Website Hack Tracker 2014


#21

At this point I don’t see how anyone can get along without a password manager.


#22

No. On the lastpass server there is a large encrypted file with all of your usernames/passwords. If your master password is strong (and encoded through enough iterations), you should be fine.

The biggest risk is when you use a weak password across multiple sites… and sites use piss poor security.


#23

Curious about the use of things like Lastpass -
Do they really just prevent brute force attempts, or is there also some kind of protection from keyloggers on your PC?


#24

You wouldn’t believe how well an innocuous piece of paper tucked away in a hardcover book can work wonders.


#25

Lastpass doesn’t do anything to mitigate brute force attempts. For keyloggers, enable two-factor authentication and disallow offline access.


#26

Huh … so it’s just a memory thing. Interesting - I guess I don’t see too much use, then. I keep a spreadsheet, myself.


#27

Aren’t you afraid that your computer might get hacked?


#28

write them on paper. I’m less concerned with my desk drawer being hacked.


#29

It’s memory alongside a built-in password generator.

Don’t discount the memory bit, though. If you’ve got a fully unique, lengthy, computationally difficult-to-guess (either using brute force or dictionary attacks) password for every single site you use, and access them all from multiple devices at different times of day, several times a day, LastPass and its suite of plugins and standalone software can be an enormous time-saver. Plus the master password files are well-encoded (not NSA-stopping, but script-kiddy stopping), as compared to your spreadsheet.


#30

Sure, but it’s all encrypted and the people who would be interested in such an action wouldn’t care about my QT3 password, lol. It’s not a master list - just the stuff I rarely use and don’t worry too much about.

The important passwords (work and what not) are memorized, so no worries there.


#31

But I can’t trust em after the security breach and non-published security audit. So…KeePass for me, and it’s what I recommend.


#32

This has been my philosophy.
Although my notebook is getting a bit messy after all these years, and I know I forgot to update a few of them after password changes. I really need to go through and neaten everything up one of these days.


#33

Well, thanks! Odd that I had to find out about it here. I wonder when they were planning on sending me an email. I just bought a couple of things there tonight before coming here, and saw no mention of it during the purchase process. Of course, when I went in to change my password just now, I did see an alert there, but I rarely if ever go into my account for any reason, since I’ve got it set up where my PayPal account is tied directly to eBay. Now I’m wondering if I should separate the two accounts. It was so handy to just click the “pay now” button and have it all taken care of immediately. But even way back when I set that up, I wondered if it was smart to have them linked. Anyone who managed to access my eBay account would have a field day with that arrangement.


#34

Yea, they have NOT done a good job of publicising it.


#35

Clues to uncommon words that mean something to you but probably not to anyone else (and certainly not to a computer or a random hacker) can be safely stored on paper or in a text file. You could have qt3 = TomBrucejWoolen

Pretty much only you would know to translate that to ChickGerykpinardHorde

xkcd approved.

  • uh, now every hacker’s computer in the universe knows that particular one, so don’t use it…

#36

Finally received an email about the Ebay Hack and just closed my account as I have absolutely no confidence in them, nor in Paypal (and their shitty password system) but I kinda need that one. Just have to move it to a ‘disposable’ email account for when it too gets hacked and leaks everything about me to the web. Maybe I can set it up with a “P.O Box”.

I’m sure the data will be put on a offline system that gets hacked again at a later time, as it turns out they forgot to ‘scrub’ it, so we’ll probably see another leak in a few years time :) (Didn’t this happen to Sony a few years ago?)

Re: Ebay Passwords: http://www.troyhunt.com/2014/05/the-ebay-breach-answers-to-questions.html


#37

Damn you, Derby. Now I have to reset everything.


#38

Toss Spotify and Avast (yes, Avast) on the list


#39

Updated.

And yea, Avast were apparently one version behind on their support forums, running SMF.
There’s a reason you need to update forums ASAP…


#40

Speaking of password managers, I’ve found KeePass quite handy, since it has both a Windows app, a *IX (Mac/LInux) and one for Android. Probbaly one for IOS as well? You have to sync the file manually though, but you’re in full control of it and not have it sent out there in the cloud somewhere.

Only downside are sites like PAYPAL that do not accept a “Cut and Paste” password, because instead of you making "#&=QAI()DFA~£@$&/YDFSGIUJA as a password that you will never remember, they prefer something like “PayPal1”.