Announcement

Collapse
No announcement yet.

Password Security

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password Security

    I just got an email today from one of my other message boards, stating that there had been an attempt to access my account 5 times and that it had been locked out for 15 minutes. It also stated what IP address it came from.

    I ran a whois on the IP address and it came up hosted at "LeonLundberg-net" - which apparently is near/in Russia.

    Yeah. Someone was trying to hack my account, possibly because I hadn't used my account in 3 years.



    So, of course, I changed my password. I mentioned it to my BF and he brought up something that I had never thought of.

    Me: it makes me sad that they would try hacking <very small forum>
    BF: data mining
    Me: Huh?
    BF: They hack a small forum because many people have the same password as on their other accounts.


    so ... I don't know if that's why they were trying to get to my account or not. It's not even a username I use very often... I pretty much only used it for EQ, a couple of EQ-based fansites, and <very small forum>. So even if they hacked the old (or new) password they wouldn't get much out of it but still.... it bears thinking about.

  • #2
    Annoying, isn't it?

    What I find funny are the phishing emails telling me that some game I have never played since it went live is pissed that I am trying to sell my account ... [I beta tested lots of games in my day, and rarely ever bother playing them once they go live because I typically didn't enjoy the game.]

    And I *finally* got one of the Windows is hit by a virus, follow our instructions exactly calls so I cranked up my memory of booting in and mucking around on my amiga
    EVE Online: 99% of the time you sit around waiting for something to happen, but that 1% of action is what hooks people like crack, you don't get interviewed by the BBC for a WoW raid.

    Comment


    • #3
      I use a different password on every site. I have hundreds of them. They are easy to remember - I use Roboform. That means I only have to remember one password and the rest are automatic.

      I suppose the only drawback to that is if the crooks get a copy of my Roboform data and manage to crack the encryption on that, then find the sites with my money and crack the number tokens I have for the really important sites.

      That's all. I know my security tokens can (in theory) be cracked, but it would be much easier to try some other person with a password of 1234 (that sounds like the code an idiot would put on his luggage).

      The point is:- If you make it easy to remember your passwords (I.E. Roboform) it then becomes easy to have a different one for everything and to use security tokens for the really important ones.

      Otherwise you might as well drop your money in the street and don't bother looking for it.

      Comment


      • #4
        I'll admit, I use similar passwords on a lot of minor sites. It's lazy of me, I know, but honestly I've never really cared enough to fix it, and there's no real damage someone could do with them

        Now, my important passwords? The ones connected to my money? Good luck guessing those if you figure out my CS.com password
        "That's too bad. Hospitals aren't fun to fight through."
        "What IS fun to fight through?"
        "Gardens. Electronics shops. Antique stores, but only if they're classy."

        Comment


        • #5
          Based under that, if you don't plan on going back to that forum, what I'd do is, 1) delete the account completely, if not possible then I would - create a free email address you don't care about with a stupidly simple password, delete all personal data about yourself (if you can't delete the account entirely), change the email address associated with this account to the new junk mail account and then change the password to the forum account to one also stupidly simple.

          My theory is that they are not only looking to hack your other accounts, but also to add another password to try to use against hacking other sites. If you don't care about it, then this would give them nothing new to use, and nothing to use in hacking your other accounts.

          Comment


          • #6
            I have levels of passwords.

            The stuff for my bank, paypal, amazon, email and various utilities and MMORPGs I change monthly.

            Stuff like message boards and webpages that really don't have anything important I use one password for all of them, and generally the same log in. Makes it easy, and I really don't care if they get compromised, it isn't like CS or Straight Dope are all that important in the grand scheme of things [or cooks illustrated] For stuff like New York Times or other news or blogs I use a specific email that almost never gets checked, great for spamcatching. Generally manages to keep spam at my regular 4 email addresses to a minimum.
            EVE Online: 99% of the time you sit around waiting for something to happen, but that 1% of action is what hooks people like crack, you don't get interviewed by the BBC for a WoW raid.

            Comment

            Working...
            X