? The printing, stitching and leather are junk going from the pictures. I don't even care about the security implications when I'm so shocked at the quality.
Leatherbound analogue password manager: For the hipster who doesn't mind losing everything
News reaches us that will leave password management outfits quaking in their boots. The Conran Shop has a solution for forgetful users, and it is a snip at a mere £22. Users need to remember a bewildering array of passwords just to get through an average day, which can lead to some pretty shoddy practices as revealed in the …
COMMENTS
-
-
-
Monday 9th July 2018 19:08 GMT Mage
Security features
A £2 address book is a GOOD idea. Website/service, email, user, password etc.
NEVER take it out of premises.
Never EVER put in laptop bag.
Do put in safe or with Will etc, in case you are knocked down crossing road, stroke, heart attack or assassinated.
It's actually good security practice to have a secured hard copy of all security information. Maybe even a second off site secure location.
Not though in your jacket, open plan office or laptop bag.
-
-
Monday 9th July 2018 12:41 GMT Flywheel
"Expertly designed and crafted by Fabriano"
*sigh* It's
artisanalArtisanal! The seemingly irregular nature of the stitching only serves to emphasise the handmade quality of the item. The faux-puerile nature of the blocked text lends an air of uniqueness to each and every item. John Bull would be proud!Apparently.
-
-
-
Monday 9th July 2018 13:48 GMT Timmy B
Re: fashion victims
"where 'more expensive = must be better'"
If that's the case I can make the best one. I actually do make things out of leather, including bags, pouches, book covers, etc. Anyone who wants one can order one from me. For really good quality leather I can do you one for £200. If you want one with traditionally tanned buckskin £350. Any takers?
-
Monday 9th July 2018 13:56 GMT Chris G
Re: fashion victims
Traditionally tanned buckskin was softened by Indian maidens chewing the hides to soften them, can you guarantee that is the case with your product?
Photos of said maidens chewing your buckskin or it hasn't happened.
I make pretty good journal covers from leather to order, I can guarantee they haven't been chewed by me.
Average price for hand stitched, oiled leather €50-€60.
-
Monday 9th July 2018 14:00 GMT Timmy B
Re: fashion victims
"Traditionally tanned buckskin was softened by Indian maidens chewing the hides to soften them, can you guarantee that is the case with your product?"
Sorry. You've listened to Hollywood and not read your history books. :) I do a variety, from bark to brain tan and various other processes that I'll not bore people with. All are hand or frame softened depending on animal and hide thickness / quality.
I was having a giggle with the price and you quote is far better but I do tend to carve patterns into mine and that will inflate the price, of course. And one done in my buckskin with actual sinew stitching is going to clear £100.
-
This post has been deleted by its author
-
-
Monday 9th July 2018 14:09 GMT Andy Non
Re: fashion victims
@Timmy B
I'll take one. It must be better than the post-it note on my computer with my TSB online banking username of Imawally and password of qwerty-123456. You might as well take the money out of my account by direct bank transfer, I haven't got time to do it myself, too busy giving a security seminar this afternoon.
-
-
Tuesday 10th July 2018 02:10 GMT Gritzwally Philbin
Re: fashion victims
Oh hell.. well that's it for me and my 2 dollar spiral bound blank-page notebook I bought in 1998. 20 years on and it's not been nicked, copied or dropped in the toilet (my God, who pulls out their password book on the toilet? Unnatural, that is..)
The biggest drawback is that over the years I've pulled pages to make shopping lists with and the poor notebook is running out of room.. Though I DO still have my AudioGalaxy password and username jotted down. The thing that makes you think the most however, are the number of old e-mail addresses and contacts with folks I knew that have died over the years. Hmm.
-
-
-
Monday 9th July 2018 21:05 GMT Gene Cash
Deckeled
Speaking of "Artisanal"... I learned a new word recently: "deckel" which means "we couldn't be bothered to finish the book and cut the paper properly"
I ordered a book, and I thought I'd gotten a screwed up copy, because none of the pages were cut square. I went back to Amazon and found out I had the "fancy" deckled copy and I'd paid extra for this "privilege" and so I gave it a 1-star review for this wonderful feature.
It made reading the book a nightmare, because it was REALLY difficult to turn the individual pages.
-
-
-
Monday 9th July 2018 11:53 GMT Anonymous Coward
This is actually a good thing.
