Change Account Password Regularly. | Bitcointalksearch.org

Delight Media

newbie

Activity: 406

Merit: 0

Quote from: skarais on April 08, 2021, 04:45:52 PM

I stumbled across something that might be worth asking here. The bpip.org site showed me the forum admin (theymos)has periodically changed password the account every year for the past 3 years. Is this periodic password change recommended to increase the security of our account?

https://i.ibb.co/0Qxqwj1/Screenshot-2021-04-09-03-27-07-74.jpg

If so, are there any issue users might face if they periodically change their account password every years?

No issues but it good to always review your account details regularly just help your account secured against any scammers or hackers. If you then chose to leave it I see no problem provided your account has a strong password that can't be easily guess.

Delightcrypto1

jr. member

Activity: 76

Merit: 1

Your password is your Personal Access Security Service that allows you alone to gain an access to your account. For this reason you can decides to alter it at anytime most especially if you sensing someone can guess it and gain access to your account. But I advise use a strong password that can't be guess by anyone.

Welsh

staff

Activity: 3248

Merit: 4110

Basically, if you have a strong password in the first place, and you use different passwords in different places that significantly reduces the chance of database leaks compromising you. The only issue then is if Bitcointalk was compromised, but at least the passwords are hashed, and if you have a strong password to begin with its unlikely that anyone will be able to crack it before you become aware that the site was compromised. So, generally if you follow these guidelines, you don't really need to change your passwords all that often, if at all depending on your own personal security protocols.

There are times which you might make a mistake, and aren't completely convinced that your data wasn't compromised, especially when traveling, or using insecure devices. I've definitely had these moments in the past.

However, I do recommend users do a security review from time to time even if you believe everything is fine.

RickDeckard

legendary

Activity: 1008

Merit: 3001

Quote from: pugman on April 09, 2021, 07:57:24 PM

*triple psst to you, ouuu.

Okay in all seriousness, I like the idea behind bitwarden, and I want to use it, but the reviews on it thus far are shaky. ssss. And I don't know if I trust windows to keep my files safe. Heckin hell this is.

I can't deal with a triple psst, you won! Regarding bitwarden, if you're still unsure if bitwarden is stable to use as self-host then I see that the only option would be a tool similar to KeePassXC but in this solution you keep your database encrypted on your PC... If you don't trust Windows to keep your files safe I don't really think you'll ever find a password manager that fills all the boxes in terms of requirements ...

What about setting up bitwarden in a Linux environment? You could host it in a VM/Docker and then use the desktop version in Windows to connect to your server... This guide sums up all the important steps : https://golb.hplar.ch/2018/12/self-host-bitwarden.html . I do believe that even if the program does crash you should always have a backup of your encrypted database to prevent any loss in your passwords... After all we for sure want to continue watching a pug appear from time to time here in bitcointalk Grin

ChuckBuck

hero member

Activity: 1372

Merit: 783

better everyday ♥

Quote from: Pmalek on April 11, 2021, 02:56:32 AM

Accounts don't get stolen that easy. Unless your device isn't vulnerable, you aren't using an easy to guess/bruteforce password, and there isn't a recent database breach, you will be fine. And unless you used the same password on another site that got leeked of course.

Oh shit

I often have a habit of using the same password for many different accounts, recently, Google announced that I have been exposed to 55 identical passwords Roll Eyes

Quote from: Pmalek on April 11, 2021, 02:56:32 AM

I like how they do it at my current job. Every 3 months we are required to change the password to log in to the main platform. And they have a system in place similar to Skype's. You can't reuse an old password. It has to be a new and unique password. Maybe this is also a possible attack vector because it means that a server somewhere compares the entries (hashes) you make with the ones you used in the past.

