Some simple steps can save us from lot of phishing like
Your numbers 1–5 as enumerated in your post are apt. Though I think item 4 will be a lot more difficult to avoid since a lot of sites will need app downloads from Google playstore or apple. However, the catch there is to make sure one is certain that the site in question has an app to be downloaded before heading to a third party for it. As for those using simple passwords, it's advisable not to. I guess a lot of people use simple password so they can easily recall it off by heart instead of writing it down on paper. That's not good to want to remember it that way. We should know that the mind is sometimes subject to forgetfulness. Write out the passwords, and since one is writing it out it will be nice to make it a strong and difficult one. There's no harm in doing that.
Topic: Don't use your bitcointalk account password on other websites (Read 624 times)
November 28, 2021, 04:06:03 AM
In this day and age, a new different password and username should be created for any new website signup. And I am not talking about changing the last two digits on a number, I mean it has to be something completely different. That's how I go about it and honestly, I sometimes think that even that is not enough. With how many sign-ins I am required, I wouldn't be surprised if I duplicated my info eventually XD
November 28, 2021, 03:55:09 AM
And when we watch other people's mistakes 
It is best when we do research and learn from advice, lessons of others. It's not good to lose money just to get lesson which we learn from.It is terrible if we only have lesson to learn after losing all of our capital. If we fall into such cases, it is only because we are close-minded and don't listen to advice of others and think we are smarter than them then we will be safe without learning their advice.
Your advice in this topic can be expanded to as Never use a same password on multiple platforms, multiple exchanges or multiple wallets.
November 28, 2021, 03:14:26 AM
Some simple steps can save us from lot of phishing like
Your numbers 1–5 as enumerated in your post are apt. Though I think item 4 will be a lot more difficult to avoid since a lot of sites will need app downloads from Google playstore or apple. However, the catch there is to make sure one is certain that the site in question has an app to be downloaded before heading to a third party for it. As for those using simple passwords, it's advisable not to. I guess a lot of people use simple password so they can easily recall it off by heart instead of writing it down on paper. That's not good to want to remember it that way. We should know that the mind is sometimes subject to forgetfulness. Write out the passwords, and since one is writing it out it will be nice to make it a strong and difficult one. There's no harm in doing that. 
November 27, 2021, 09:20:16 AM
Bumping this topic, because
the best lessons we learn only when we make our mistakes.
And when we watch other people's mistakes September 13, 2020, 02:32:33 PM
I've also done the same mistake but instead using my mobile number and adding my birthday which i thought a good and secured idea but it got hacked, so don't put shared personal information in your password and add a backup email. I suggest to use different email, I'm currently using different email on different social accounts so it will be more secured, when one account got hacked the others will be safe.
When it comes to phishing websites it might be every log-in is just recorded to just get every information possible to use it in a lot of possible websites. I think the phishing websites are just targeting your email because your account is connected to your email. Getting the email is just what they needed to reset your accounts or to know the websites that you are connected because everything is emailing your mail. For me having different emails in different social media account is a good thing because you could easily organized your emails. But it could be confusing because you have a lot of emails. Maybe a personal email and a business email is enough you could just put a lot of protection to your one email If you only have one and it is easy to manage.
September 13, 2020, 01:35:39 PM
Most of the people are aware of this issue. And there might be few topics about this matter before. I just want to share my experience with you all and hope it will be helpful for those who aren't aware of it.
Firstly my intention was to earn bitcoin from faucets. But slowly slowly the forum introduced me with other crypto related things (like gambling, mining, trading, investing). I started to engage myself with those platform and created account at most of the new sites that I have found in this forum. I used the same password, email and username at most other sites which I have used in my forum account. It was my fault. Hacker got my password from any of those site(phishing) and accessed my account.
Though he didn't made any post or spam from my account. But he changed my account password on 9th July, 2018. On 12th July I came back and found that my password was changed, was unable to login. So I reset my password via mail. Within two weeks my account get locked for security reason.
Finally I took step to get back my account in May this year. And recovered it on 5th June.
I'm not the alone victim of the hacker. The hacker just used my sMerit and send it to someone in this reply
I think that user is also a victim of the hacker. There are few more user in the list.
Maybe there are more victim of this. First three people are banned now. The 4th user peter0425 has recovered his account and created a topic about the hacked issue. Check it here.
Hacker just used sMerit from these account during that time and sent one to another. If you notice those user security log at bpip.org you can realize it.
Check this topic to realize the importance of account password & how to secure it.
Prevent your bitcointalk account from hacker- prevention is better then cure.
As a newbie all should stay aware of this matter. For your account safety don't use the same password at other sites. Every website isn't going to be legit what you will see in this forum. Stay aware of phishing sites.[/list]
Firstly my intention was to earn bitcoin from faucets. But slowly slowly the forum introduced me with other crypto related things (like gambling, mining, trading, investing). I started to engage myself with those platform and created account at most of the new sites that I have found in this forum. I used the same password, email and username at most other sites which I have used in my forum account. It was my fault. Hacker got my password from any of those site(phishing) and accessed my account.
Though he didn't made any post or spam from my account. But he changed my account password on 9th July, 2018. On 12th July I came back and found that my password was changed, was unable to login. So I reset my password via mail. Within two weeks my account get locked for security reason.
Finally I took step to get back my account in May this year. And recovered it on 5th June.
I'm not the alone victim of the hacker. The hacker just used my sMerit and send it to someone in this reply
I think that user is also a victim of the hacker. There are few more user in the list.
Maybe there are more victim of this. First three people are banned now. The 4th user peter0425 has recovered his account and created a topic about the hacked issue. Check it here.
Hacker just used sMerit from these account during that time and sent one to another. If you notice those user security log at bpip.org you can realize it.
Check this topic to realize the importance of account password & how to secure it.
Prevent your bitcointalk account from hacker- prevention is better then cure.
As a newbie all should stay aware of this matter. For your account safety don't use the same password at other sites. Every website isn't going to be legit what you will see in this forum. Stay aware of phishing sites.[/list]
Exactly. I have learned my lesson the hard way when I use the same password of my email with other third party platforms (which I registered the same email over and over again). Since I am so worried about my accounts getting hacked anytime without warning, I make sure that my passwords are very hard. I create long passwords mixed with special characters or so (but not using the same hard long password to other platforms).
In case I forgot my password in my email, social media accounts (or even here on Bitcointalk), I put them on a notebook and write them down for me to remember. I also back them up in my USB drive through Notepad.
September 13, 2020, 11:56:38 AM
These are some statistics I’ve found on the topic of password reuse:
The above link allows us to reference the original source for each statement, originated in different surveys over the last couple of years, with different scopes and population sizes.
The surge and constant expansion of sites we suscribe to, that require the creation of an account (ecommerce and so forth), requires an excessive memory exercise, which leads to bad habits such as password reuse. Keeping just a few distinct credential pairs in mind for sensitive sites (hopefully with 2FA as an additional platform feature), and using a decent password manager to keep track of the others, should present a reasonable scenario where no site credentials are reused. The problem is that many people still remain unaware of the threat that password reuse practice poses.
Quote
Here are some staggering statistics that show the magnitude of the password reuse problem.
1. A Google survey found that at least 65% of people reuse passwords across multiple, if not all, sites.
2. Another recent survey found that 91% of respondents claim to understand the risks of reusing passwords across multiple accounts, but 59% admitted to doing it anyway.
3. Microsoft recently announced that a staggering 44 million accounts were vulnerable to account takeover due to compromised or stolen passwords.
4. The average person reuses each password as many as 14 times.
5. 72% of individuals reuse passwords in their personal life while nearly half (49%) of employees simply change or add a digit or character to their password when updating their company password every 90 days. These forced resets are an ineffective tactic.
6. And it is not just personal accounts. 73% of users duplicate their passwords in both their personal and work accounts.
7. Security.org found that 76% of millennials recycle their passwords.
8. This is why compromised passwords are responsible for 81% of hacking-related breaches, according to the Verizon Data Breach Investigations Report.
See: https://securityboulevard.com/2020/04/8-scary-statistics-about-the-password-reuse-problem/1. A Google survey found that at least 65% of people reuse passwords across multiple, if not all, sites.
2. Another recent survey found that 91% of respondents claim to understand the risks of reusing passwords across multiple accounts, but 59% admitted to doing it anyway.
3. Microsoft recently announced that a staggering 44 million accounts were vulnerable to account takeover due to compromised or stolen passwords.
4. The average person reuses each password as many as 14 times.
5. 72% of individuals reuse passwords in their personal life while nearly half (49%) of employees simply change or add a digit or character to their password when updating their company password every 90 days. These forced resets are an ineffective tactic.
6. And it is not just personal accounts. 73% of users duplicate their passwords in both their personal and work accounts.
7. Security.org found that 76% of millennials recycle their passwords.
8. This is why compromised passwords are responsible for 81% of hacking-related breaches, according to the Verizon Data Breach Investigations Report.
The above link allows us to reference the original source for each statement, originated in different surveys over the last couple of years, with different scopes and population sizes.
The surge and constant expansion of sites we suscribe to, that require the creation of an account (ecommerce and so forth), requires an excessive memory exercise, which leads to bad habits such as password reuse. Keeping just a few distinct credential pairs in mind for sensitive sites (hopefully with 2FA as an additional platform feature), and using a decent password manager to keep track of the others, should present a reasonable scenario where no site credentials are reused. The problem is that many people still remain unaware of the threat that password reuse practice poses.
September 13, 2020, 11:25:53 AM
As an IT I understand that passwords in a website are actually encrypted so even the programmers or the websites should not be able to see your password at least.
...
This is not always true. It depends entirely on the website you are using and its owner....
The owner/developer is the one who decides how passwords are going to be saved on the database (plain text or encrypted).
As a user and without having access to the website's back end, there is no way to know how passwords are being saved.
I agree, but it is a good practice to encrypt the password as a programmer since you cannot really leak any information from your users, it is against the law in my country.
That is actually the problem since they are a phishing website they just want to get information so the programmer programs it that way to get information easily.
September 13, 2020, 11:10:40 AM
Actually, having an identical passwords in different websites will put you in a risk. Because hackers can easily access your account in any websites you may attended. This is the reason why I want to generate different passwords with strong security so that I can avoid loss of my accounts. My password in BTT is different in my password at binance or any social media app. There are many people have been victim because of their similar passwords and it should be a lesson for all of us that putting a strong password and different in any websites will put as away in harm.
September 13, 2020, 10:41:43 AM
I've also done the same mistake but instead using my mobile number and adding my birthday which i thought a good and secured idea but it got hacked, so don't put shared personal information in your password and add a backup email. I suggest to use different email, I'm currently using different email on different social accounts so it will be more secured, when one account got hacked the others will be safe.
September 13, 2020, 10:09:04 AM
-
For me, I highly recommend to the members use a
Camel Case
Symbol
Number
As far as making your password stronger goes, you should take a look with @bob123's reply, here, and have it into consideration whenever you'll create one or if you would make some changes with your pw. This maybe kind of odd to do for typical users, since it is quite straightforward For me, I highly recommend to the members use a
Camel Case
Symbol
Number
. 
September 13, 2020, 08:03:39 AM
My Bitcointalk password is always been unique since I last changed it because I was afraid that something like this could happen and getting it back is not guaranteed since the step is so complicated and there were some users who didn't get back their account after someone hacks them. Before things going out of our hand, it is better to do this step and don't forget before doing it, you must stake your BTC address here: https://bitcointalksearch.org/topic/how-to-sign-a-message-990345
In case you messed up, The steps to recover your lost account is here: https://bitcointalksearch.org/topic/how-to-sign-a-message-990345
In case you messed up, The steps to recover your lost account is here: https://bitcointalksearch.org/topic/how-to-sign-a-message-990345
September 13, 2020, 07:02:06 AM
I don't give a fuck about passwords for most websites. I use the same one a million times. There's no info of note.