It makes the low-hanging fruit that bit lower, which makes things safer for those of us who aren't so intellectually challenged.
It's basically a big sign saying both 'here are my passwords' and 'I've got too much money' (why else spend so much money on a notepad?)
-
Monday 9th July 2018 16:36 GMT caffeine addict
Companies should give them out to their users. Anyone found to have used it for the intended purposes just fired from a canon.
Similar (ish) recent job I had here.
PM : The website for users to access HR. Add a button to print the page.
Me : But... why? The browser does that.
PM : Not all users will know that.
Me : Okay. So what about if I make it so that everyone who presses that button has their contact details forwarded to HR for not being able to use a web browser?
PM : No.
-
-
Monday 9th July 2018 12:38 GMT Shadow Systems
Re: User-generated obfuscation
There is an easy form of exactly that, as long as you can remember the order of certain glyphs.
Imagine a 3x3 grid like a tic tac toe board. In the upper left corner you place a single dot in the corner. In the top center you place a dot in the middle of the space. In the top right you place a dot in the corner. In the center left square you place a dot in the middle; in the center square the dot goes in the center; in the center right square the dot goes in the middle. In the lower left square the dot goes in the corner, in the bottom middle square the dot goes in the middle, & in the bottom right the dot goes in the corner. Now consider each square one letter of the alphabet, in this case A to I. Repeat the tic tac toe board with squiggles, x's, or even smiley faces until you have enough for all 26 letters & 10 numbers. Now you just have to remember in which order you created each grid (I suggest using 1 dot for the first, 2 for the second, 3 for the third & so on), that way you can simply look at which direction the square faces, at what doodle is inside the square, & do the mental math to figure out what letter/number it represents. You've just created a cypher that very few folks will be able to decode easily (if at all), much less on the fly from memory.
You can use that method to write passwords, using a line over the glyph to mean an uppercase letter or to multiply the digit by some value of ten (although Roman Numerals are a greater PITA than just writing out the numbers themselves).
My friends & I used to do this all the time back in school. We'd leave each other notes, leave single glyphs to confuse folks on sticky notes stuck to things, & generally have fun throwing folks for a loop.
I challenged one to write his English homework in code, he retaliated by daring me to write an entire book report the same way. I refused only because my teacher had no sense of humour, but I made up for it by writing a story that way instead. He laughed his ass off when he saw the 50 pages of single spaced, college ruled binder paper covered in hieroglyphics. =-)p
I kept a pocket flip cover notepad in my pocket for years, a tiny pencil in the spine, so I could take notes when an idea struck me. Putting them into code was a good way to make sure my parents didn't know what trouble I was getting into. (Had they been able to decode it, they would have grounded me so fast it would have made my head spin!) So do something along those same lines to keep your own notes, including passwords. The chances that some random stranger finding the pad & being able to read it are low, & knowing what's written there belongs to *you* is almost nonexistent. (Unless you have a mailing address label for yourself stuck inside the cover so they know where to return it, but that's another story.) =-)
-
Monday 9th July 2018 13:15 GMT Woza
Re: User-generated obfuscation
There's another way to use a 3x3 grid - Iain M. Banks' Marain (http://trevor-hopkins.com/banks/a-few-notes-on-marain.html).
But I'm confused by "You've just created a cypher that very few folks will be able to decode easily (if at all)" - isn't that just a substitution cipher? While strong passwords should render frequency analysis unprofitable, relying on that to keep secrets written in your native language seems potentially risky, depending on the audience. Or am I missing something?
-
-
-
-
-
Monday 9th July 2018 12:12 GMT Captain Scarlet
Re: Name > website / Phone No. > password
Yeah I recommend using a standard A5 paper book to anyone I think will be confused by a password manager.
I recommend remember your email and bank passwords and put anything else in the book (As a password can easily be reset if you can access your email account)
Try to keep it in alphabetical order and use one page per site.
Stating the book is for passwords is a bit silly, if its in the home in a draw hopefully it will be missed if burgled.
-
-
Monday 9th July 2018 16:40 GMT Captain Scarlet
Re: Captain Scarlet: Name > website / Phone No. > password
Not being a Mac user I'm not sure. KeePass has an unofficial port but I don't know how well that works. Any MacOSX users want to recommend?
A safe to store the book in I'm not 100% sure on, if someone breaks into the safe I think they would take everything in it including the book.
Have a thumbs up for the draw comment, yes I meant drawer.
