How to help prevent being hacked
Thread Starter
Administrator
Joined: Oct 2002
Posts: 13,943
Likes: 0
From: ɯooɹpǝq ɹnoʎ
Vehicle: ǝdnoɔ sısǝuǝƃ
How to help prevent being hacked
No password is safe. Regardless of how long your password is or how complex you think it may be, you can't influence how the password is stored on the server side. Log in to a bank online, webmail, or a car forum? Those companies are storing your password and you have no idea what encryption algorithm they're using. A recent article I read gave three hackers a list of encrypted logins using a weak encryption method. Within an hour, over 60% (thousands) of passwords were cracked. In under 24 hours, over 80% were compromised. (Read the excellent article here: How crackers ransack passwords like “qeadzcwrsfxv133)
There is hope, however. Using a software program (such as KeePass) to manage your passwords and even provide randomized 24 character strings can help you be in the 10-20% of accounts that withstands such an attack. KeePass can be downloaded on your PC, Mac, Linux box, or your iOS/Android phone. If you sync it with Dropbox, you can have it available anywhere you go.
http://bu.rri.to/2008/11/06/dropbox-...gement-system/
A quote from the first article referenced above:
As an added point, a close friend of mine just lost her dad to a heart attack. He was only in his 50s, but thankfully for her he DID have a password manager. It made it easy for her to login to his banking, retirement, and credit card accounts to make arrangements for his estate. I'm sure some of the passwords had been changed or weren't updated, but she had the website info and username so she was able to reset his password. If anyone ever gets your e-mail address password, they potentially have access to ANY account linked to that e-mail address (resetting bank password, opening another account with a debit card under your user, changing your address, then transferring funds to that debit card account and withdrawing everything - all within 7 days).
http://keepass.info/
There is hope, however. Using a software program (such as KeePass) to manage your passwords and even provide randomized 24 character strings can help you be in the 10-20% of accounts that withstands such an attack. KeePass can be downloaded on your PC, Mac, Linux box, or your iOS/Android phone. If you sync it with Dropbox, you can have it available anywhere you go.
http://bu.rri.to/2008/11/06/dropbox-...gement-system/
A quote from the first article referenced above:
In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.
The list of "plains," as many crackers refer to deciphered hashes, contains the usual list of commonly used passcodes that are found in virtually every breach involving consumer websites. "123456," "1234567," and "password" are there, as is "letmein," "Destiny21," and "pizzapizza." Passwords of this ilk are hopelessly weak. Despite the additional tweaking, "p@$$word," "123456789j," "letmein1!," and "LETMEin3" are equally awful. But sprinkled among the overused and easily cracked passcodes in the leaked list are some that many readers might assume are relatively secure. ":LOL1313le" is in there, as are "Coneyisland9/," "momof3g8kids," "1368555av," "n3xtb1gth1ng," "qeadzcwrsfxv1331," "m27bufford," "J21.redskin," "Garrett1993*," and "Oscar+emmy2."
As an added point, a close friend of mine just lost her dad to a heart attack. He was only in his 50s, but thankfully for her he DID have a password manager. It made it easy for her to login to his banking, retirement, and credit card accounts to make arrangements for his estate. I'm sure some of the passwords had been changed or weren't updated, but she had the website info and username so she was able to reset his password. If anyone ever gets your e-mail address password, they potentially have access to ANY account linked to that e-mail address (resetting bank password, opening another account with a debit card under your user, changing your address, then transferring funds to that debit card account and withdrawing everything - all within 7 days).
http://keepass.info/
Super Moderator
Joined: Sep 2001
Posts: 10,795
Likes: 5
From: Pflugerville, TX
Vehicle: 2000 Elantra
Don't do stuff online that exposes you to loss if compromised, problem solved!
My password manager is a page in the back of a plain-looking book on a full bookshelf. My wife knows where it is. All the passwords are made up on the spot and written down, with caps and lower case as well as numbers and characters if the login form allows.
Yes, written down. That way when a cracker breaks your password program, you're not screwed.
My password manager is a page in the back of a plain-looking book on a full bookshelf. My wife knows where it is. All the passwords are made up on the spot and written down, with caps and lower case as well as numbers and characters if the login form allows.
Yes, written down. That way when a cracker breaks your password program, you're not screwed.
Thread Starter
Administrator
Joined: Oct 2002
Posts: 13,943
Likes: 0
From: ɯooɹpǝq ɹnoʎ
Vehicle: ǝdnoɔ sısǝuǝƃ
That's very true. Many people reuse the same password. It's VERY hard to remember 20 different logins, ESPECIALLY in a corporate environment when you have to change them every 90 days. Managing your passwords in some form like described above is one way to help NOT reuse passwords.
Another approach is to setup a password phrase, like (DO NOT USE THIS) apple12345678.
For HA, make your password apple1234HA5678
for your bank, make your password apple1234BANK5678
for your home computers, make your password apple1234HOME5678
for your twitter account, make it apple1234TWIT5678
obviously, don't use apple12345678, use something longer, something you can remember, and something that wouldn't be easily found in a dictionary list. Don't use sequential numbers, EVER. Consider using a phone number. hippoarea codeHA7digitcell# so it's hippo123HA5552013. Now that you understand the convention I'm attempting to explain, take it a step further, find your own word or phrase, and split it up (hyun555daiBANKtib2001uron). "tib" and "uron" likely won't exist in a dictionary list but hyundai and tiburon LIKELY would.
Do NOT use common dates, actually avoid using dates. Do not use the current or recent year. Don't use Summer2013 - passwords that expire every 90 days falls into different seasons and these sort of passwords are always on a crackers list. It is not secure.
Another approach is to setup a password phrase, like (DO NOT USE THIS) apple12345678.
For HA, make your password apple1234HA5678
for your bank, make your password apple1234BANK5678
for your home computers, make your password apple1234HOME5678
for your twitter account, make it apple1234TWIT5678
obviously, don't use apple12345678, use something longer, something you can remember, and something that wouldn't be easily found in a dictionary list. Don't use sequential numbers, EVER. Consider using a phone number. hippoarea codeHA7digitcell# so it's hippo123HA5552013. Now that you understand the convention I'm attempting to explain, take it a step further, find your own word or phrase, and split it up (hyun555daiBANKtib2001uron). "tib" and "uron" likely won't exist in a dictionary list but hyundai and tiburon LIKELY would.
Do NOT use common dates, actually avoid using dates. Do not use the current or recent year. Don't use Summer2013 - passwords that expire every 90 days falls into different seasons and these sort of passwords are always on a crackers list. It is not secure.
