Just curious, will the update add a security feature option to perhaps text your cell a ID verification code if you are changing PWs, etc... like other websites?
1 - 20 of 76 Posts
The root of the problem is that many people use the same password for multiple things. So by hacking in here, the hackers could get access to other parts of your life. Complex passwords and passwords that are different for each site are a smart way to be on the internet in this day and age.
Here is some advice I give out all of the time.....
Here is some advice I give out all of the time.....
Subject: Passwords are a pain.....
Complex/long passwords are required in order to increase the difficulty for hackers to gain access to your information. Complex passwords are comprised of upper/lowercase letters, numbers and punctuation. I'll be up front with you, complex passwords make my head hurtBe aware that longer passwords are better, even if not complex.
A best practice is to not use the same password on different sites, especially financial institutions. If someone were able to hack into your Facebook account do you want them getting to your checking account?
What if you could develop a pattern to your passwords that only you would know? What if this pattern meant you would never need to memorize a password? Below is an example of a pattern that can create a complex password, unique for every website, and make it so you don't have to memorize passwords.
Note: this is an example only, alter it for your own use as you see fit. I either use sports phrases or funny phrases. So let’s work through a few examples with the phrase “I hate fat cats”
So in my mind the phrase is easy to remember but I change it up, I use h8 for hate, capitalize the I and F, and add the # sign for complexity the phrase becomes Ih8Fatcats# <- 11 characters already!!!
I use part of the website name in the password for that site. So, for my pattern I may choose to use the first 4 letters of the site. FACEbook becomes FACE
Now to work that into the password patterns
If I wanted to create a password on SUNTrust.com
Ih8FatSUNTcats# Would be my password, an 15 character password!!!
Ih8FatFACEcats# Would be my password for FACEbook
Ih8FatPAYPcats# Would be my password for PAYPal, etc.
A human hacker may be able to figure your particular pattern, but most hackers program computers to do the hacking. The computers will not “see” the pattern unless somehow they get more than one of your passwords. Once a hacker has one of your password they have computers setup to try that password on a large number of sites. So for example if they have your Facebook password the first thing they do is have a computer check if the password works on Wells Fargo, Gmail, Hotmail, SunTrust, PayPal, Bank of America, Amazon, etc.…. (probably hundreds if not thousands of sites).
Just as a final note, you may want more than one pattern, for example high (i.e. money/email), medium (i.e. medical) and low security (social media).
Basically by remembering your pattern(s) you can figure out any password for any of your websites, but they are all unique.
Two-factor is the way to go and I'd love to see all sites implement it.
Remember, it's the accounts you don't care about that hackers use to gain access to the accounts you do care about. Relax people, this is a good thing. They're only asking a password change once every year. Even Beezer hasn't baked enough brain cells to make it impossible to remember a new password every year.
If it's that big of a deal, set yourself up with a password manager. I use LastPass and all of my passwords look like this:
X8+uh5tr_r2chek!
I have no idea what any of them are to be honest, but I never type them in so it doesn't matter. I only have one really complex password that I remember, which is the one I use to access LastPass itself.
Remember, it's the accounts you don't care about that hackers use to gain access to the accounts you do care about. Relax people, this is a good thing. They're only asking a password change once every year. Even Beezer hasn't baked enough brain cells to make it impossible to remember a new password every year.
If it's that big of a deal, set yourself up with a password manager. I use LastPass and all of my passwords look like this:
X8+uh5tr_r2chek!
I have no idea what any of them are to be honest, but I never type them in so it doesn't matter. I only have one really complex password that I remember, which is the one I use to access LastPass itself.
Figured I'd toss this in here since I am an active member over at HackThisSite.org, I've seen a lot of mention about what someone can gain from a social media site. Well true not much, but in the right hands and with a load of patience there is quite a bit to gain. Someone mentioned using Google to find people, yes this works...hell I've done it to multiple dickweasels on the internet, and have used IP pings to locate those retards who keep emailing me about my foreclosing mortgage which is under my fully legal name of Demosthenes Locke. The issue is thus, who here has ever heard of LightBeam?, no? I'll explain you see when you do anything that involves the ol' www today information is almost immediately shared, LightBeam for Firefox allows you to see where each site sends your browsing data, how to get around this? It is quite hard you could drop down the tubes with a TOR browser, but thats a lot of hassle for the average PC user, you could setup a VPN because masking your IP is something everyone should know how to do, another good method is IP 'bouncing' aka mock locations little harder to setup but it does offer a lot of protection sites just take longer to load.