-
Monday 9th July 2018 20:55 GMT JLV
>pwd manager for Mac OS
1Password is OK.
Likes:
- it works
- fairly comprehensive and seems serious about providing a good product. they've been caught out in some of the password manager audits, like others, but they patched promptly.
- you don't HAVE to store stuff in the cloud. if not, no syncing, but that's ok
- you don't have to use browser integration and you can keep it closed most of the time.
- multiplatform.
Dislikes:
- data file is stored in/mediated by macos Keychain. That's probably an overall positive, but worries me about what would happen if the mac dies and Time Machine doesn't save the day. I'd rather export it encrypted somewhere, only needing the app and the master password to restore. Now, IIRC, I did manage to find the file somewhere and do just that, but it's not well documented and needlessly obfuscated and complex to do so.
-
Tuesday 10th July 2018 08:47 GMT Wensleydale Cheese
Re: >pwd manager for Mac OS
"1Password is OK."
"- you don't HAVE to store stuff in the cloud. if not, no syncing, but that's ok"
You can sync without the cloud but it's a bit fiddly.
In the Likes section I'll add that it has a record type of Software Licence. I've got all mine stashed in 1Password, nicely in one place.
-
-
-
Monday 9th July 2018 13:08 GMT Frank Bitterlich
Re: Name > website / Phone No. > password
Look closely... they din't even change the column headings. The righthand column still has telephone symbols in the heading.
I suspect this started as a practical joke in the marketing department, until some sales dude put it onto their website. Then the orders started pouring in, and there was no way back...
-
Monday 9th July 2018 17:06 GMT DuchessofDukeStreet
Re: Name > website / Phone No. > password
If it's going to be useful it needs to be kept where it's going to be used - ie next to the computer, and readily accessible.
For those of you old enough to remember, was the Phone Book ever kept anywhere other than by the phone? (For the rest of you, this means back in the days when a home had a single land line with a handset usually in the hall, and the search engine of local phone numbers delivered in two thick softcover books delivered to your front door every twelve months. National and international (!) numbers had to be requested from the operator).
-
-
Monday 9th July 2018 12:14 GMT Dave Bell
What can you trust?
I would trust a notebook, kept in a secure place, as my back-up to any of the fancy, computerised, alternatives. It's not as convenient for daily use, but it can work as part of a system. Some of the risks for me are different from those of a busy office. Different risks mean different answers.
Recent experience makes me wary of password managers. They're software. Software goes wrong. What then?
When did you last test a back-up?
-
Monday 9th July 2018 12:18 GMT Dave 126
Telememo watches
Casio still sell a range of inexpensive, reliable watches in a range of styles with a Telememo function. It's a bit fiddly to enter alphanumeric info into them though. A watch is harder to lose than a notebook. You can store a password and don't have to note which account it is for. If you lose your watch it can't necessarily be linked to you by a bad guy. Of course if you do lose your watch it'd be a good idea to have your passwords written down at home stored on waterproof paper in a half eaten jar of mayonnaise at the back of the fridge (or hiding place of your choice)
-
Monday 9th July 2018 12:22 GMT Anonymous Coward
I've got a better solution...
We keep all our passwords at home in a book, but it's labelled as "NOT password book".
What could possibly go wrong with that?
(and I'm not joking, we really do have that. It's really just for not so important stuff, and you'd have to break into our house to get it. But I'll post this as AC anyway, just in case)
-
-
-
Monday 9th July 2018 14:20 GMT DropBear
Re: I've got a better solution...
"it's the labelling of jars 'Kitchen Utensils' (with spatulas and whisks poking out the top) that I don't understand."
I know many of us around here are supposedly "on the spectrum" and have varying amount of trouble dealing with subtext, but come on - that's basically textbook. There are eleventy billion reasons to label something beyond the basic intent to convey apparently redundant information, of which "I told you a hundred times to put it back right here after you used it you bastard!" or "No, you can't use this jar to
clean your carb jetskeep your pickles in even if you see it empty!" or "Guess what yes I have OCD, do you have a problem with that?" are merely some of the simpler and more benevolent ones... -
Monday 9th July 2018 17:35 GMT Dan 55
Re: I've got a better solution...
it's the labelling of jars 'Kitchen Utensils' (with spatulas and whisks poking out the top) that I don't understand.
To the Bat Kitchen!
Mine's the black cape.
