Pages:
Author

Topic: Do not use same username and pw ANYWHERE (Read 1777 times)

hero member
Activity: 530
Merit: 500
October 09, 2012, 05:36:14 PM
#21
At some point you have to trust someone.  It is scary to think that your passwords are all stored there - make sure your account password in to lastpass is very complex.  According to their site, they use an encryption method that uses your password to encrypt your passwords in their DB so even if they were hacked, your passwords are "safe."

Only your encrypted passwords are stored at LastPass. Since they don't have your key (the passwords are decrypted locally when you access them) it's impossible for someone to get your passwords from LastPass even if they hack their servers. They still need to somehow get your password from you.

pretty sure was a LastPass account that got hacked which caused a fuckload of coins to be stolen from bitcoinica.

The password to the account was the same as a string visible in the leaked source code. That's extremely bad password management - of course your LastPass master password should be extremely secure and unique.

I'd also recommend using two factor authentication towards your LastPass account. Google Authenticator on an Android mobile is an easy and painless solution.

tl;dr: Use unique strong passwords everywhere. Never re-use passwords. LastPass helps you accomplish just that.
sr. member
Activity: 456
Merit: 250
October 09, 2012, 05:00:33 PM
#20
so your saying I shouldn't use the same username / pass at all sites I register with?
legendary
Activity: 1176
Merit: 1001
October 09, 2012, 04:37:56 PM
#19
With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key.  Even if your not connected to a network.
Try it and then tell me.
I know about the physics under the wood, but its still fantascientific.
sr. member
Activity: 369
Merit: 250
October 09, 2012, 04:24:50 PM
#18
lol LastPass

pretty sure was a LastPass account that got hacked which caused a fuckload of coins to be stolen from bitcoinica.

Stupid idea, nice way to make it easy for people to rob you, only have to log a single passoword and they gain all access.. magic.
newbie
Activity: 4
Merit: 0
October 09, 2012, 04:20:25 PM
#17
Are there potential vulnerabilities with LastPass? (eg if someone accesses your LastPass, they have all of your passwords). Is there a risk here?

At some point you have to trust someone.  It is scary to think that your passwords are all stored there - make sure your account password in to lastpass is very complex.  According to their site, they use an encryption method that uses your password to encrypt your passwords in their DB so even if they were hacked, your passwords are "safe."

I have been using lastpass for at least 3 years now and have been very happy with it.  The only problem I find is when I am away from my computer and want to log into a financial site or something - I have no idea of my password and have to do a little jumping around to their site to find it - but its worth it.
newbie
Activity: 12
Merit: 0
October 09, 2012, 04:14:10 PM
#16
Are there potential vulnerabilities with LastPass? (eg if someone accesses your LastPass, they have all of your passwords). Is there a risk here?
newbie
Activity: 28
Merit: 0
October 09, 2012, 03:31:21 PM
#15
I didn't know LastPass, I just tried. It's amazing thx a lot.
EDIT : By the way, get one month free premium account for free signing here : https://lastpass.com/f?728556
hero member
Activity: 784
Merit: 1000
Annuit cœptis humanae libertas
October 09, 2012, 03:24:46 PM
#14
With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key.  Even if your not connected to a network.

Electromagnetic shielding is available for the truly paranoid! (Probably only via the black market in some countries?)
sr. member
Activity: 266
Merit: 250
October 09, 2012, 02:33:48 PM
#13
With the right hardware you can keylog by looking over the person's shoulder with a satellite.
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
October 09, 2012, 02:31:07 PM
#12
With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key.  Even if your not connected to a network.
sr. member
Activity: 266
Merit: 250
October 09, 2012, 02:26:06 PM
#11
It would be interesting to design a hardware solution to this; some sort of keyboard that transmits encrypted data that could be decoded by a plugin in the web browser that would print the cleartext in the fields selected.
member
Activity: 70
Merit: 10
October 09, 2012, 02:15:33 PM
#10
The only way to stop a keylogger is by using key encryption software.

Or use on screen keyboard for important passwords

On screen keyboards can still be seen by a trojan. If they are recording your screen they will see which buttons you pushed.
member
Activity: 102
Merit: 10
October 09, 2012, 02:02:17 PM
#9
The only way to stop a keylogger is by using key encryption software.

Or use on screen keyboard for important passwords
member
Activity: 70
Merit: 10
October 09, 2012, 01:56:00 PM
#8
The only way to stop a keylogger is by using key encryption software.
newbie
Activity: 12
Merit: 0
October 09, 2012, 01:49:58 PM
#7
This is very important! Some years back I found some databases of forums via google because the backup folders were not protected at all! One was from a forum with several thousand members. Sometimes it needs no uber-skilled crook to hack a site and steal their database, even admins of large sites can be lazy and / or careless so the best thing is always to expect the worst and choose a strong password you use only for that specific site. Tools for this (KeePass and so on) have already been mentioned here.
newbie
Activity: 29
Merit: 0
October 09, 2012, 11:21:42 AM
#6
Yeah two factor authentication would be nice to have everywhere, I use it for my gmail account myself.  No I have never had a bad experience with this, but i have helped hundreds of people who have. 

LastPass, KeePass, yeah good stuff.  Use it people.  Damn these forums get a TON of action, there probably aren't enough moderators man.....This is probably one of the busier forums I have seen.
hero member
Activity: 784
Merit: 1000
Annuit cœptis humanae libertas
October 09, 2012, 11:12:56 AM
#5
Keyloggers are indeed pure evil, but good password management won't immunize one from those anyway, only multi-factor authentication (Yubikey, SMS verification, etc.) can do that.
hero member
Activity: 792
Merit: 1000
Bite me
October 09, 2012, 11:07:55 AM
#4
just get yourself a lastpass [free] account and use it
hero member
Activity: 770
Merit: 502
October 09, 2012, 10:57:21 AM
#3
lol.

I had a thread written up and was stickied, but members kept trolling it, I ended up clearing the OP and locking it. Lets see how many more threads like this one here pop up. You can thank the mods for not cleaning up the OT posts and trolls.
newbie
Activity: 5
Merit: 0
October 09, 2012, 10:56:31 AM
#2
Did you have a bad experience with this?
Pages:
Jump to: