Change your trivial passwords

Discussion in 'After Hours Lounge (Off Topic)' started by DaveF, Apr 19, 2014.

  1. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    17,485
    Likes Received:
    1,373
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    My twitter account was hacked and spam posted. The password was one I've used for over a decade online. It was vulnerable to dictionary attack. Fortunately, my account wasn't modified, and I updated my password to something incomprehensible and unhackable. I also changed my Facebook and HTF passwords. Especially HTF, which used the same 10+ year old password. I also noted that Facebook has great logs of all the computers I logged in from, and let me disable outdated connections. Twitter: nothing. No idea where the hack might have come from (not that it matters). But it reinforced my preference of Facebook over Twitter for my practical needs.I recommend you change any simple passwords for high-profile websites.
     
    Sam Posten likes this.
  2. Mike Frezon

    Mike Frezon Moderator
    Moderator

    Joined:
    Oct 9, 2001
    Messages:
    38,440
    Likes Received:
    5,721
    Location:
    Rensselaer, NY
    Dave:

    Seeing as to how you probably didn't mean for the thread title to be "Change, you trivial passwords"...I am changing your thread title to "Change Your Trivial Passwords."

    :D

    (But, if you'd prefer the comma instead...let me know.)
     
    DaveF and Sam Posten like this.
  3. Darren Lewis

    Darren Lewis Supporting Actor

    Joined:
    Jul 17, 2000
    Messages:
    534
    Likes Received:
    1
    Sorry to hear your account got hacked. They're getting more and more sophisticated at cracking passwords. A while back I started using a password manager (very good app that's on Windows and Mac and iOS) and now my passwords are all incomprehensible strings of random numbers, digits and characters.

    Main problem is using the same password on multiple sites (which I did for years!). If one site get's hacked, they try that same username and password on lots of other sites.
     
    DaveF likes this.
  4. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    17,485
    Likes Received:
    1,373
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    Don't you know the great Easter spiritual, "Change, oh Thou trivial password." :DThanks.
     
    Josh Steinberg and Mike Frezon like this.
  5. Chuck Anstey

    Chuck Anstey Screenwriter

    Joined:
    Nov 10, 1998
    Messages:
    1,624
    Likes Received:
    102
    Real Name:
    Chuck Anstey
    So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway? I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence. I can't use a password manager because I have to login from several different computers and my phone.
     
  6. schan1269

    schan1269 HTF Expert
    HW Reviewer

    Joined:
    Jul 4, 2012
    Messages:
    17,112
    Likes Received:
    899
    Location:
    Chicago-ish/NW Indiana
    Real Name:
    Sam
    I use notepad in my phone.

    I also still use AOL as my "base" for most websites. Seems AOL is long lost to spammers/hackers.

    AOL is like the joke Bill Maher said about Facebook...

    "If you want internet privacy, use MySpace..."
     
  7. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    17,485
    Likes Received:
    1,373
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    I've used SplashID for years to keep track of passwords. I also use browser auto fill and , more recently, OS X keychain to hold passwords. These aren't vulnerable to remote brute force attack. (I suppose keychain might be, but I'm aware of problems so far)Corporate password that can't be recorded is based on keyboard patterns, patterns for changing it, and frequent use.
     
  8. Scott Merryfield

    Scott Merryfield Executive Producer
    Supporter

    Joined:
    Dec 16, 1998
    Messages:
    11,791
    Likes Received:
    827
    Location:
    Michigan
    I have an app on my phone with all my userid/passwords. At last count, I have 48 different accounts listed between work and personal use. There is absolutely no way I could possibly remember all these without some sort of app. At least this way I only need my phone and to remember one password.
     
  9. Mike Frezon

    Mike Frezon Moderator
    Moderator

    Joined:
    Oct 9, 2001
    Messages:
    38,440
    Likes Received:
    5,721
    Location:
    Rensselaer, NY
    Scott:

    What's the app?
     
  10. Chuck Anstey

    Chuck Anstey Screenwriter

    Joined:
    Nov 10, 1998
    Messages:
    1,624
    Likes Received:
    102
    Real Name:
    Chuck Anstey
    Re: SplashID. So you are saying that you put all your passwords in one place "in the cloud" (i.e. China) to increase security? That doesn't seem very secure because you don't know who is holding your data (and they have full unencrypted access) and hackers only need to go to one place to get it all.
     
  11. jcroy

    jcroy Screenwriter

    Joined:
    Nov 28, 2011
    Messages:
    1,793
    Likes Received:
    394
    Real Name:
    jr
    A better question to ask is how exactly do the password cracking programs work?

    More specifically, how exactly are the "dictionaries" being created?
     
  12. Scott Merryfield

    Scott Merryfield Executive Producer
    Supporter

    Joined:
    Dec 16, 1998
    Messages:
    11,791
    Likes Received:
    827
    Location:
    Michigan
    I am using PwdHive on my Android-based phone. Not sure if they have an iPhone version.
     
  13. Aaron Silverman

    Aaron Silverman Executive Producer

    Joined:
    Jan 22, 1999
    Messages:
    10,759
    Likes Received:
    576
    Location:
    Florida
    Real Name:
    Aaron Silverman
    Android also has aWallet Password Manager.
     
  14. Jason Charlton

    Jason Charlton Ambassador

    Joined:
    May 16, 2002
    Messages:
    3,531
    Likes Received:
    395
    Location:
    Baltimore, MD
    Real Name:
    Jason Charlton
    I have a small thumb drive I can connect to any PC that includes a copy of KeePass on it. It's another password management type application, but is stored locally rather than in the cloud. I just have to remember the "master" password to access everything else.
     
  15. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    17,485
    Likes Received:
    1,373
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    I don't pay for the cloud sync. Local sync only.

    I've been using SplashID since about 2002, with a Sony Clie (Palm). The same database has transitioned over a decade, across two Palm devices and and two iPhones and an iPad. It has also survived going from Win98 to WinXP to OS X. It lacks some browser integration features of dedicated password minders, but makes up for it as an all-in-one data minder: credit cards, vehicle VIN & license plate, frequent-flyer accounts, and web passwords (over 200 passwords going back to some of my earliest logins).
     
  16. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    17,485
    Likes Received:
    1,373
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    Brute force and ignorance. Computers are fast enough that every password combination based on common words can be pre-computed and tried against a hacked password hash table. Depending on the login system, they can also be tried against live logins.

    Wikipedia has an overview:
    http://en.wikipedia.org/wiki/Dictionary_attack
     
  17. Keith Plucker

    Keith Plucker Screenwriter
    Supporter

    Joined:
    Feb 4, 1999
    Messages:
    1,141
    Likes Received:
    59
    Location:
    Sacramento/Seattle
    Real Name:
    Keith Plucker
    I believe both Facebook and Twitter now support two factor authentication so if you don't mind the extra step, it provides some extra security.
    LastPass, as well as other password managers I would guess, support "one time use" passwords which would solve this particular problem. Use of a Yubikey with LastPass might also work as a solution.

    -Keith
     
  18. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    17,485
    Likes Received:
    1,373
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    I failed to comment on that, and I don't have an answer. I don't have any systems with monthly password resets.
     

Share This Page