-
Tuesday 10th July 2018 09:00 GMT Wensleydale Cheese
Re: I've got a better solution...
"it's the labelling of jars 'Kitchen Utensils' (with spatulas and whisks poking out the top) that I don't understand."
My kitchen utensils are in a jar intended to store spaghetti.
I leave my spaghetti in its wrapper in a cupboard, protected from the smoke from burnt toast, smoky grills, flies etc.
-
Monday 9th July 2018 13:11 GMT Teiwaz
Re: I've got a better solution...
I was about 9 when I stopped labelling books. Was I a prodigy?
Earlier - not by choice - the school insisted all pupils books have a cover - the really really horrible wallpaper I had to use wouldn't take even a permanent marker and any taped labels slid off within a day leaving a slimey sticky patch.
-
-
-
Monday 9th July 2018 12:34 GMT Pen-y-gors
How to waste bad people's time.+
Obviously the big danger is losing it. Which is why I keep mine on a few sheets of A4 and take a photocopy from time to time.
But would you really write your passwords in plain? Surely anyone with half a brain would obfuscate them? Add three random characters in the middle or something? There will then be a lot of frustrated bad people trying and failing to login to your a/c with your p/w
-
Monday 9th July 2018 12:50 GMT Lord Elpuss
Re: How to waste bad people's time.+
Or just have one of these books filled with garbage, and keep your real passwords somewhere else. Should waste a few hours of thief/cybervillain/state actor time before they realise...
I used to carry around a MicroSD with all kinds of dodgy files on it (a folder called Project Reticle, a spreadsheet full of random 5-letter groups, an astrophysics PDF with certain letters in the article strategically highlighted, and so on) - just to waste the time of any agent that might stop and search me.
Until somebody reminded me that if they DID stop me, and found said MicroSD, there was a distinct probability that they would lock me up until I told them what it all meant. Which would likely be an extremely long time given that it was garbage.
So I left it taped to the side of a coffee cup in Starbucks. Still wonder from time to time what became of it and if it ever ended up being 'investigated'.
-
Monday 9th July 2018 16:36 GMT Mike 16
Re: How to waste bad people's time.+
I'll just leave this here:
http://www.milk.com/wall-o-shame/security_clearance.html
Title:
What Not To Write On Your Security Clearance Form
A little tale of how a childhood fascination with cryptography led to later life infelicities.
Of course, only criminals and people who have access to U.S. nuclear launch codes imagine the FBI to be "bad people", right?
-
-
-
Monday 9th July 2018 13:08 GMT HPCJohn
Passwords are outdated
I think this really flags up that passwords are an outdated concept. Mock as much as you like abotu writing passwords down, but why in the 21st Century are we relying on a series of characters pressed out on what is quaintly known as a 'keyboard'.
I don't have the solution myself, however I rather do like Microsoft Hello and facial recognition.
I realise there will be many responses saying 'this is not secure enough'
For centuries, people have placed great store in physical keys. You can still see keys for ancient castle doors for instance, so we have a cultural appreciation of keys.
I really dont see why more companies dont use smartcards for authentication. You normally have a smartcard on a lanyard, and this is used to open doors within the building.
OK, for the home user and e-commerce sites you wont have a company smartcard. But increasingly we see two factor authentication using a one-time code sent to a mobile phone.
-
Monday 9th July 2018 21:17 GMT doublelayer
Re: Passwords are outdated
This does not work. Here are the problems:
Facial recognition: Systems can be fooled by photos in some cases. Models can be created from video footage and sent to the systems. If compromised, the user can't change their face.
Smart cards: Relatively expensive. Must be written by extra hardware, so a copy of data on the card is usually available. No reader for most cases where they are needed.
More clearly, keys are considered useful because they have what passwords have. They're hard to just guess in most cases, so they act as a delay. They won't keep someone out forever if they are determined, but they make it hard to just open the door. When there is a problem with them, they get changed. Keys and passwords can be hidden. Faces can't, and smart cards can only if every system they get used on are trusted.
-
Tuesday 10th July 2018 16:14 GMT I ain't Spartacus
Re: Passwords are outdated
Apart from all the problems mentioned, it's silly to call a system (i.e. passwords) outdated, when you don't know what their replacement should be.
Now if you'd said passwords are a rubbish idea, almost everyone would agree with you. It's just that most of the other ways of doing this are rubbish as well.
