We are under attack!

Randle

WKR
Joined
Dec 30, 2012
Messages
2,176
Location
Nope
Thanks for the heads up . So are they using a known members log in and posing as the known member.
 

ande7824

Lil-Rokslider
Joined
Feb 3, 2018
Messages
133
I recently decided to just change all my passwords, if you use lastpass (or maybe other PW managers?), you can see if any of your PWs have been in documented hacks or leaks. Surprised me how many of mine were.
 
Joined
Apr 22, 2012
Messages
7,390
Location
Chugiak, Alaska
if you use lastpass (or maybe other PW managers?), you can see if any of your PWs have been in documented hacks or leaks. Surprised me how many of mine were.
Sorry for my ignorance, but what do you mean by "you can see if any of your PWs have been in documented hacks or leaks"? Also, how do I go about checking mine? Again, sorry if this is a stupid question, but I'm an idiot when it comes to computers.
 

ande7824

Lil-Rokslider
Joined
Feb 3, 2018
Messages
133
Sorry for my ignorance, but what do you mean by "you can see if any of your PWs have been in documented hacks or leaks"? Also, how do I go about checking mine? Again, sorry if this is a stupid question, but I'm an idiot when it comes to computers.
No problem. Always good to learn!
See here: https://www.techradar.com/news/last...ur-passwords-have-been-leaked-on-the-dark-web

Basically, they check your passwords you keep in the lastpass app against documented leaked password databases and will notify if one of yours was in it.

I ended up spending the better part of 2 days changing every single one of my passwords to a unique password not shared anywhere else. I just used the password generator. It gives random numbers, letters (caps and lowercase), and symbols. You can make it as long as you want too.
 
OP
Ryan Avery

Ryan Avery

Admin
Staff member
Joined
Jan 5, 2012
Messages
8,639
No problem. Always good to learn!
See here: https://www.techradar.com/news/last...ur-passwords-have-been-leaked-on-the-dark-web

Basically, they check your passwords you keep in the lastpass app against documented leaked password databases and will notify if one of yours was in it.

I ended up spending the better part of 2 days changing every single one of my passwords to a unique password not shared anywhere else. I just used the password generator. It gives random numbers, letters (caps and lowercase), and symbols. You can make it as long as you want too.
I do the same thing but use 1password.com.

Also using two-step verification is hard to beat. It's a pain at the time but much easier than getting an account hacked.
 

ande7824

Lil-Rokslider
Joined
Feb 3, 2018
Messages
133
I do the same thing but use 1password.com.

Also using two-step verification is hard to beat. It's a pain at the time but much easier than getting an account hacked.
Agreed. Definitely use 2-step where ever you can. Adds a good layer of security.
 
Joined
Apr 6, 2019
Messages
71
Location
Central Oregon
Google Authenticator and/or LastPass's Authenticator, combined with a paid password manager like LastPass ($12/yr) is worth the initial learning curve. Security is never convenient, but as others have already said, totally worth not having accounts compromised - government agencies, credit bureaus and retail outfits are leaking enough info on all of us that it's crazy not to get 2FA rolling on any accounts that can lead to personal information or finances.

LastPass will generate unique passwords with up to 64 characters for every site/account, and also provides places to save other info, like your wife's SS#, bank account #, etc. The only thing you need to keep in your head or elsewhere is a unique Master password or phrase that secures it all. Combine that with an authenticator app required to access your LastPass account...and you're no longer the low hanging fruit that the all of thieves are after.
 
OP
Ryan Avery

Ryan Avery

Admin
Staff member
Joined
Jan 5, 2012
Messages
8,639
Tburke86 account has been hacked. If anyone knows him please have him email me.
 
OP
Ryan Avery

Ryan Avery

Admin
Staff member
Joined
Jan 5, 2012
Messages
8,639
I will say this again. Change your passwords not only here but change your email passwords frequently and uses different passwords on each account. If you can't remember your PWs get a service like 1password.com.
 

Marbles

WKR
Classified Approved
Joined
May 16, 2020
Messages
3,686
Location
AK
Sorry for my ignorance, but what do you mean by "you can see if any of your PWs have been in documented hacks or leaks"? Also, how do I go about checking mine? Again, sorry if this is a stupid question, but I'm an idiot when it comes to computers.
Hacked passwords are sold on the darkweb, some companies by those lists and use them to make notifications of compromised passwords. The problem with something that checks it against your current passwords it that requires the service to have access to the decryption keys for your passwords. I use Keeper as my password manager. It dose not provide this service because the service is designed where if I loose my main password for Keeper everything is permanently inaccessible, no back doors.

Lifelock will scan for usernames/emails on the darkweb password lists and notify you if one that looks like it belongs to you comes up.

If you have a strong and unique password for every account it makes a compromised password result in limited damage. The catch is none of us can remember 70 strong passwords and most people have trouble even remembering 1.

NIST (National Institute of Standards and Technology) recently changed their recommendations regarding frequency of passwords changes, before they recommended changing a password every 90 days, however this results in multiple week passwords. Now the only recommend changing a password if there is reason to believe it has been compromised. This of course is assuming a strong, well designed password that is a random string of characters that include uppercase letters, lowercase letters, numbers, and special characters and is a minimum of 8 characters long and not used for any other account. This change was made in the last year, so unfortunately it will probably be another 10 years before it is widely adopted and I will not need a new password every quarter at work.

Ok, looking up the NIST guidelines, which where updated to account for human factors, I see that my paragraph above contains outdated ideas as well.

Two factor authentication is good, but not perfect. Using an authentication app with end to end encryption is much better than a text or email, both of which can be intercepted by a low resource (read non-state) actor and neither where designed with security in mind.

Edit: I should add, before I saw this on the 10th my password for Rokslide was not very strong. I had just thought there was nothing someone could steel from me on here and had not thought about someone using my account to commit fraud. Fixed that on the 10th, and just now turned on two factor identification using an app.
 
Last edited:
Joined
Apr 6, 2019
Messages
71
Location
Central Oregon
Yeah id say 70 plus passwords is easy for me.
100 plus probably.
I have to idea how to reasonably manage it.

Sorry, wanted to be sure I understood which part you don't know how to manage. The password app managers like LastPass and 1Password are pretty easy to use. Just start simple, with the free version of LastPass - browser only I think - manage a few passwords and then it's a $12/yr upgrade to use the mobile app. Add an authenticator app as an additional layer to log into your LastPass account...and as myself and others have mentioned, you really rise above all the targets that aren't using anything to protect themselves.
 
Joined
Nov 16, 2017
Messages
8,161
Location
Central Oregon
Sorry, wanted to be sure I understood which part you don't know how to manage. The password app managers like LastPass and 1Password are pretty easy to use. Just start simple, with the free version of LastPass - browser only I think - manage a few passwords and then it's a $12/yr upgrade to use the mobile app. Add an authenticator app as an additional layer to log into your LastPass account...and as myself and others have mentioned, you really rise above all the targets that aren't using anything to protect themselves.
Thanks for the info.
Guess there must be some sort of password generator app.
I can usually barely think of 1 new password when one expires. Idk how id come up with ten. Little loan 70 plus.
 
Top