Now to why even a social media site is dangerous, while back...and yes this was something I did to a guy on the internet being a ******. On an online game nonetheless, with nothing but his IP conveniently snagged using an element inspector on a shoddily constructed site for the game I myself got all these things on one person:
full name
address
relatives names
relative addresses
phone numbers
facebooks
jobs
jobs numbers
the exact extension to his desk
his supervisors name
supervisors number
license plates
emails (gave up at 5 different accounts)
his websites visited
and the best part?, didnt have to go anywhere near his pc, didnt break any laws, as far as I know google helped me more than anything
now what did I do with all of this?, tossed it into a private message to him and watched laughing as he flipped out. But anyone else ......wow the possibilities are endless
Through some simple HTML and a picture in a forum posts, I can gain a lists of IP addresses because every time someone clicks that image it will be dumped to my notepad, its really easy and steps are on google
So, dont think someone accessing your social media cant get anything, look at what I did through an online game, and im far from a coding genius, hell Im just starting out coding
but this all seems caused by a web browser extension, yet another easily preventable situation, thats the thing viruses, identity theft, data breaches 99% are caused by lack of common caution and sense
passwords are a very real issue, and while ive never used a password manager like some have mentioned here, it does make me wonder what happens if the password managers get hacked, they just got Kaspersky a while back it can happen
my passwords, different for every site always over 20 characters, numbers, symbols, upper case, lower case, and if they allow spaces. My password manager ? something the internet cant steal my little black book hidden in my file cabinet
why all the different kinds, well if you ever tried cracking a password the more complex the more combinations the pc has to try, read somewhere once that even adding one uppercase letter and one number to a password almost triples the amount of time the average hackers password cracker takes to crack it.
Its your data, and you arent safe anywhere.....never think you are.
Also heres a picture of what it looks like when you go digging into a website with element inspector
(sorry triple monitor setup so its a big screen lol)
for the record no I dont endorse this crap I'm as paranoid as it gets but understand to fight something its best to know how it works
Now to why even a social media site is dangerous, while back...and yes this was something I did to a guy on the internet being a ******. On an online game nonetheless, with nothing but his IP conveniently snagged using an element inspector on a shoddily constructed site for the game I myself got all these things on one person:
full name
address
relatives names
relative addresses
phone numbers
facebooks
jobs
jobs numbers
the exact extension to his desk
his supervisors name
supervisors number
license plates
emails (gave up at 5 different accounts)
his websites visited
and the best part?, didnt have to go anywhere near his pc, didnt break any laws, as far as I know google helped me more than anything
now what did I do with all of this?, tossed it into a private message to him and watched laughing as he flipped out. But anyone else ......wow the possibilities are endless
Through some simple HTML and a picture in a forum posts, I can gain a lists of IP addresses because every time someone clicks that image it will be dumped to my notepad, its really easy and steps are on google
So, dont think someone accessing your social media cant get anything, look at what I did through an online game, and im far from a coding genius, hell Im just starting out coding
but this all seems caused by a web browser extension, yet another easily preventable situation, thats the thing viruses, identity theft, data breaches 99% are caused by lack of common caution and sense
passwords are a very real issue, and while ive never used a password manager like some have mentioned here, it does make me wonder what happens if the password managers get hacked, they just got Kaspersky a while back it can happen
my passwords, different for every site always over 20 characters, numbers, symbols, upper case, lower case, and if they allow spaces. My password manager ? something the internet cant steal my little black book hidden in my file cabinet
why all the different kinds, well if you ever tried cracking a password the more complex the more combinations the pc has to try, read somewhere once that even adding one uppercase letter and one number to a password almost triples the amount of time the average hackers password cracker takes to crack it.
Its your data, and you arent safe anywhere.....never think you are.
Also heres a picture of what it looks like when you go digging into a website with element inspector
(sorry triple monitor setup so its a big screen lol)
for the record no I dont endorse this crap I'm as paranoid as it gets but understand to fight something its best to know how it works
Attachments
1 - 20 of 76 Posts