However one's Bitcointalk account can be a truly valuable thing so you owe it to yourself to get it right. A few minutes of thought and memorisation will save you plenty of future grief.
However one's Bitcointalk account can be a truly valuable thing so you owe it to yourself to get it right. A few minutes of thought and memorisation will save you plenty of future grief.
September 13, 2020, 06:02:43 AM
Prioritize the security of your account above all because it is not that easy to earn your rank here.
Never settle with only one email that you will use when you access other platforms. Using VPN is not that hard to do, you can learn how to apply it in Youtube and any other tutorials because it is really important. Always make a unique password, as soon as possible maximize using letters, numbers, and symbols to have a unique combination of passwords. Keep in mind that bitcointalk account is not that instant to have, so value it and take care of it to prevent scamming and hacking.
Never settle with only one email that you will use when you access other platforms. Using VPN is not that hard to do, you can learn how to apply it in Youtube and any other tutorials because it is really important. Always make a unique password, as soon as possible maximize using letters, numbers, and symbols to have a unique combination of passwords. Keep in mind that bitcointalk account is not that instant to have, so value it and take care of it to prevent scamming and hacking.
September 13, 2020, 12:05:26 AM
Also I see a lot of reports before with the use and problem of the members about their accounts because some of them reports it's hacked and forgot the password sometimes they are using the same password to their different accounts and also to their emails which is not a good thing this is too much prone to hacking.
Also there are alot of them using only the left part of the keyboard to make it more easiest commonly with the use of
A
S
W
D
R
1
2
3
Also there are alot of them using only the left part of the keyboard to make it more easiest commonly with the use of
A
S
W
D
R
1
2
3
September 12, 2020, 04:48:54 PM
<<>>
If someone steals a PC, there is no much you can do about it.
If someone steals a PC, there is no much you can do about it.
Tbh, keeping such things on a PC is not only stupid, but dangerous too.
Imho, I would never keep any of my passwords stored anywhere but write them down straight away. Keep a specific book (one is fine but you can keep 2 if you fear any kind of damage to the first one). Write the website name, username, email and password (and any extra details that are important to you like your security Q&A) and do the same in the second book. You can use a carbon paper and keep 2nd book's blank page under 1st book's page and then write if you don't want to do double up your workload. Keep both the books safe (but not in same place). Saving your passwords on browsers is also not a good practice if you want to save yourself from getting hacked.
September 12, 2020, 04:06:55 PM
<…> That way you can make individual powerful passwords and keep them in a txt file without putting them in risk.
But having them on a txt file on the actual drive, even on linux, may still encounter the odd malware that you can install through a wallet downloaded from a wrong site. What’s more, even if isolating the computer as much as possible will mitigate risks, there’s still the risk that someone grabs/steals your physical computer, and mounts the linux disk as a secondary device to access the content, gaining access the txt file. If someone steals a PC, there is no much you can do about it.
September 12, 2020, 03:32:07 PM
As an IT I understand that passwords in a website are actually encrypted so even the programmers or the websites should not be able to see your password at least.
...
This is not always true. It depends entirely on the website you are using and its owner....
The owner/developer is the one who decides how passwords are going to be saved on the database (plain text or encrypted).
As a user and without having access to the website's back end, there is no way to know how passwords are being saved.
Using an exclusive computer linux based to access your cryto related website businesses is a great step.
I encourage everyone to use Linux but it doesn't mean you are going to be 100% safe. A Linux OS can be hacked too and it doesn't matter which OS you are using if you enter your credentials into a phishing website. September 12, 2020, 02:25:55 PM
<…> That way you can make individual powerful passwords and keep them in a txt file without putting them in risk.
But having them on a txt file on the actual drive, even on linux, may still encounter the odd malware that you can install through a wallet downloaded from a wrong site. What’s more, even if isolating the computer as much as possible will mitigate risks, there’s still the risk that someone grabs/steals your physical computer, and mounts the linux disk as a secondary device to access the content, gaining access the txt file. Jump to: