GingerApple 7,304 Posted December 25, 2017 (edited) Lol, this is getting painful. Although it's a shame this post wasn't made about a week ago... Edited December 25, 2017 by GingerBubba Share this post Link to post
groovystix 0 Posted December 25, 2017 LoL aint that the truth!Sent from my SM-G955U using Tapatalk Share this post Link to post
HorFan 483 Posted December 25, 2017 Thanks for the Christmas laughs!Merry Christmas everyone!Sent from my iPhone using Tapatalk Share this post Link to post
swamp 0 Posted December 25, 2017 ????Sent from my iPhone using Tapatalk Pro Share this post Link to post
Daywatch 4 Posted December 25, 2017 brillant:) .... and remember to use multiple passwords, to change them often and never to write them down! Share this post Link to post
trailboss99 994 Posted December 25, 2017 1 hour ago, Raddave said: ^^^^THIS^^^^ Passwords . . . Boring things we are forced to make up every few weeks of net life. Some of them protect stuff we may think isn't important (and I'll show you in a bit why they are) and some protect obviously sacred stuff such as bank accounts, corporate logins and private photos; a lot of folk don't give enough thought to the humble password. You wouldn't leave your personal diary open on the desk at work and go home would you? Neither would you leave your AMEX on the bar at your local roadhouse (if you can do either you are indeed a fortunate son) but how much thought do you put into the password on your bank account? Is it the bare minimum to pass whatever standard the bank insists on? Passwords are important but to muddy the waters a bit the guy who is responsible for inventing the current system for rating passwords now says he made an error. For us as who need to remember passwords it's a good error because this chap now says that it is just or more effective to have a password made up of at least three unconnected words (of an average of 5 letters each) as it is to have the current jumble of letters/a cap/ a numeral/a random character. Itr is a lot easier to remember say "catboxlightbulbrope" because we can form a picture in our minds like a litterbox lit by a bulb hanging from a rope and that is a lot easier to remember than ;kjgh@jlhf?23. In actuality these words have no direct connection so as a password they are now considered just as hard to crack as the gibberish. In the end tho it depends on the way your passwords are encrypted by your host site. A simple Secure Hash Algorithm (I'll link to Wikipedia in this post to save explanations) just doesn't cut it any more because list of the hashes for common words, phrases and combinations exist. This allows (putting it simply) the hash to be translated into the password. The answer to this is a cryptographic salt, a random value stored with the password. This vastly increases the number of tables required to compute any given password (full explanation in link). The above explains why our "pal" does not have access to more than a handful of accounts on RWI since ours are salted at not just a high bit number but then double salted giving your account the best security we can give it. At most he had access to handful of accounts; how exactly we are not sure. He may well have the password hashes for RWI but he would need the resources of the NSA to crack more than a token amount regardless of how much time he has. Even that does not mean you should be lax with password strength; the best system in the world won't help a weak password. "So Trailie, how do I stay safe?" I hear you ask. Well you can never be 100% safe but you do a hell of a lot to get as close as you can. Firstly don't use the same password on more than one site. The easiest thing a site hack will usually reveal is email addresses and with an email address a hacker could link you to other sites. If he cracks the password on one he's going to try the same one at others. There are people out there (let's call him Bob) who are quite happy to use the same login details on their Facebook, Instagram, company VPN and netbank accounts. Bob needs to learn that that way lies madness, don't be like Bob. The second rule is actually the first rule of Password Club: Don't talk about Password Club! Keep your damn passwords to yourself! Now that may sound self evident but regrettably I find it isn't. Don't write your passwords down and keep them on a piece of paper in your mobile phone case (people do), don't keep them in a word document on your PC (people do this as well). I don't expect you not to need to have at least one written record of passwords since the average netizen will have a few dozen if he or she does things the right way but write them down and keep them in a note book and preferably not beside the computer (again, people do and houses do get broken into). So, without referring to a book how do you remember all those passwords? Easy, get a password manager. A password manager is a (usually) net based application that stores all your password under very effective lock and key (ie: military grade encryption that only the NSA