It is difficult to change passwords frequently, changing frequently will lead to forgetting of passwords, especially passwords that cannot be the same as old passwords. Seems safe but sometimes also dangerous if you forget your password and then lose other relevant security information to recover password

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

I once created a similar theme. I was surprised by a user who so diligently changes his password from the forum every day.

https://bitcointalksearch.org/topic/--5308307

Likewise, I think that if we do not use someone else's Internet, we have one device for an account, and we use the security system correctly, we should not be too paranoid about changing the password. It is important to keep copies of passwords, because, with frequent changes on one device, the user often forgets to save the new password, thereby creating problems for himself.
Let's not talk about the complexity of passwords here, 8 characters is of course "hard" Grin

https://howsecureismypassword.net/

And also a post as a reminder of how a hacker can get our passwords.
https://www.quora.com/How-does-a-hacker-grab-a-persons-password

And the dangers of stealing cookies
https://securityintelligence.com/articles/guide-to-cookie-hijacking/

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: ChuckBuck on April 10, 2021, 11:12:51 AM

I haven't changed my password for a long time, nothing happened, maybe I am lucky?

Accounts don't get stolen that easy. Unless your device isn't vulnerable, you aren't using an easy to guess/bruteforce password, and there isn't a recent database breach, you will be fine. And unless you used the same password on another site that got leeked of course.

I like how they do it at my current job. Every 3 months we are required to change the password to log in to the main platform. And they have a system in place similar to Skype's. You can't reuse an old password. It has to be a new and unique password. Maybe this is also a possible attack vector because it means that a server somewhere compares the entries (hashes) you make with the ones you used in the past.

skarais

legendary

Activity: 2464

Merit: 2094

OK, I am grateful to anyone who has answered my question and I will probably not quote you one by one.
I got the answer here and maybe I will put it into practice in the future if I am paranoid enough about the security of my account. So far, I haven't had any issues with the password I use. I'm sure it's a pretty strong password with a good combination.

As we can see theymos change the password every year (last 3 years) and I believe it is a good practice for someone like him even though it is highly unlikely that his account will be hacked and controlled by someone else for a long time. But I believe we don't need to change our email and password if it's not in urgent situation like hacking attempt and emails are full of spam message and phishing attempt.

ChuckBuck

hero member

Activity: 1372

Merit: 783

better everyday ♥

I wonder if changing password is needed when we can stake address in this forum? Most people stake their address on this forum to be safe even if their account is stolen. While it may take a few to get your account back, but surely no one can steal it unless you no longer own the address. Furthermore, is this forum account really easy to be stolen? In most cases, the hacked accounts are usually accounts that have been inactive for a long time. I haven't changed my password for a long time, nothing happened, maybe I am lucky?

Timelord2067

legendary

Activity: 3626

Merit: 2209

💲🏎️💨🚓

They've got these things called "pen and paper", perhaps you've heard of them? They can be securely stored off line and need little, or no maintenance and work in an off-line environment without the need even for an external power source (not to mention they can be stored "air gaped" one on top of another without information loss or data transfer).

Hackers have to physically come into contact with the "pen and paper" risking exposure to virus and toxins that my have been planted on the relevant surfaces with the added layer of security they have to be able to discern the location of you, then the location of the "pen and paper" which may or may not be in the same physical location as yourself.

Grin

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: Igebotz on April 10, 2021, 09:27:23 AM

This is risky I've never seen any site recommend you set your password to 40 letters and above this is something very strange. How do you manage to use such long password and still remember them? Password should be within 8 letters.

Jeebus that's probably the worst advice I've read concerning account security in my whole life. Probably worse than saving passwords on a .txt file. There's a reason why a lot of sites don't allow password as short as 8 characters anymore, as it's easy as hell to bruteforce if you have a good-enough hardware.

Quote from: Igebotz on April 10, 2021, 09:27:23 AM

I don't fancy or trust any third party when it comes to my password, what if there is data breach? You are likely going to lose everything.

Password manager data being encrypted aside, you don't need to trust them if you don't want to. Hence why I also mentioned self-hosting in one of my previous replies in this thread.

Igebotz

legendary

Activity: 1316

Merit: 1610

The BSFL Sherrif 📛

Quote from: mk4 on April 08, 2021, 10:10:30 PM

This. But far more importantly — don't re-use passwords on multiple websites, and make sure your password is long (probably 40 characters or more) and complex enough for it to be difficult to bruteforce.

This is risky I've never seen any site recommend you set your password to 40 letters and above this is something very strange. How do you manage to use such long password and still remember them? Password should be within 8 letters.

Quote from: mk4 on April 08, 2021, 10:10:30 PM

"But how do I remember all my passwords?"

