Topic: Why dont we have a security subforum? (Read 3345 times)

and really it should be a sub forum inside the newbie section.

I misspoke i meant sub-forum not new thread

I don't think you should add a security section because it would be extremely popular for posting in, but because it is necessary. One of the first things people practically need when they use bitcoins is up-to-date computer security. So discussion about it should be encouraged.

I think there would be more posts if there was actually a sub-forum. Heck I would write posts if I thought there would be a place for people to easily find them. But I understand it will probably not be the most active part of these forums. But I bet it would get plenty of readers.

So if that mean only informative or "current" break-in post should be moved, I totally agree.

So ? other than the empty feel of a sub with 10 post what's holding this back ?

I would see it fit as a sub of "Bitcoin Discussion" or sub of "Technical Support"

I just don't think there would be enough topics for a security section. If I saw like 30 active security topics, I would consider it.


Two of those wouldn't belong in a security section.

Security deserve it's own sub forum (not thread) because the general public want to be and feel safe about owning BTCs.

Making it on the first page will simply make it easier to find,

As for the content, enough has already been said, we should start tagging all notable security thread to be moved there.

like - so...

https://bitcointalksearch.org/topic/no-blocks-downloaded-ms-security-essentials-users-please-read-323
https://bitcointalksearch.org/topic/trojan-wallet-stealer-be-careful-18238
https://bitcointalksearch.org/topic/--5194
https://bitcointalksearch.org/topic/mtgox-account-compromised-3089
https://bitcointalksearch.org/topic/trust-no-one-33835
https://bitcointalksearch.org/topic/howto-create-a-100-secure-wallet-17240
..................................

The LastPass plugin caches locally meaning you have access to your passwords offline as well, and they do not store your actual unencrypted passwords which means you're not "screwed" if they get hacked.

The most obvious attack vector is to somehow modify the javascript that gets sent to your client, or to intercept both your locally entered master password as well as the lastpass-stored encrypted keyfile.

I fully recommend LastPass, even with those two caveats in mind.

(Paying users can also use the mobile client)

Go ahead and make a thread about it if we get a security subforum

Lastpass.

I'm bumping this in hopes that we actually get this, i saw a security warning about php on off topic today and this would be a good place for threads about things like wallet stealers and securing your wallet(s) secure passwords how to pick and remember/store one and things of that nature

I'll mail you my password card.

you cant tell the pass from the card.. it could reduce the combinations you have to try by a tiny bit, but the way they work you can leave the password card pinned to your monitor.


it goes with
and this is a bit more secure than that.

still keypass is the best of the ones i mentioned.. I used to do the algorythm thing for years, but now I just keypass it.

I dont know any of my passes though and that is a bit disconcerting but i have backups of my database encrypted with a pass I do know.

If you're going to take the effort to encrypt your passords mentally you should be more than capable of remembering what they are. Those password cards look like they could have some uses but i'd never use them as a personal password, too easy to leave behind. I personally find things of signifigance but without utility make excelent passwords Ex: Your house phone from 3 changes ago. no one has any real reason to remember it or to even consider that you would use it since it's no longer of any utility.

keypass is the best, if you are willing to set it up.(easy set up.. just complex if you want as much functionality as the next solution.. basically you have to store your password file online, at a site you control but having it on usb is good but you couldnt have access to it if you didnt have your usb but did have a connection to the web)

lastpass is great, it  will generate random passwords for you, keep track of multiple accounts, and automatically fill in forms and auto log you into nearly every site. You can have access to your passwords as long as you can get a web connection. This isnt as good as keypass as it is a third party holding onto your passwords, if they go down for the day, you are screwed, if they get hacked you are screwed. But so far they have been exemplary. They had some odd network traffic and without knowing if they had been actually hacked they suggested everyone changes their master passwords, which was the proper thing to do, but which most corps dont do.

there are also some interesting paper passwords cards

last you can also come up with simple algorithms, instead of passwords.
the following example is too simplistic but it is too give you an idea.

Like a pass for this site could be Bitcointalk$321 and for bitparking could be Bitparking$321

you can see with a simple algorithm, you can make up unique passes for each site and yet have a way to remember them.
This is too simple as I said but it is easy to make so complex that you cant recognize that the pass is based on an algorithm. This is how I have done it for years.

here is a slightly more complex example to show you.

Bitcointalk is the site.

1. mix in 987654321 every other letter.

B9i8t7c6o5i4n3t2a1l0k

looking complex but not enough.

2. If the number to the right of the letter is odd Go down 3 letters, if even go up 2 letters. If neither, leave it..
E9j8w7a6or5k4q3r2c1l0k


now my pass is looking good and yet if I forget it, i can recalculate it at any time and yet someone finding that pass wont know it is made by algorithms, or the site it is for. And you can keep making your algorythm more complex, or use different rules to make the password more complex.. and all you have to do is remember your algorythm.

it can be as simple as go up a letter down a letter and mix in 123$%&789 and every other latter capitalized.
so bitparking becomes a1J2s3Q$z%S^j7J8m9F.. looks good. for a lot of sites you will need to select only the first few letters.. cause they suck, but it will still work for you.. you can add a code to remind you like double 8s to say cut off here  a1J2s3Q$z88%S^j7J8m9F

1Password is good too but it's commercial -$39.99-.

KeePass is a great utility and you can use it for organizing software keys as well... (and it's open source!)

What are some solutions you all use to keep track of several passwords without using the same password multiple places?

Yes 123456 is more secure. 

i liek this idea

dont use 'password' as your password on mtgox

I also agree with the original post exactly as stated, and have nothing novel to add to the conversation.

What if we turn this thread into the conversations we would have in a security sub-forum to show there is enough volume of discussion to justify a new thread.