could crack and even then only given time) while logging you in automatically to your websites. Such apps are far more secure than the "remember password" system on your browser of choice, those systems are a hackers friend and at best are only as good as the password on your browser. Several are available for free, a google will provide a list and many reviews but remember the one password you now need to remember should be a doozy. Most password managers will allow very long strings so maybe use a random phrase from somewhere. The likes of "And in the East the sun was rising; mmm, Bacon" should do it. Easy to remember, very difficult to crack. Remember tho, set the manager to log out every time you out of your browser. If you don't your physical security (ie: from intruders at home or someone else in the office) is only as good as your windows login or not even that if you don't log off. While you are at it beef up your Windows login . . . Where does that lot leave you? Better off and safer in the wild, wild west that is the internet. While you are at it consider the privacy settings on your Facebook/Twitter/Instagram accounts as well as stuff like Photobucket and Linkedin. How much information are you sharing with the entire world? When a site asks you for details consider whether they really need that info and if they don't give gobbledygook instead. For example if you are buying a tee shirt on line the company will need your address, an email (consider a separate email for such purposes) and maybe even a phone number but do they really need your date of birth? Ah, no . . . So don't give one and if they insist give a false one. The three most important pieces of info needed to steal an identity are name, age/date of birth and address; given those many things are possible so don't give more info than a site needs to do what you want it to (not always the same as what it wants to do). If there is no need and no demonstrated benefit to you in giving a certain piece of information then don't give it. Don't pinpoint your location on Facebook, give a state or a country or even better hide your details from all but friends. Check the settings on your router firewall, do all new devices need authorization? Is the public wireless network switched off? How is your phone set up to handle connection requests over wireless and bluetooth? Learn about security settings and use them. You have access control on your phone yes? So many folk do not have a password/gesture/fingerprint/facial ID/whatever is next set up on their phones and these days os may folk run their lives on the things. Oh and make sure whatever password manager you use works on your phone platform as well. Oh and FFS, run a decent anti virus program not some free stuff. I highly recommend ESET as the best available out there right now. If you want to add another layer of security pay the 40 bucks or so a year for a VPN which adds another layer protection between you and the big bad internet. Security, it is important and it's your responsibility as much as anyone's. Share this post Link to post
black263 228 Posted December 25, 2017 I've changed my password to INCORRECT. Then if I enter the wrong one they give me an automatic reminder. Share this post Link to post
trailboss99 994 Posted December 25, 2017 1 minute ago, black263 said: I've changed my password to INCORRECT. Then if I enter the wrong one they give me an automatic reminder. Share this post Link to post
Raddave 18 Posted December 25, 2017 word !!! fwiw , i run all my passys though a md5 hasher and then back through a MD5decryptor, if it hits , ill get a new passy Share this post Link to post
black263 228 Posted December 25, 2017 In truth, for a really solid password that's almost impossible to crack, you could use the method we had for remembering the codes to the crypto cabinets when I was in the RAF. You write out on a sheet of paper the alphabet, and then assign to each letter a random character. So A=!, B=£, C=% and so on. You then have a memorable phrase, such as The last time I went home was for my Grandad's Birthday. Take the initial letter gives TLTIWHWFMGB. We would then convert that to the characters and use that as the password. Because there was no correlation between the grid and the actual password, there was no problem leaving it on display. We only changed the grid every couple of months, but changed the memorable phrase weekly. Share this post Link to post
trailboss99 994 Posted December 25, 2017 16 minutes ago, Raddave said: word !!! fwiw , i run all my passys though a md5 hasher and then back through a MD5decryptor, if it hits , ill get a new passy Well that works as long as the site in question uses MD5 . . . Sure helps tho as does what Black suggest above for even better security. Share this post Link to post
Reaper2981 0 Posted December 26, 2017 11 hours ago, black263 said: I've changed my password to INCORRECT. Then if I enter the wrong one they give me an automatic reminder. This is genius! Never thought of that before Share this post Link to post