Use open-source password managers such as Bitwarden[1] and KeePass2[2]!

[1] https://bitwarden.com/
[2] https://keepass.info/

I don't fancy or trust any third party when it comes to my password, what if there is data breach? You are likely going to lose everything.

pugman

legendary

Activity: 2383

Merit: 1551

dogs are cute.

Quote from: NotATether on April 09, 2021, 10:36:35 AM

For the last couple weeks, I'm actually in the process of consolidating all my passwords from Lockwise, GPG files and iCloud to LastPass. And I can tell you that migrating from one password manager to another is a very laborious process when you have hundreds of passwords. Makes me shy away from self-hosted password managers which can screw me over if they blow up (which Bitwarden actually did to me, I never even got it past the install stage).

Okay what the hell? How- what? huh? explain sir.

Quote from: mk4 on April 09, 2021, 11:11:34 AM

*psst. Aye m8, g'day. Based on my past research, Dashlane has been bloody reputable from what I remember.*

Unfortunately I can't recommend nor not-recommend it because I haven't tried it personally, but it seems pretty good. I'm just more of a fan of open-source.

*psst. [whispering slowily] I...love dashlane but-- they are switching to an entirely browser-based platform which I am not sure if I like.

Quote from: RickDeckard on April 09, 2021, 02:01:53 PM

*psst *psst *psst From all the password managers out there, I would only be able to recommend bitwarden because it's the only one that provides you with an option to self-host[1] your client. This means that you're not storing your encrypted passwords somewhere in the cloud (or bitwarden servers) but you're actually hosting that same environment but in a much more closer entity (your machine).

As a side note, you'll find in here - https://www.privacytools.io/ - a great list of apps and addons that you can use to increase your privacy in almost every spectrum of a computer use (programs, OS, Internet ...).

[1] https://bitwarden.com/help/article/install-on-premise/

*triple psst to you, ouuu.

Okay in all seriousness, I like the idea behind bitwarden, and I want to use it, but the reviews on it thus far are shaky. ssss. And I don't know if I trust windows to keep my files safe. Heckin hell this is.

RickDeckard

legendary

Activity: 1008

Merit: 3001

Quote from: mk4 on April 09, 2021, 11:11:34 AM

Quote from: pugman on April 09, 2021, 09:12:17 AM

*psst. Current-dashlane user here! Heard a wee bit on Bitwarden, is it better than Dashlane do you reckon oui matêë? *

*psst. Aye m8, g'day. Based on my past research, Dashlane has been bloody reputable from what I remember.*

*psst *psst *psst From all the password managers out there, I would only be able to recommend bitwarden because it's the only one that provides you with an option to self-host[1] your client. This means that you're not storing your encrypted passwords somewhere in the cloud (or bitwarden servers) but you're actually hosting that same environment but in a much more closer entity (your machine).

As a side note, you'll find in here - https://www.privacytools.io/ - a great list of apps and addons that you can use to increase your privacy in almost every spectrum of a computer use (programs, OS, Internet ...).

[1] https://bitwarden.com/help/article/install-on-premise/

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: pugman on April 09, 2021, 09:12:17 AM

*psst. Current-dashlane user here! Heard a wee bit on Bitwarden, is it better than Dashlane do you reckon oui matêë? *

*psst. Aye m8, g'day. Based on my past research, Dashlane has been bloody reputable from what I remember.*

Unfortunately I can't recommend nor not-recommend it because I haven't tried it personally, but it seems pretty good. I'm just more of a fan of open-source.

Quote from: libert19 on April 09, 2021, 10:44:23 AM

How do you mean 'if they blow up'?

I'm guessing something broke or something when he/she was in the process of configuring his/her account.

posi

hero member

Activity: 2240

Merit: 579

Leading Crypto Sports Betting & Casino Platform

As Welsh said, only Theymos can provide honest to the OP question but from my own presumption changing of account password every year shouldn't be a problem if done in the right way.
With that been said, according to what I have learnt ever since I have been browsing online is that to prevent vulnerability and for security purpose, it's nice to change ones account password at least every 6months.

libert19

hero member

Activity: 2464

Merit: 934

Quote from: NotATether on April 09, 2021, 10:36:35 AM

Quote from: pugman on April 09, 2021, 09:12:17 AM

Quote from: mk4 on April 08, 2021, 11:20:51 PM

Quote from: libert19 on April 08, 2021, 11:09:35 PM

I am using LastPass since last few years, it has been serving well, what made you stop using it if I may ask(considering you used 'was' in sentence)?

*psst. Ex-LastPass user here. Use Bitwarden instead. It's free (but I recommend paying just to help out the devs), it's open-source, and you can self-host as well.*

Disclaimer: Not affiliated. Just a fan.

*psst. Current-dashlane user here! Heard a wee bit on Bitwarden, is it better than Dashlane do you reckon oui matêë? *

For the last couple weeks, I'm actually in the process of consolidating all my passwords from Lockwise, GPG files and iCloud to LastPass. And I can tell you that migrating from one password manager to another is a very laborious process when you have hundreds of passwords. Makes me shy away from self-hosted password managers which can screw me over if they blow up (which Bitwarden actually did to me, I never even got it past the install stage).

How do you mean 'if they blow up'?

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: pugman on April 09, 2021, 09:12:17 AM

Quote from: mk4 on April 08, 2021, 11:20:51 PM

Quote from: libert19 on April 08, 2021, 11:09:35 PM

I am using LastPass since last few years, it has been serving well, what made you stop using it if I may ask(considering you used 'was' in sentence)?

*psst. Ex-LastPass user here. Use Bitwarden instead. It's free (but I recommend paying just to help out the devs), it's open-source, and you can self-host as well.*

Disclaimer: Not affiliated. Just a fan.

*psst. Current-dashlane user here! Heard a wee bit on Bitwarden, is it better than Dashlane do you reckon oui matêë? *

For the last couple weeks, I'm actually in the process of consolidating all my passwords from Lockwise, GPG files and iCloud to LastPass. And I can tell you that migrating from one password manager to another is a very laborious process when you have hundreds of passwords. Makes me shy away from self-hosted password managers which can screw me over if they blow up (which Bitwarden actually did to me, I never even got it past the install stage).

Timelord2067

legendary

Activity: 3626

Merit: 2209

💲🏎️💨🚓

I wouldn't advise changing your password too regularly, as you can see in the OP's example, the password was changed withing two days of the first anniversary of the first instance. This could be a key date such as a birthday, or wedding anniversary etc, so anyone wanting to data mine, or even hack an account can look at this and can probably guess other relevant information.

pugman

legendary

Activity: 2383

Merit: 1551

dogs are cute.

Quote from: mk4 on April 08, 2021, 11:20:51 PM

Quote from: libert19 on April 08, 2021, 11:09:35 PM

I am using LastPass since last few years, it has been serving well, what made you stop using it if I may ask(considering you used 'was' in sentence)?

*psst. Ex-LastPass user here. Use Bitwarden instead. It's free (but I recommend paying just to help out the devs), it's open-source, and you can self-host as well.*

Disclaimer: Not affiliated. Just a fan.

*psst. Current-dashlane user here! Heard a wee bit on Bitwarden, is it better than Dashlane do you reckon oui matêë? *

Quote from: The Sceptical Chymist on April 08, 2021, 04:56:45 PM

I change my password occasionally--not too often, and usually after I get paranoid about the forum getting hacked. It's probably not a bad idea for a member to do that from time to time (and to pick a strong one, too), because people have certainly lost their accounts to hackers in the past and no doubt it'll happen again.

If there's a downside to doing so, I think it might be that it's a major pain in the ass to recover your account if you forget your password, but maybe a moderator can clarify that. There's also the issue of people thinking your account might have changed hands if you happen to change both your password and your e-mail at the same time (which I think I've also done).

The security on bitcointalk, as far as I can tell, is questionable and I do wonder how vulnerable the forum is to another major hacking. It's been a while since the last one, but I've no idea what goes on behind the scenes.

Dude, your paranoia is NOT bad;; for someone like you especially, considering how many rat cum eaters are after you/your account/rep/ lê chipmixer status, etc,.

Its been what over 6 years, since the last hack? You never though what is to happen ;.;

iamwaiting.png />

Topic: Change Account Password Regularly. (Read 467 times)