|
#1
|
|||
|
|||
Quote:
I would never use a public computer for any of my password protected accounts. I would never put personal information on a personal computer. |
#2
|
|||
|
|||
Quote:
Just use a password manager and generate unique passwords for each site. DIY spreadsheet or physical notebook can work, but you then need to sync it across multiple devices for backups et cetera. Your three most likely mistakes you'll make online are probably: - entering your credentials on a very believable phishing site - having one of the many sites that you've reused your passwords leak that password - buying stuff you don't need on Paceline |
#3
|
|||
|
|||
I love this forum and all, but if there's one place I worry about a leak, it would be here. We're running on super outdated software.
So make sure your Paceline password is different from any other site. |
#4
|
|||
|
|||
Quote:
I sure hope that's a low, low number, because doing so would be truly foolish, especially if that pw is used for anything remotely important. |
#5
|
||||
|
||||
Quote:
If criminals start using big data and AI to figure this out, it's game over anyway. Might as well just leave my wallet on the driveway.
__________________
Colnagi Seven Sampson Hot Tubes LiteSpeed SpeshFatboy |
#6
|
|||
|
|||
Quote:
"Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes." People tend to think of attacks like this as directly targeting them. Everyone is being targeting. You only lose if your online behavior, weak password or password reuse even partials, is susceptible to these attacks. |
#7
|
|||
|
|||
Quote:
One option is to keep a second app that isnt web-based, like KeePass, which stores all your passwords on an encrypted database on your device. So if your regular web-based service goes down, youre not without your passwords. Only pain would be having to manually sync passwords that you add or change to KeePass, but im sure theres a way to sync it automatically... |
#8
|
|||
|
|||
I work in Cybersecurity as well and what I tell friends/family/co-workers is:
- Use a password manager - Have it create and store the passwords for you (15 characters minimum but the more the better) - DO NOT use the same password for multiple accounts/services - Make sure ALL accounts/services are setup for multi-factor authentication - Your email password should be the STRONGEST password (because if hackers can into your email they can often reset passwords for all other accounts/services since most people do not use multi-factor authentication) - Your password manager should have your second strongest password - Write your eMail and Password Manger passwords on an index card (yes, I mean paper) and store them safely some place in your home. DO NOT save them anywhere else. Many commercial password managers can be (or have been) broken. Nothing is perfect. The safest method is to keep everything on paper, locked away at home, and never share with anyone. Multi-factor authentication is not perfect. Hackers have found interesting ways to get around it (i.e. they can clone your mobile number to receive the multi-factor code you need to authorize yourself to a system after entering the password they have been able to figure out or steal from you). The point is, most hackers are lazy so if you use a few different methods to protect yourself, hackers will move on and try to terrorize another person who may not have safeguards in place. Be careful out there. |
#9
|
|||
|
|||
Quote:
|
#10
|
||||
|
||||
any recs for a password manager from someone in the industry?
Quote:
__________________
Be the Reason Others Succeed |
#11
|
|||
|
|||
Any good system shouldn’t be particularly vulnerable to credential stuffing and brute force attacks. It should detect that and insert delays or completely reject the requests after a small number of guesses.
Those attacks work well if the hacker has already breached the system and dumped databases and the database is storing passwords in a poor or well known way. “Capture the password file” is a great first step in any kind of breach so of course a look work goes into making that hard. |
#12
|
|||
|
|||
Just wanted to reiterate what has been said (and is just as important as using strong passwords):
Use different passwords on every account. Last edited by VeloceNiente; 04-20-2024 at 04:04 PM. |
#13
|
|||
|
|||
You must mean every account. Every login would be nuts.
|
#14
|
|||
|
|||
I meant the noun form of ‘login’, but ‘account’ is clearer. Edited.
|
#15
|
||||
|
||||
funny enough, after reading this thread I went and changed my BoA credit card password to a random one from the Apple/Chrome extension password generator.. went for a ride, came back and just got a text that my card had a charge that had been declined for suspicious activity.. coincidence I'm sure, but just a little funny.. went through the process to get two charges taken off and and new card and changed my password once again.. I assume it was from a skimmer or something similar and not an account hack..
__________________
Be the Reason Others Succeed |
|
|