Pages:
Author

Topic: Don't use your bitcointalk account password on other websites (Read 637 times)

hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
Some simple steps can save us from lot of phishing like
Your numbers 1–5 as enumerated in your post are apt. Though I think item 4 will be a lot more difficult to avoid since a lot of sites will need app downloads from Google playstore or apple. However, the catch there is to make sure one is certain that the site in question has an app to be downloaded before heading to a third party for it. As for those using simple passwords, it's advisable not to. I guess a lot of people use simple password so they can easily recall it off by heart instead of writing it down on paper. That's not good to want to remember it that way. We should know that the mind is sometimes subject to forgetfulness. Write out the passwords, and since one is writing it out it will be nice to make it a strong and difficult one. There's no harm in doing that.
I said about third party website like apart from downloading on playstore and app market for PC apart from official website so we can trust the application we are downloaded to install. Having password which is completely random and more difficult to remember is good but still it can be brute forced still it is not going to happen for all the account even if its hacked we have 14 days to lock the account then we can further proceed for account recovery.
full member
Activity: 616
Merit: 161
In this day and age, a new different password and username should be created for any new website signup. And I am not talking about changing the last two digits on a number, I mean it has to be something completely different. That's how I go about it and honestly, I sometimes think that even that is not enough. With how many sign-ins I am required, I wouldn't be surprised if I duplicated my info eventually XD
hero member
Activity: 1722
Merit: 801
And when we watch other people's mistakes Wink
It is best when we do research and learn from advice, lessons of others. It's not good to lose money just to get lesson which we learn from.

It is terrible if we only have lesson to learn after losing all of our capital. If we fall into such cases, it is only because we are close-minded and don't listen to advice of others and think we are smarter than them then we will be safe without learning their advice.

Your advice in this topic can be expanded to as Never use a same password on multiple platforms, multiple exchanges or multiple wallets.
legendary
Activity: 2716
Merit: 1225
Once a man, twice a child!
Some simple steps can save us from lot of phishing like
Your numbers 1–5 as enumerated in your post are apt. Though I think item 4 will be a lot more difficult to avoid since a lot of sites will need app downloads from Google playstore or apple. However, the catch there is to make sure one is certain that the site in question has an app to be downloaded before heading to a third party for it. As for those using simple passwords, it's advisable not to. I guess a lot of people use simple password so they can easily recall it off by heart instead of writing it down on paper. That's not good to want to remember it that way. We should know that the mind is sometimes subject to forgetfulness. Write out the passwords, and since one is writing it out it will be nice to make it a strong and difficult one. There's no harm in doing that.
legendary
Activity: 1946
Merit: 1026
In Search of Incredible
Bumping this topic, because

the best lessons we learn only when we make our mistakes.
And when we watch other people's mistakes Wink
full member
Activity: 1028
Merit: 144
Diamond Hands 💎HODL
I've also done the same mistake but instead using my mobile number and adding my birthday which i thought a good and secured idea but it got hacked, so don't put shared personal information in your password and add a backup email. I suggest to use different email, I'm currently using different email on different social accounts so it will be more secured, when one account got hacked the others will be safe.

When it comes to phishing websites it might be every log-in is just recorded to just get every information possible to use it in a lot of possible websites. I think the phishing websites are just targeting your email because your account is connected to your email. Getting the email is just what they needed to reset your accounts or to know the websites that you are connected because everything is emailing your mail. For me having different emails in different social media account is a good thing because you could easily organized your emails. But it could be confusing because you have a lot of emails. Maybe a personal email and a business email is enough you could just put a lot of protection to your one email If you only have one and it is easy to manage.
hero member
Activity: 2282
Merit: 659
Looking for gigs
    Most of the people are aware of this issue. And there might be few topics about this matter before. I just want to share my experience with you all and hope it will be helpful for those who aren't aware of it.

    Firstly my intention was to earn bitcoin from faucets. But slowly slowly the forum introduced me with other crypto related things (like gambling, mining, trading, investing). I started to engage myself with those platform and created account at most of the new sites that I have found in this forum. I used the same password, email and username at most other sites which I have used in my forum account. It was my fault. Hacker got my password from any of those site(phishing) and accessed my account.

    Though he didn't made any post or spam from my account. But he changed my account password on 9th July, 2018. On 12th July I came back and found that my password was changed, was unable to login. So I reset my password via mail. Within two weeks my account get locked for security reason.


    Finally I took step to get back my account in May this year. And recovered it on 5th June.
    I'm not the alone victim of the hacker. The hacker just used my sMerit and send it to someone in this reply
    I think that user is also a victim of the hacker. There are few more user in the list.

    Maybe there are more victim of this. First three people are banned now. The 4th user peter0425 has recovered his account and created a topic about the hacked issue. Check it here.

    Hacker just used sMerit from these account during that time and sent one to another. If you notice those user security log at bpip.org you can realize it.

    Check this topic to realize the importance of account password & how to secure it.
    Prevent your bitcointalk account from hacker- prevention is better then cure.

    As a newbie all should stay aware of this matter. For your account safety don't use the same password at other sites. Every website isn't going to be legit what you will see in this forum. Stay aware of phishing sites.[/list]

    Exactly. I have learned my lesson the hard way when I use the same password of my email with other third party platforms (which I registered the same email over and over again). Since I am so worried about my accounts getting hacked anytime without warning, I make sure that my passwords are very hard. I create long passwords mixed with special characters or so (but not using the same hard long password to other platforms).

    In case I forgot my password in my email, social media accounts (or even here on Bitcointalk), I put them on a notebook and write them down for me to remember. I also back them up in my USB drive through Notepad.
    legendary
    Activity: 2338
    Merit: 10802
    There are lies, damned lies and statistics. MTwain
    These are some statistics I’ve found on the topic of password reuse:
    Quote
    Here are some staggering statistics that show the magnitude of the password reuse problem.
    1.   A Google survey found that at least 65% of people reuse passwords across multiple, if not all, sites.
    2.   Another recent survey found that 91% of respondents claim to understand the risks of reusing passwords across multiple accounts, but 59% admitted to doing it anyway.
    3.   Microsoft recently announced that a staggering 44 million accounts were vulnerable to account takeover due to compromised or stolen passwords.
    4.   The average person reuses each password as many as 14 times.
    5.   72% of individuals reuse passwords in their personal life while nearly half (49%) of employees simply change or add a digit or character to their password when updating their company password every 90 days. These forced resets are an ineffective tactic.
    6.   And it is not just personal accounts. 73% of users duplicate their passwords in both their personal and work accounts.
    7.   Security.org found that 76% of millennials recycle their passwords.
    8.   This is why compromised passwords are responsible for 81% of hacking-related breaches, according to the Verizon Data Breach Investigations Report.
    See: https://securityboulevard.com/2020/04/8-scary-statistics-about-the-password-reuse-problem/

    The above link allows us to reference the original source for each statement, originated in different surveys over the last couple of years, with different scopes and population sizes.

    The surge and constant expansion of sites we suscribe to, that require the creation of an account (ecommerce and so forth), requires an excessive memory exercise, which leads to bad habits such as password reuse. Keeping just a few distinct credential pairs in mind for sensitive sites (hopefully with 2FA as an additional platform feature), and using a decent password manager to keep track of the others, should present a reasonable scenario where no site credentials are reused. The problem is that many people still remain unaware of the threat that password reuse practice poses.
    sr. member
    Activity: 1820
    Merit: 436
    Catalog Websites
    As an IT I understand that passwords in a website are actually encrypted so even the programmers or the websites should not be able to see your password at least.
    ...
    This is not always true. It depends entirely on the website you are using and its owner.
    The owner/developer is the one who decides how passwords are going to be saved on the database (plain text or encrypted).
    As a user and without having access to the website's back end, there is no way to know how passwords are being saved.


    I agree, but it is a good practice to encrypt the password as a programmer since you cannot really leak any information from your users, it is against the law in my country.

    That is actually the problem since they are a phishing website they just want to get information so the programmer programs it that way to get information easily.
    full member
    Activity: 868
    Merit: 185
    Roobet supporter and player!
    Actually, having an identical passwords in different websites will put you in a risk. Because hackers can easily access your account in any websites you may attended. This is the reason why I want to generate different passwords with strong security so that I can avoid loss of my accounts. My password in BTT is different in my password at binance or any social media app. There are many people have been victim because of their similar passwords and it should be a lesson for all of us that putting a strong password and different in any websites will put as away in harm.
    sr. member
    Activity: 1204
    Merit: 388
    I've also done the same mistake but instead using my mobile number and adding my birthday which i thought a good and secured idea but it got hacked, so don't put shared personal information in your password and add a backup email. I suggest to use different email, I'm currently using different email on different social accounts so it will be more secured, when one account got hacked the others will be safe.
    sr. member
    Activity: 658
    Merit: 274
    Wish for the rain? Then deal with the mud too.
    -
    For me, I highly recommend to the members use a
    Camel Case
    Symbol
    Number
    As far as making your password stronger goes, you should take a look with @bob123's reply, here, and have it into consideration whenever you'll create one or if you would make some changes with your pw. This maybe kind of odd to do for typical users, since it is quite straightforward  Grin.
    hero member
    Activity: 2268
    Merit: 588
    You own the pen
    My Bitcointalk password is always been unique since I last changed it because I was afraid that something like this could happen and getting it back is not guaranteed since the step is so complicated and there were some users who didn't get back their account after someone hacks them. Before things going out of our hand, it is better to do this step and don't forget before doing it, you must stake your BTC address here: https://bitcointalksearch.org/topic/how-to-sign-a-message-990345

