BlueBear
Trail Wise!
@GoBlueHiker
Posts: 3,224
|
Post by BlueBear on Aug 31, 2016 7:33:30 GMT -8
Just recently about 60+ million Dropbox usernames and encrypted passwords (which can be deciphered by brute-force methods offline) were hacked and released online. I have a Dropbox account and realized I really need to change my password. If you have accounts online and have the same username/password for years, odds are you've had at least one of your usernames hacked (probably without your knowledge). Enter your email(s) / username(s) at haveibeenpwned.com/ to see if they've been recently-hacked anywhere. Check it now if you're curious. Any account that pops up, it'd be good to change the password immediately (so that way your old decrypted password will be worthless if they attempt to access your account with it). Since it's impossible to remember unique, truly-secure passwords for umpteen-million accounts without keeping a cue-card in your wallet (very bad idea), it's actually not a bad idea to get ahold of an online password manager these days. PC Mag here has a decent list of password managers available (there are free versions too, although many don't have all the features). That way you can use an online random-password-generator to create truly-unique passwords for every account and keep track of them in the manager. I have no affiliation with any of these companies, just hoping to get the word out. Most people don't do a good job maintaining secure account passwords. An ounce of prevention is worth a pound of cure, as they say. - Mike
|
|
desert dweller
Trail Wise!
Power to the Peaceful...Hate does not create.
Posts: 6,291
|
Post by desert dweller on Aug 31, 2016 8:11:53 GMT -8
It appears that my email address was breached during the great Adobe compromise of 2013.
|
|
rebeccad
Trail Wise!
Writing like a maniac
Posts: 12,709
|
Post by rebeccad on Aug 31, 2016 8:19:11 GMT -8
A good reminder, Mike. I checked, and deleted the account that was apparently breached (saw no reason to keep it as it was a service I don't use). It's probably time to change my other accounts, too.
|
|
tigger
Trail Wise!
Posts: 2,547
|
Post by tigger on Aug 31, 2016 8:24:51 GMT -8
Just as a heads up...many password managers have also been hacked.
|
|
zeke
Trail Wise!
Peekaboo slot 2023
Posts: 9,894
|
Post by zeke on Aug 31, 2016 8:25:49 GMT -8
I change my passwords on a regular basis, and carry a card with me that only holds hints. A person would have to know me pretty well, and get some lucky guesses, to know which Password was hinted at by something like "fruit". Sometimes I use favorite books and the hint might be "8th grade" for when I first read that book. Oh, and my Passwords to financial accounts are even more protected, as they are all in my head. If I forget how to log on to FB, well I can wait until I get home.
|
|
|
Post by Lamebeaver on Aug 31, 2016 9:05:20 GMT -8
Yes, but the passwords I use on those accounts are different that the ones I use for banking, etc.
|
|
FamilySherpa
Trail Wise!
Tangled up in Rhododendron
Posts: 1,791
|
Post by FamilySherpa on Aug 31, 2016 9:18:48 GMT -8
Good news — no pwnage found! Woohoo! Feel like i've won the lottery.
|
|
BlueBear
Trail Wise!
@GoBlueHiker
Posts: 3,224
|
Post by BlueBear on Aug 31, 2016 9:49:18 GMT -8
It appears that my email address was breached during the great Adobe compromise of 2013. So was mine.
|
|
|
Post by Coolkat on Aug 31, 2016 10:08:19 GMT -8
Since it's impossible to remember unique, truly-secure passwords for umpteen-million accounts without keeping a cue-card in your wallet (very bad idea), This is so true but as Tigger has pointed out even password managers like Lastpass have been hacked. You're also right in that it would be nearly impossible to remember a randomly generated 20 character password for every account. However, most people will never even attempt to do this. So I recommend memorizing a 12 character (random garbage) base password. Then for every account create a "formula" from looking at the website. For instance. If you have an account on www(dot)1234abcde(dot)com Your formula could be to take last two characters of the url + the first 3 characters in reverse order. So in this case it would "de321" Your password for that website would then be Your12CharacterBassPassword + de321. This way you have a very unique password for every website you visit and only have to remember the first 12 characters.
|
|
reuben
Trail Wise!
Gonna need more Camels at the next refugio...
Posts: 11,213
Member is Online
|
Post by reuben on Aug 31, 2016 12:51:55 GMT -8
Not since I spent a week with tigger in a one man tent.
|
|
RumiDude
Trail Wise!
Marmota olympus
Posts: 2,361
|
Post by RumiDude on Aug 31, 2016 16:40:17 GMT -8
Don't set them up with truthful answers! Instead set them up by first thinking up a nonsensical word - say 'fonyboo': Sorry, it's against my religion to lie. Rumi <~~~~~~~cannot tell a lie
|
|
BlueBear
Trail Wise!
@GoBlueHiker
Posts: 3,224
|
Post by BlueBear on Aug 31, 2016 17:13:55 GMT -8
Owning nothing and having nothing pretty much insures me from the financial fears of modern life. My life can be settled for less than $5K. That includes cremation. My passwords are dead fish to scammers. Which doesn't really prevent anyone from quickly acquiring a few hundred or thousand bucks of goods or services in your name and leaving you to argue the bill. The sums don't have to be huge to make it worthwhile for a scammer.
|
|
BlueBear
Trail Wise!
@GoBlueHiker
Posts: 3,224
|
Post by BlueBear on Aug 31, 2016 18:50:31 GMT -8
Mike I know there are places in the PNW where you can go jump. Someone disagreeing with you is not inherently a personal assault, @tdale. I wasn't insulting you, I just beleive your notion of "I'm poor, therefore all my online accounts are safe" isn't all that sound.
|
|
Hungry Jack
Trail Wise!
Living and dying in 3/4 time...
Posts: 3,809
|
Post by Hungry Jack on Aug 31, 2016 19:03:28 GMT -8
All that time spent looking at Latvian transvestite lumberjack porn, and I get pwned over Linux Mínt. Go figure.
|
|
amaruq
Trail Wise!
Call me Little Spoon
Posts: 1,264
|
Post by amaruq on Sept 1, 2016 3:46:37 GMT -8
Dang, junkmail address shows MySpace account was compromised and my work address shows LinkedIn was compromised. Guess I'll have to finally take MySpace out back...
|
|