I suspect there may never be a killer solution that is cheap enough to use in all circumstances, while also being very secure (total security being a mythical concept). So we'll end up picking the best of various dodgy compromises, depending on circumstances and budget.
-
-
Monday 9th July 2018 13:12 GMT tiggity
Gorge yourself to huge obese blob proportions.
Lose the gained weight.
You now have lots of folds of excess skin.
tattoo your passwords there (on skin "folds" underside so casual thief will not notice)
Bar life threatening injury / severe skin disfiguring illness, your credentials are safe
CBA with joke icon
-
Monday 9th July 2018 13:49 GMT theExecutive
First Pet, and Mother Maiden Name
Yep im looking to the future, where all passwords can be easily remembered by their password hints, will save acres of paper and plasti binding.
Just a flip card should do, 50p. Usually i get people to tell me these things anyway, as passwords are so complicated, it comes down to....... Fluffy , Armstrong :)
-
Monday 9th July 2018 14:32 GMT M. B.
It's kinda funny, because my parents, now into their 70's, were worried about their online security (a good thing) after hearing that they shouldn't write all their passwords down on a piece of paper from a number of news articles.
Except that piece of paper is in their house, in their basement, in their office area, in a drawer near their iMac. Literally no one other then them or I will ever look in that drawer and see that piece of paper, and they never have to worry about forgetting a password. But the media sure did a good job of scaring them into thinking they were doing something wrong, even though their attack footprint was impossibly tiny.
Anyways, only mentioning this because it inconveniences me, and that's the worst inconvenience of all.
-
Tuesday 10th July 2018 11:49 GMT Wensleydale Cheese
"Except that piece of paper is in their house, in their basement, in their office area, in a drawer near their iMac. Literally no one other then them or I will ever look in that drawer and see that piece of paper, and they never have to worry about forgetting a password. "
I once attended a Neighbourhood Watch event where a policemen gave tips on securing your home.
One thing he mentioned was that thieves would look in the right hand* drawer of desks because this is where people would put things like spare car keys, burglar alarm codes and so on.
I got home and investigated my own right hand drawer, and was surprised how much stuff like that I had there.
* presumably that would be left hand drawer for left handed folks
-
-
Monday 9th July 2018 15:13 GMT Tony W
Forgetting password is very rarely a disaster
If you are really you, there is usually a way to get it back, so long as the organisation has a working email address for you on record.
But someone else getting your password can be very nasty.
Therefore it is more important to keep your password from others than it is to make sure you can always find it yourself.
The real problem comes when your descendants try to deal with your account. But people who think logically don't worry about that.
(As I have recently found, for sensitive sites your registered address should match your "From" address. One that you use only for receiving can cause people to be suspicious when you reply from a different one.)
-
-
Monday 9th July 2018 21:20 GMT doublelayer
I see your point, but any good system will send you a link that you have to click on, and then you reset your password from there. Short of jumping in ahead of you, which would be a bit obvious, they can't know your password. Of course, they can take some good guesses if they have an evil turn of mind.
-
-
Monday 9th July 2018 15:43 GMT Dr Dan Holdsworth
What a wonderful idea!
A notebook like this is a very, very good idea indeed, as long as it doesn't contain anything save decoy usernames and passwords for honeypot machines. You could even acquire several different notebooks, leave them in different places and note which honeypot accounts get hit, and when, then cross-reference this with where various visitors and dodgy members of staff have been seen lurking lately.
-
Tuesday 10th July 2018 03:31 GMT Allan George Dyer
Re: What a wonderful idea!
As a special service, for a mere $2222, I'm offering an Artisnal service to fill a genuine Fabriano Login & password index notebook with decoy usernames and passwords. Each entry will have a password lovingly crafted using one of over 30 password generation and obfuscation schemes recommended in these esteemed comments.
-
-
Tuesday 10th July 2018 06:12 GMT Anonymous Coward
When it comes to secret questions to confirm ID
Write the question as a looooong string of alfanumerics nothing more, then the answer anything you want but best as more alfanumerics.
Write these down as you will never remember them so you will always have to have your book to access things. This stops you giving the game away even if you wanted to.
So now since your back up questions are harder that you password and all are written down.
nobody is likely to steal your info.
keep a copy of the book in your safe or something.
