Jump to content



Sign up for a free account to remove the pop-up ads

Signing up for an account is fast and free. As a member you can join in the conversation, enter contests and remove the pop-up ads that guests get. Click here to create your free account.

Photo
- - - - -

Change your trivial passwords


  • You cannot start a new topic
  • Please log in to reply
17 replies to this topic

#1 of 18 OFFLINE   DaveF

DaveF

    Moderator



  • 14,337 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted April 19 2014 - 06:26 PM

My twitter account was hacked and spam posted. The password was one I've used for over a decade online. It was vulnerable to dictionary attack. Fortunately, my account wasn't modified, and I updated my password to something incomprehensible and unhackable. I also changed my Facebook and HTF passwords. Especially HTF, which used the same 10+ year old password.

I also noted that Facebook has great logs of all the computers I logged in from, and let me disable outdated connections. Twitter: nothing. No idea where the hack might have come from (not that it matters). But it reinforced my preference of Facebook over Twitter for my practical needs.

I recommend you change any simple passwords for high-profile websites.
  • Sam Posten likes this

#2 of 18 ONLINE   Mike Frezon

Mike Frezon

    Studio Mogul



  • 30,235 posts
  • Join Date: Oct 09 2001
  • LocationRensselaer, NY

Posted April 19 2014 - 06:46 PM

Dave:

 

Seeing as to how you probably didn't mean for the thread title to be "Change, you trivial passwords"...I am changing your thread title to "Change Your Trivial Passwords."

 

:biggrin:

 

(But, if you'd prefer the comma instead...let me know.)


  • Sam Posten and DaveF like this

There's Jessie the yodeling cowgirl. Bullseye, he's Woody's horse. Pete the old prospector. And, Woody, the man himself.Of course, it's time for Woody's RoundUp. He's the very best! He's the rootinest, tootinest cowboy in the wild, wild west!


HTF Rules | HTF Mission Statement | Father of the Bride

Dieting with my Dog & Heart to Heart/Hand in Paw by Peggy Frezon


#3 of 18 OFFLINE   Darren Lewis

Darren Lewis

    Supporting Actor



  • 539 posts
  • Join Date: Jul 17 2000

Posted April 20 2014 - 04:11 AM

Sorry to hear your account got hacked. They're getting more and more sophisticated at cracking passwords. A while back I started using a password manager (very good app that's on Windows and Mac and iOS) and now my passwords are all incomprehensible strings of random numbers, digits and characters.

 

Main problem is using the same password on multiple sites (which I did for years!). If one site get's hacked, they try that same username and password on lots of other sites.


  • DaveF likes this

#4 of 18 OFFLINE   DaveF

DaveF

    Moderator



  • 14,337 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted April 20 2014 - 05:40 AM

Dave:

Seeing as to how you probably didn't mean for the thread title to be "Change, you trivial passwords"...I am changing your thread title to "Change Your Trivial Passwords."

:biggrin:

(But, if you'd prefer the comma instead...let me know.)

Don't you know the great Easter spiritual, "Change, oh Thou trivial password." :D


Thanks.
  • Mike Frezon and Josh Steinberg like this

#5 of 18 OFFLINE   Chuck Anstey

Chuck Anstey

    Screenwriter



  • 1,590 posts
  • Join Date: Nov 10 1998
  • Real Name:Chuck Anstey

Posted April 21 2014 - 06:32 AM

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway?  I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence.  I can't use a password manager because I have to login from several different computers and my phone.



#6 of 18 OFFLINE   schan1269

schan1269

    HTF Expert



  • 14,532 posts
  • Join Date: Jul 04 2012
  • Real Name:Sam
  • LocationChicago-ish/NW Indiana

Posted April 21 2014 - 06:52 AM

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway?  I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence.  I can't use a password manager because I have to login from several different computers and my phone.

 

I use notepad in my phone.

 

I also still use AOL as my "base" for most websites. Seems AOL is long lost to spammers/hackers.

 

AOL is like the joke Bill Maher said about Facebook...

 

"If you want internet privacy, use MySpace..."



#7 of 18 OFFLINE   DaveF

DaveF

    Moderator



  • 14,337 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted April 21 2014 - 09:01 AM

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway? I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence. I can't use a password manager because I have to login from several different computers and my phone.


I've used SplashID for years to keep track of passwords. I also use browser auto fill and , more recently, OS X keychain to hold passwords. These aren't vulnerable to remote brute force attack. (I suppose keychain might be, but I'm aware of problems so far)

Corporate password that can't be recorded is based on keyboard patterns, patterns for changing it, and frequent use.

#8 of 18 OFFLINE   Scott Merryfield

Scott Merryfield

    Executive Producer



  • 10,668 posts
  • Join Date: Dec 16 1998
  • LocationMichigan

Posted April 21 2014 - 09:07 AM

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway?  I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence.  I can't use a password manager because I have to login from several different computers and my phone.

 

I have an app on my phone with all my userid/passwords. At last count, I have 48 different accounts listed between work and personal use. There is absolutely no way I could possibly remember all these without some sort of app. At least this way I only need my phone and to remember one password.



#9 of 18 ONLINE   Mike Frezon

Mike Frezon

    Studio Mogul



  • 30,235 posts
  • Join Date: Oct 09 2001
  • LocationRensselaer, NY

Posted April 21 2014 - 09:08 AM

I have an app on my phone with all my userid/passwords. At last count, I have 48 different accounts listed between work and personal use. There is absolutely no way I could possibly remember all these without some sort of app. At least this way I only need my phone and to remember one password.

 

Scott:

 

What's the app?


There's Jessie the yodeling cowgirl. Bullseye, he's Woody's horse. Pete the old prospector. And, Woody, the man himself.Of course, it's time for Woody's RoundUp. He's the very best! He's the rootinest, tootinest cowboy in the wild, wild west!


HTF Rules | HTF Mission Statement | Father of the Bride

Dieting with my Dog & Heart to Heart/Hand in Paw by Peggy Frezon


#10 of 18 OFFLINE   Chuck Anstey

Chuck Anstey

    Screenwriter



  • 1,590 posts
  • Join Date: Nov 10 1998
  • Real Name:Chuck Anstey

Posted April 21 2014 - 09:10 AM

Re: SplashID.  So you are saying that you put all your passwords in one place "in the cloud" (i.e. China) to increase security?  That doesn't seem very secure because you don't know who is holding your data (and they have full unencrypted access) and hackers only need to go to one place to get it all.



#11 of 18 OFFLINE   jcroy

jcroy

    Screenwriter



  • 1,028 posts
  • Join Date: Nov 28 2011

Posted April 21 2014 - 09:16 AM

A better question to ask is how exactly do the password cracking programs work?

 

More specifically, how exactly are the "dictionaries" being created?



#12 of 18 OFFLINE   Scott Merryfield

Scott Merryfield

    Executive Producer



  • 10,668 posts
  • Join Date: Dec 16 1998
  • LocationMichigan

Posted April 21 2014 - 10:34 AM

Scott:

 

What's the app?

 

I am using PwdHive on my Android-based phone. Not sure if they have an iPhone version.



#13 of 18 OFFLINE   Aaron Silverman

Aaron Silverman

    Lead Actor



  • 9,575 posts
  • Join Date: Jan 22 1999
  • Real Name:Aaron Silverman
  • LocationFlorida

Posted April 21 2014 - 10:39 AM

Android also has aWallet Password Manager.


"How wonderful it will be to have a leader unburdened by the twin horrors of knowledge and experience." -- Mr. Wick

#14 of 18 ONLINE   Jason Charlton

Jason Charlton

    Screenwriter



  • 2,987 posts
  • Join Date: May 16 2002
  • Real Name:Jason Charlton
  • LocationBaltimore, MD

Posted April 21 2014 - 12:21 PM

I have a small thumb drive I can connect to any PC that includes a copy of KeePass on it. It's another password management type application, but is stored locally rather than in the cloud.  I just have to remember the "master" password to access everything else.


Are you new to the Home Theater Forum? Stop by the New Member Introductions area and introduce yourself! See you there!


#15 of 18 OFFLINE   DaveF

DaveF

    Moderator



  • 14,337 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted April 21 2014 - 04:55 PM

Re: SplashID.  So you are saying that you put all your passwords in one place "in the cloud" (i.e. China) to increase security?  That doesn't seem very secure because you don't know who is holding your data (and they have full unencrypted access) and hackers only need to go to one place to get it all.

I don't pay for the cloud sync. Local sync only.

 

I've been using SplashID since about 2002, with a Sony Clie (Palm). The same database has transitioned over a decade, across two Palm devices and and two iPhones and an iPad. It has also survived going from Win98 to WinXP to OS X. It lacks some browser integration features of dedicated password minders, but makes up for it as an all-in-one data minder: credit cards, vehicle VIN & license plate, frequent-flyer accounts, and web passwords (over 200 passwords going back to some of my earliest logins).



#16 of 18 OFFLINE   DaveF

DaveF

    Moderator



  • 14,337 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted April 21 2014 - 04:59 PM

A better question to ask is how exactly do the password cracking programs work?

 

More specifically, how exactly are the "dictionaries" being created?

Brute force and ignorance. Computers are fast enough that every password combination based on common words can be pre-computed and tried against a hacked password hash table. Depending on the login system, they can also be tried against live logins.

 

Wikipedia has an overview:

http://en.wikipedia....ctionary_attack



#17 of 18 OFFLINE   Keith Plucker

Keith Plucker

    Screenwriter



  • 1,051 posts
  • Join Date: Feb 04 1999
  • LocationSacramento

Posted April 22 2014 - 08:14 AM

I believe both Facebook and Twitter now support two factor authentication so if you don't mind the extra step, it provides some extra security.

 

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway?  I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence.  I can't use a password manager because I have to login from several different computers and my phone.

 

LastPass, as well as other password managers I would guess, support "one time use" passwords which would solve this particular problem. Use of a Yubikey with LastPass might also work as a solution.

 

-Keith


As far as I'm concerned, it's a damned shame that a field as potentially dynamic and vital as journalism should be overrun with dullards, bums, and hacks, hag-ridden with myopia, apathy, and complacence, and generally stuck in a bog of stagnant mediocrity. - Hunter S. Thompson, 1958, from cover letter he wrote for a newspaper job.


#18 of 18 OFFLINE   DaveF

DaveF

    Moderator



  • 14,337 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted April 22 2014 - 03:21 PM

So how do you remember all these unhackable passwords, given many places have different rules so you can't use the same password everywhere, which is a bad idea anyway?  I have several logins to places that require I change my password almost monthly with up to the last 12 history and is a PITA to remember each one and where I am in the sequence.  I can't use a password manager because I have to login from several different computers and my phone.

I failed to comment on that, and I don't have an answer. I don't have any systems with monthly password resets.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users