    In case you messed up, The steps to recover your lost account is here: https://bitcointalksearch.org/topic/how-to-sign-a-message-990345
    legendary
    Activity: 2590
    Merit: 3015
    Welt Am Draht
    I don't give a fuck about passwords for most websites. I use the same one a million times. There's no info of note.

    However one's Bitcointalk account can be a truly valuable thing so you owe it to yourself to get it right. A few minutes of thought and memorisation will save you plenty of future grief.
    full member
    Activity: 1540
    Merit: 219
    Prioritize the security of your account above all because it is not that easy to earn your rank here.

    Never settle with only one email that you will use when you access other platforms. Using VPN is not that hard to do, you can learn how to apply it in Youtube and any other tutorials because it is really important. Always make a unique password, as soon as possible maximize using letters, numbers, and symbols to have a unique combination of passwords. Keep in mind that bitcointalk account is not that instant to have, so value it and take care of it to prevent scamming and hacking.
    full member
    Activity: 1484
    Merit: 136
    ★Bitvest.io★ Play Plinko or Invest!
    Also I see a lot of reports before with the use and problem of the members about their accounts because some of them reports it's hacked and forgot the password sometimes they are using the same password to their different accounts and also to their emails which is not a good thing this is too much prone to hacking.

    Also there are alot of them using only the left part of the keyboard to make it more easiest commonly with the use of

    A
    S
    W
    D
    R
    1
    2
    3

    legendary
    Activity: 2618
    Merit: 1105
    <<>>
    If someone steals a PC, there is no much you can do about it.
      

    Tbh, keeping such things on a PC is not only stupid, but dangerous too.
    Imho, I would never keep any of my passwords stored anywhere but write them down straight away. Keep a specific book (one is fine but you can keep 2 if you fear any kind of damage to the first one). Write the website name, username, email and password (and any extra details that are important to you like your security Q&A) and do the same in the second book. You can use a carbon paper and keep 2nd book's blank page under 1st book's page and then write if you don't want to do double up your workload. Keep both the books safe (but not in same place). Saving your passwords on browsers is also not a good practice if you want to save yourself from getting hacked.
    newbie
    Activity: 7
    Merit: 0
    <…> That way you can make individual powerful passwords and keep them in a txt file without putting them in risk.
    But having them on a txt file on the actual drive, even on linux, may still encounter the odd malware that you can install through a wallet downloaded from a wrong site. What’s more, even if isolating the computer as much as possible will mitigate risks, there’s still the risk that someone grabs/steals your physical computer, and mounts the linux disk as a secondary device to access the content, gaining access the txt file.
    Well, then use a brand new usb flash drive to save it there and use it exclusively with that PC. Downloading anything infected with  malware is user's fault. Hence avoid downloading anything from that computer. And of course, having a genuine licensed antivirus will prevent most of the malwares beign installed.
    If someone steals a PC, there is no much you can do about it.
      
    legendary
    Activity: 2744
    Merit: 3096
    Top Crypto Casino
    As an IT I understand that passwords in a website are actually encrypted so even the programmers or the websites should not be able to see your password at least.
    ...
    This is not always true. It depends entirely on the website you are using and its owner.
    The owner/developer is the one who decides how passwords are going to be saved on the database (plain text or encrypted).
    As a user and without having access to the website's back end, there is no way to know how passwords are being saved.

    Using an exclusive computer linux  based to access your cryto related website businesses is a great step.
    I encourage everyone to use Linux but it doesn't mean you are going to be 100% safe. A Linux OS can be hacked too and it doesn't matter which OS you are using if you enter your credentials into a phishing website.
    legendary
    Activity: 2338
    Merit: 10802
    There are lies, damned lies and statistics. MTwain
    <…> That way you can make individual powerful passwords and keep them in a txt file without putting them in risk.
    But having them on a txt file on the actual drive, even on linux, may still encounter the odd malware that you can install through a wallet downloaded from a wrong site. What’s more, even if isolating the computer as much as possible will mitigate risks, there’s still the risk that someone grabs/steals your physical computer, and mounts the linux disk as a secondary device to access the content, gaining access the txt file.
    Pages:
    Jump to: