Have you had your password stolen or hacked? Can there ever be a system which is convenient but cannot be compromised?

Out of interest I recently did a Google search of a username I often use to access some websites. I was shocked to come across what appeared to be a Russian website which listed my username and password, along with hundreds of other people's.
Jason Jones, London, UK

My Paypal account was hacked, NEVER have the same or similar password for Paypal as your eBay account, as they repeatedly try logging in to your eBay account until they "guess it" and then use your Paypal to send themselves money. Luckily they didn't get anything due to my "backup" :)
John, Devon

My eBay account was hacked by someone in Nigeria who also actively tried to stop my efforts to reclaim my account. The second time round he hacked my Hotmail as well, which was very worrying but it was all sorted out in the end. It's vital to keep different passwords and update them regularly. Sometimes it's good to change your user name as well to avoid being targeted regularly.
Michael, Reading, UK

I manage a school network with 1400 users. I have real trouble trying to explain the importance of password security to the teaching staff. Although they have access to very sensitive and confidential documents they seem to think that having a password such as "12345" or even "password" is quite acceptable. I recently forced them to change their passwords to something more secure and I thought they were going to lynch me!
Reg P, Runcorn

A simple tip for your readers to defeat key loggers - when entering a username or password, DELIBERATELY miss out one letter or number then go back, click with the mouse at the position of the missed letter and then type it - the key logger then gets the wrong sequence. This is also extremely useful for credit cards - missing a number in the last 4 digits then entering it as above. I had my credit card stolen by a key-logger used by an employee of my ISP before I started doing this.
Dr John, Kuala Lumpur

Here in Sweden we have had a fob generation code for over five years for logging onto our Swedish banks - interesting to see that the rest of the world is starting to think it is a good idea.
Julian Phillips, Uppsala

Typing in a password is not the way forward. In a way, we humans are passwords ourselves and what can be better than using your own fingerprint as a password. I believe the technology is there and I have seen a fingerprint reader on a laptop by HP. If users don't have laptops with a built-in reader, a USB type should be available. A Secure Internet Banking system can be built for use with fingerprints. Oh, I forgot to add the fingerprint reader MUST distinguish between human flesh and paper.
Dharmesh Sorathiya, England

I have forgotten passwords due to the amount I have to remember. I do wonder why we can't, when signing up, just press sign up and register what IP numbers will be accessing the account. I thought IP numbers were unique to the user so why can't a site detect my IP and let me in automatically or can hackers fake your IP number too? If so, why not assign the password to our IP numbers? Would have to be a pretty smart hacker then not some kid using brute force haha.
Wolfie

Roboform can hold passwords, and can be set to protect passwords with a Master Password. It can also randomly generate passwords up to 52 characters in length. The passwords are encrypted into RoboForm, and the master password can be used before connecting to the net.
Malcolm Langley, United Kingdom

Deepnet Security has several two-factor and two-way authentication that are designed for online banking, including the mobile phone based one-time password. Guess that HSBC and the Alliance and Leicester might be interested?
Yurong Lin, London, UK

A friend of mine's father is a computer boff, and thinks his security is so tight, that he said we could try and crack it. We used a simple keylogger, and got his password within an hour, automatically sent to our remote hotmail account. Of course, we had to install it on his computer via a USB, but he said his system had a secure firewall. The thing wasn't, it didn't block outgoing, only incoming, which was clearly a mistake.

I have personally found the best way to make sure your own system is secure, is to test it for yourself. Find a keylogger, make sure you know it's safe, and test it yourself to see if it gets blocked. FireFox has its own inbuilt password security, so I only ever type my password once. There are always people who are trying to crack the latest update, and there always will be. Just try and stay a step ahead of the game.
Relequest, Eastbourne

There is another alternative to keyboard and password dongles. How about the 40-year-old technology called computer speech recognition? Modern speech recognition uses a mix of two technologies - speech recognition (understanding what is said) and voice recognition (identifying the voice that said it). Using a spoken password means that not only does the password need to be correct, but also the phonetics of the voice which says it. It's a cheap technology now and very secure. You can change it daily if you wish and key-loggers can't touch it. Nothing to lose or leave behind, you always have your unique voice with you.
Bob Austen, Watchet, Somerset

Anyone who uses their own name as their password deserves to be hacked ...
Adam, Belfast

Although the complicated passwords stated above are difficult to remember, the dullest pencil is sharper than the sharpest mind. Write it down and tape it to your computer. Or if you're surrounded by people you don't trust, keep it privately locked up or hidden.
Aphid, US

What do you think of pass phrases? A secure pass phrase can be anything memorable that is 14 characters or more. No necessity for altering case, using obscure signs and numbers, etc. Just so long as it's 14 characters. Benefits: "I fell into a slumber" is more difficult to crack, but easier to remember than "X1lN5tuPd." It's also much easier and faster to type the phrase than a shorter but more complex password. And if you do need to tell someone over the phone, you can. No more "Capital X for xenophobia, number 1, l for lucky, capital N for nocturnal, number 5..." "Did you say, "mock turtle"? "No, N - nocturnal. "K - and what's after 'f'? There is no 'f'.

Apparently the 14 character minimum creates enough complexity that it would take a very long time to crack. I don't remember how long. Hundreds or thousands of years. I was introduced to the idea by Microsoft. I started using pass phrases and never heard mention of the idea again. Mac OS X's built in password generator seems to think it's more secure than most passwords (that are less than say, 12 characters.) Have you heard of pass phases? Is there any problem with them? Some reason it's not a popular idea?
Brad, London

There will never be a system that cannot be compromised: one cannot close a door that one wants to keep open.
Erik, De Haag The Netherlands

How about a key chain USB scanner that could scan one's fingerprint and send as one's user ID/password?
Mudiappasamy Devadoss, Dindigul, India

I use password corral to store my passwords - they are encrypted, portable and you can download the program for free at cygnusproductions.com. It is excellent - I use it for work passwords and home - highly recommended!
Bob

Just this week, I received a telephone call from my bank regarding a recent transaction. They wanted to know if I would authorise a �1000 credit card payment to a company in America. As I had not made such a transaction I talked with their fraud department and as it turned out there was another fraudulent request that week. I could only think it was connected with genuine transactions carried out over the internet previously. This made me check my PC at the earliest opportunity, which resulted in full virus & spyware scans and also to load windows defender (Microsoft) to keep an eye on my system. I would encourage everybody to regularly check their PCs.
Steve, Rugby, England

In Holland I use a so called e-dentifier which is a plastic card reader such that one's banking card is inserted and the reader gives a one off password. Very good and safe indeed. In Hungary I log on and get a SMS text message on my mobile phone which is again a one off password. Both systems I feel are exceedingly good and intrinsically safe!
Arthur Rogers, Uden/Holland and Gyenesdi�s/Hungary

Err pardon me for being a bit thick, but I just write my passwords down in a file in a ring binder on my shelf. Quite hard to hack that across the internet, however good you are.
Andy Barlow, Stoke, Staffs

I have had my password hacked from eBay, the hackers tried to sell stolen motorbikes on eBay using my details. EBay spotted it very quickly even before I knew that my details were hacked. I am still with them because they have assured me that my details are now safe.
Mark Yates, Hounslow

In Belgium the major banks like Fortis, ING, KBC are already using what we call here a "digipass" (like the fob system in Hong Kong with a constantly changing number as part of the password) since a few years and it is working very well. I can now do my internet banking from anywhere in the world. Moreover the service is free of charge for the customer.
Frank Melis, Schilde Belgium

I have used a keylogger in the past on my family computer to protect my children online. We are constantly bombarded with warnings of online profile sites and I decided I needed to take action to be confident of my children's' online safety. They are so readily available and the functions they offer encompass most parts of online activity. For instance, keystrokes made on my family computer can be emailed directly to me at work, or at any time I choose. It's clear to see why these programs can be dangerous if used with malicious intent. It seems we're just going to have to use a little grey matter in this never ending battle with hackers!
Paddy McMaster, Northern Ireland

One could also switch to a Mac. Not only is there much less malware (possibly none), and it is much more difficult for spyware to get installed even if it does get downloaded, but the built-in Keychain application will automatically fill in the passwords in web browsers. Still, a lot of good points in the article. Thanks!
M Manness, Portland, Oregon

I've been using MyPW to protect my accounts for the last couple of months, it works both on my home and business systems. It's a one-time password token and it's very cheap $19.95 a year.
Steve Frank, New York, NY

I recently received a new HP laptop for Christmas that comes with a built-in finger print reader; you use the reader to log on to your windows account. This seems like a much more secure way of logging in and I'm surprised it's not taken off in the shops yet.
Jason, Somerset

I have a bank account which is linked to my mobile phone. When I make a purchase or pay a bill over the internet a second pin number is generated and sent to my mobile. I then have to enter this pin before the purchase or bill is processed. It's a simple procedure which takes about 30 seconds longer than normal to complete and so far I haven't encountered any problems with the service.
James Scott, Spain

I had my eBay account hijacked and fraudsters attempted to commit �25,000 worth of fraud in my name. Then a couple of weeks later my credit card company rang me up to check some recent purchases. These had been done by fraudsters who had somehow got my card details. I learnt very quickly that the internet is not safe. I'd welcome any new ideas such as the separate application that generates new passwords, because anything that makes online transactions more secure has to be a good thing.
Gordon Cassidy, Perth

I've never had my password hacked that I know of, but this article reminded me of some trouble a few years ago in the high school library where I work. A couple of teenage boys managed to find out a password chosen out of some very personal information. My co-workers and I could never figure out how they "guessed" the password. After reading your article, I now have a better understanding of how that could have been accomplished. Thanks.
Angela Hahn, Pueblo, USA

The solution to this problem is extremely simple. Next time you buy a computer buy a Mac. Mac OS X is inherently more secure than any variant of Windows yet invented.
Andrew Spark, United Kingdom