-
Tuesday 10th July 2018 08:48 GMT Shaha Alam
if people are resorting to writing their passwords down, we need to rethink security to accommodate those people who can't remember a minimum of 8 characters and maximum of 16 with at least one capital, one number and one special character, but not that special character or that one, and cant contain an obvious word and must not be a repeat of any of your last 10 passwords, nor can it be a previous password with an obvious sequence number attached to it, or fuck it i dont need a bank account anyway i'll just store my life savings under my mattress instead of having to deal with this existential hell every time.
-
Tuesday 10th July 2018 10:46 GMT Pat Harkin
It's easy to improve security by using this...
....just fill it with wrong usernames and passwords, and use a password vault.
Many moons ago (1975? 1976?) Nat West issued me with an ATM card. It could only withdraw £10, was always retained by the machine to be returned in the post and was protected by a SIX digit PIN.
I wrote an incorrect PIN on it in pencil, just to be evil.
About once every 3 months I'd get a letter from the bank advising me having my PIN on the card was bad practice - but I couldn't tell them it wasn't my pin, because that would up their chances of guessing to 3 in 999,999! We're both less paranoid these days - I don't write PINs on cards and banks reckon 4 digitis in enough.
-
Tuesday 10th July 2018 11:59 GMT Wensleydale Cheese
Re: It's easy to improve security by using this...
"I wrote an incorrect PIN on it in pencil, just to be evil."
I used to know a chap who worked in a bank and one of his duties was taking the phone calls where holidaymakers had had their cards swallowed by ATMs.
His comment was that when the cards made their way back to HQ, it was surprising how many had the PIN written on the card itself.
-
Wednesday 11th July 2018 09:28 GMT Anonymous Coward
Re: It's easy to improve security by using this...
I have on a couple of occasions kept the scratch off pin from the letter in my wallet for a while, with the intention of changing the pin the first time I use a new card, which I forget for a long time if it was a credit card ( ie: a card I won't use in an ATM ).
I wonder how many people have done that and had their wallets stolen and credit cards raided.
-
Thursday 12th July 2018 12:47 GMT Robert Carnegie
Re: It's easy to improve security by using this...
I found it pretty hard to decide what to write on my replacement bank card as a reminder to self not to use the old PIN. The catch being that this could look like a disguised way to write down the new PIN, making the card more attractive to steal.
I decided in the end on - "Remember they gave you a new PIN number so don't use the old one", in capitals.
-
-
-
Tuesday 10th July 2018 17:30 GMT Anonymous Coward
Does anyone remember the game called Hangman?
....helped along by a pinch of repetition.
*
Notebook entry: E _ _ _ _ _ _ _ _ R N _ _ _ _ D
Musical user's password: ELGARELGARNIMROD
*
Seems pretty secure against a notebook stolen by a random bad guy....especially if the user uses non alpha characters in some patterned manner:
Notebook entry: E _ _ _ _ _ _ _ _ _ R N _ _ _ _ D
Musical user's password: ELGAR-ELGARNIMROD
*
Notebook entry: M _ _ _ _ _ _ _ _ _ _ _ _ _ _ _L W _ _ _ _ _ _ S
Racing fan's password: MANSELL92MANSELLWILLIAMS
*
Can this scheme be broken quickly by a random bad actor?
-
Thursday 12th July 2018 00:52 GMT LowTechSecure
Passwords on Paper with Digital Backup
Forget the fancy notebook. Go for a ratty looking loose leaf binder with no label so that it will blend in. Passwords on single sheets in binder. As a back up scan the sheets as images (no text to be searched) and then combine into a single PDF doc. Give it a nondescript title and store it in a dull sounding folder - in more than one folder just for sure. Then there is the off site backup that you should already be doing.
Now you've got the best of both worlds.
I've never heard of a notebook falling into a toilet but I know of several smart phones that have demonstrated that capability.
-
Monday 16th July 2018 08:56 GMT Arachnoid
P4ssw0RdZ
The problem is not so much remembering several passwords but in our I.T. fad culture, hundreds of passwords many of which require uppercase,lowercase, number etc or frequent changes for no apparent logical reason . Whilst its not an ideal 100% fool proof solution 2FA using a mobile app generated or recieved code is a way forward , as long as its not just a front to make a system "seem" more secure with a back door via a poorly constructed password. Even the U.S. Presidents Football uses a damn antiquated card code generator which was lost by one president [allegedly]
Talking of security its amazing how many Banking institutions etc require various ways of the user identifying themself over the phone but have no "Handshake" themselves to verify that they are genuine.