Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 05-10-2016, 11:27   #81
target
Trusted User
 
target's Avatar
 
Join Date: Apr 2002
Location: Loughborough
Posts: 19,192
Thanks: 293
Thanked 4,688 Times in 2,067 Posts
Quote:
Originally Posted by driver8 View Post

And the rather worrying: Pwned Websites - see if your email address or user name is featured in online lists, publicly dumped and readily available.
Nice link! There are 22 email addresses compromised on my domain (I am the only user of it) including one in the Ashley Madison breach. I don't recall having an account there!!
target is offline   Reply With Quote
Old 05-10-2016, 11:31   #82
leemel
Diagnosed Mail Reader
 
Join Date: Apr 2003
Location: Mansfield, near Sherwood Forest
Posts: 6,051
Thanks: 592
Thanked 283 Times in 120 Posts
I still don't trust LastPass and Keepass as if your master password is compromised,and in the case of keepass if someone has physical access to your computer or machine is compromised, then you could be in the crap. I have a formula for normal websites, and one for Financial and sensitive information. Every site has a unique password, as well as I have seperate passwords for work, as if they get compromised, can cause me a lot of work.
leemel is offline   Reply With Quote
Old 05-10-2016, 13:30   #83
The Cleaner
diska diska diska
 
The Cleaner's Avatar
 
Join Date: Jan 2001
Location: London
Posts: 1,326
Thanks: 22
Thanked 22 Times in 21 Posts
I finally moved everything to 1Password this year and regenerated unique passwords for all sites I was aware of that I've created. It was a ballache to do but I'm happier knowing that the impact is much lower as breaches become more common.

The biggest drive to this was IOS8(or 9?) finally allowed the use of 1Password in Safari as an extension to reference/generate passwords and use TouchID to unlock. Such a time saver.
The Cleaner is offline   Reply With Quote
Old 05-10-2016, 13:32   #84
zantarous
Xbox Live tag: wargame
 
zantarous's Avatar
 
Join Date: Oct 2002
Location: London
Posts: 10,964
Thanks: 154
Thanked 306 Times in 222 Posts
Quote:
Originally Posted by leemel View Post
I still don't trust LastPass and Keepass as if your master password is compromised,and in the case of keepass if someone has physical access to your computer or machine is compromised, then you could be in the crap. I have a formula for normal websites, and one for Financial and sensitive information. Every site has a unique password, as well as I have seperate passwords for work, as if they get compromised, can cause me a lot of work.
Unless someone has your device they can't do much with your master password, if you try to configure it with a new device it needs to be activated and authorised by you. You could take it a step further and enable two factor authentication.
zantarous is offline   Reply With Quote
Old 05-10-2016, 14:23   #85
Anthony.S
XBL - AnthonyS UK
 
Join Date: Jul 2000
Location: Alton, Hants
Posts: 3,476
Thanks: 9
Thanked 184 Times in 176 Posts
Quote:
Originally Posted by zantarous View Post
Unless someone has your device they can't do much with your master password, if you try to configure it with a new device it needs to be activated and authorised by you. You could take it a step further and enable two factor authentication.
It is so easy to add 2factor it really should be on by default.
I use either Google authenticator or a Yubikey.
Anthony.S is offline   Reply With Quote
Old 05-10-2016, 14:25   #86
zantarous
Xbox Live tag: wargame
 
zantarous's Avatar
 
Join Date: Oct 2002
Location: London
Posts: 10,964
Thanks: 154
Thanked 306 Times in 222 Posts
I need to look at that as I tried to enable the last pass 2 factor app but ram into an issue. Will look at the Google one
zantarous is offline   Reply With Quote
Old 05-10-2016, 15:44   #87
Stevie G
Dazed and confused
 
Stevie G's Avatar
 
Join Date: Aug 2004
Location: By the seaside
Posts: 12,255
Thanks: 759
Thanked 362 Times in 269 Posts
Quote:
Originally Posted by peg20 View Post
KeePass has android and iphone apps. I keep my KeePass encrypted in BoxCryptor and then inside DropBox (again, both free for non-commercial use and available on android and iphone). So then I have access to my passwords wherever I go.

Hope this helps
I do similar. I keep my Keepass DB in a Dropbox folder so it's replicated across my computers, and then use Kypass pointing to Dropbox to access it on my iPhone and iPad.

I like Keepass as the DB is always on my computer (and backed up) so regardless of any issues with connection or an onine service I know I can always get access to it, and as I use it for all my banking (all the questions, codes, memorable stuff plus photos of number keycards for those that need them) I feel happier having the info there than in a notepad or keeping the letters like a lot of people do.

The way I figure it is someone would need to work out the password on my computers plus the long and unique master password I use for Keepass, or they'd need to hack or guess my Dropbox password plus my Keepass master password to access it all.

The weak link at the moment is probably having finger print allow open it on my iPhone, but I guess that's me being lazy in getting fed up tapping in that long password.
__________________
PSN Gamertag: NoMrMoreNiceGuy
It's all about the scrobbling...
Stevie G is offline   Reply With Quote
Old 08-11-2016, 07:21   #88
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,059
Thanks: 2,848
Thanked 2,953 Times in 1,282 Posts
LastPass is now free on mobile (as well as desktop) -

EDIT - I thought it (almost) seemed too good to be true. Whilst the app is free on all devices, it's of most benefit to phone users who don't browse via mac/windows, as syncing is a premium feature (a reasonable $1/month which I'll probably stump up for). [Catch]
Plus, importing existing passwords from Chrome seems a real pain that I'm currently going through (instructions).




Last edited by driver8; 08-11-2016 at 08:01.
driver8 is offline   Reply With Quote
Old 23-12-2016, 15:09   #89
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,059
Thanks: 2,848
Thanked 2,953 Times in 1,282 Posts
Not so techy, but a good read and a useful roundup -

Eight things you need to do right now to protect yourself online
driver8 is offline   Reply With Quote
Old 23-12-2016, 16:11   #90
The Bear
Old-gold and black member
 
The Bear's Avatar
 
Join Date: Jan 2001
Location: Molineux
Posts: 17,110
Thanks: 506
Thanked 1,711 Times in 591 Posts
I disagree about using the first letters of phrases to generate random passwords.

If you use a random phrase which is personal to you, substitute in certain letters for symbols and numbers, and also add in the site name at the start of the password so that it changes for each site, then I don't see how any brute force attempt can possibly guess it.

For instance I suggested this method to a fellow Wolves fan with the example phrase of "Matt Doherty has been making a hash of defending at Wolves since 2003". That makes the password (say for PayPal) - paypalMDhma#od@Ws2003

What computer could ever guess that correctly?

I use this method for all my passwords nowadays. The bit after the site name stays the same all the time but it's such a random phrase that any computer couldn't possibly randomly guess it.
The Bear is offline   Reply With Quote
Old 25-12-2016, 23:26   #91
Dave B
Stock Photographer
 
Join Date: Mar 2001
Location: Back in the bloody UK!
Posts: 3,623
Thanks: 224
Thanked 37 Times in 30 Posts
Quote:
Originally Posted by The Bear View Post
For instance I suggested this method to a fellow Wolves fan with the example phrase of "Matt Doherty has been making a hash of defending at Wolves since 2003". That makes the password (say for PayPal) - paypalMDhma#od@Ws2003

What computer could ever guess that correctly?
You won't either, your missing a letter!

Dave
__________________
| My GitHub Pages | gamerTag: FatDeadlyDave | Switch: 7317-0703-1128 |
Dave B is offline   Reply With Quote
Old 25-12-2016, 23:32   #92
The Bear
Old-gold and black member
 
The Bear's Avatar
 
Join Date: Jan 2001
Location: Molineux
Posts: 17,110
Thanks: 506
Thanked 1,711 Times in 591 Posts
Oh yeah. I meant "made".
The Bear is offline   Reply With Quote
Old 26-12-2016, 08:49   #93
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,500
Thanks: 621
Thanked 1,825 Times in 637 Posts
But if (in your example) PayPal gets hacked and the passwords identified, all I have to do is change 'PayPal' to 'Tesco' and I've broken into your Tesco account. Change it to 'Gmail' and I've broken into your email account.
Oh and yes, some sites DO still store passwords as plain text, while others use such crude encryption, eg, base 64, so it's easy to decode your password.
So yes, the same passwords across different sites is a bad idea.

Also, annoyingly, many sites don't like your password (or algorithm) as they don't accept hashes, more than 12 characters, or capital letters.

Last edited by Chris Locke; 26-12-2016 at 08:52.
Chris Locke is offline   Reply With Quote
Old 26-12-2016, 14:34   #94
The Bear
Old-gold and black member
 
The Bear's Avatar
 
Join Date: Jan 2001
Location: Molineux
Posts: 17,110
Thanks: 506
Thanked 1,711 Times in 591 Posts
Yeah maximum number of characters has a been a problem on one or two sites.
The Bear is offline   Reply With Quote
Old 05-01-2017, 19:30   #95
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,059
Thanks: 2,848
Thanked 2,953 Times in 1,282 Posts
Passwords are like underwear:
change them often,
keep them private,
don't share them…



Sent from my ONEPLUS A3003 using Tapatalk
__________________
| initiative-Q = free cash! | flickr | FB | eos6d | erazer x6807 | marantz+canton 5.1 | benq w1090 | dt990 | paperwhite | lenovo a10 | redmi note 9s |
driver8 is offline   Reply With Quote
Old 06-01-2017, 09:39   #96
ascender
Trusted User
 
Join Date: Oct 2005
Location: Schottland
Posts: 5,355
Thanks: 306
Thanked 125 Times in 101 Posts
I've started using 1Password as well to store them and generate new unique passwords for sites. Works very well with TouchID on the iPhone and now the Mac laptops too.
ascender is offline   Reply With Quote
Old 06-01-2017, 11:07   #97
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,500
Thanks: 621
Thanked 1,825 Times in 637 Posts
Quote:
Originally Posted by driver8 View Post
Passwords are like underwear:
use them and then turn them inside out?
Chris Locke is offline   Reply With Quote
Old 06-01-2017, 11:28   #98
Stevie G
Dazed and confused
 
Stevie G's Avatar
 
Join Date: Aug 2004
Location: By the seaside
Posts: 12,255
Thanks: 759
Thanked 362 Times in 269 Posts
And back to front
__________________
PSN Gamertag: NoMrMoreNiceGuy
It's all about the scrobbling...
Stevie G is offline   Reply With Quote
Old 09-01-2017, 11:55   #99
Wooglie
Rurouni
 
Wooglie's Avatar
 
Join Date: May 2001
Location: Farnborough
Posts: 6,110
Thanks: 1,668
Thanked 1,114 Times in 476 Posts
I've recently took the plunge and set up KeePass so I have unique passwords for all the different sites. Seems to be working well for me.
Wooglie is offline   Reply With Quote
Old 12-03-2017, 06:59   #100
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,059
Thanks: 2,848
Thanked 2,953 Times in 1,282 Posts
Interesting article and subsequent discussion here, at codinghorror.com -

Password Rules are BS

(I needed to use a link shortener cos of the URL sweary).
driver8 is offline   Reply With Quote
Reply

Bookmarks

Tags
hacking, passwords, Phishing, threat

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
It's time to update my web site.... Guest 17513 Computing Forum 42 15-03-2012 15:21
Nokia: Auto-update of date & time Guest 20850 Mobile Phone and Satellite Navigation Forum 11 02-11-2008 01:18
SE W950i time update problem MaleStrom Mobile Phone and Satellite Navigation Forum 1 17-04-2007 19:11
Windows Update time again internetuser Computing Forum 10 10-02-2005 01:33

All times are GMT. The time now is 15:03.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.qq
Copyright ©2000 - 2021 Network N Ltd.