I have a question for those who know about computers...which I do not! :blush: Yesterday, I went to a newspaper site where I have a log-in for comments. A box came up asking me to log-in, which I tried to do. Then the page came up saying I didn't have access to the site (which didn't bother me since I am not a subscriber to the paper, just a viewer online). So I tried once more, thinking I had the wrong user name, and a box came up saying the site was asking for a password and it wasn't secure. I am now worried that something isn't right...should I be concerned that I was putting in passwords (that I sometimes use for other log-ins) and now they are out there? :confused: My MIL had an issue with identity theft and it wasn't a good time...

Any site worth their salt, shouldn't store your password. They should "hash" your password and store that value, then compare the results of that "hash" whenever you log in.

That doesn't happen all the time, so it's never a good idea to reuse passwords.

I think the "secure password" message you got though was probably in reference to a weak password. It is generally accepted that people should be using strong password. The definition of a strong password changes depending on who you talk to, but a good start is to meet the following conditions.

1. At least one capitol letter
2. At least one lowercase letter
3. At least one number
4. At least one special character

It should not contain your name (first or last), birth date, or any other personally recognizable info (dogs names, kids names, etc) and also be at the minimum between 6-8 characters in length.

It should also expire every 90 days and you should not be allowed to use any of the last three passwords you have chosen for that account.

There was a recent article written however by Bruce Schneier about how a lot of that goes out the window now with keyloggers. They make our lives harder and doesn't matter how secure your password is to the program.

Many banking sites, etc have a little more security built around them, but often by the time you know your account has been stolen, it's probably too late...