How internet security conscious are you?

[jas72]

Slightly related but in Belgium they changed from an opt out to an opt in to use your credit card outside europe.

It cut skimming from over 1000 cases to just a handful as thieves moved to other countries.

I'm not that security aware however I have adblock and no script running and rarely allow sites I don't trust even if it means I miss the odd youtube video someone sends me... you know the ones where there are over 200 scripts and a choice of 40 sites to choose from but you never know which one actually relates to the video...

 

[Chris-.-]

I have no internet finger print.

 

[p_r_i_m_e]

In a corporate environment when passwords get so secure that they have to be written down, the whole point of a secure password is negated, it maybe secure from an external IT based attack but sitting at their desk you only have to look for a well used post it note that's got it written on!

 

[platypus]

Fairly concious, where I'm likely to get hacked from is outside my control, eg someone getting onto a server of a company that has my details.

 

[RomanNose]

I think plain text passwords should be illegal to use on websites and it should be mandatory that they are stored hashed.
Imo everyone should learn how to use a password manager, it's insane that people use the same passwords for different websites.

 

[Antar Bolaeisk]

I think plain text passwords should be illegal to use on websites and it should be mandatory that they are stored hashed.
Imo everyone should learn how to use a password manager, it's insane that people use the same passwords for different websites.

Not illegal but there should certainly be a warning. I always request a password reset upon creating a new account to see if the password is stored securely or not.

 

[HecFam]

I usually use the same pretty basic password for websites i do not care about, and that do not store card info etc.

I try to pay for most things over paypal, since I prefer just signing in than entering and saving card details on many misc websites.

And i have a mixture of passwords for more secure websites.

 

[Pawnless Endgame]

Here's something for you....

At work they changed the password policy from been relaxed where everybody remembers it and rarely has their password reset ... to where people HAVE to write it down and end up having it changed every month.... people are going crazy over this new policy change! All because one guy had his account compromised with slight-ish sensitive data in an email. If anything it's worse now IMO.

Yeah, we have to change our passwords every 2 months and the IT dept gets loads of calls from people who've forgotten their new passwords because they have to change it so often. It's ridiculous - I have to remember about 12 passwords at work alone.

 

[Sash]

Relevant XKCD re: Password Security
I'm using this as my password policy at work.

 

[Judgeneo]

^That XKCD is excellent, I love how its now becoming common practise. GW2 use it as their policy too.

Jealous were at? Hopefully i can get into a similar masters.

Warwick, its really interesting stuff, go for it



Back OT, we've been taught by numerous security professionals that having password policies so strict they require the user to write them down is just as destructive as having an easy to guess one.
It goes some way to stopping people breaking in remotely from china, but all you have to do is walk in dressed as a cleaner just after work hours and read them. Good pen testing firms will do this

 

[sports_brah]

In your experience, does China really play that big a part in hacking?

 

[Horse Pop]

I don't reuse the same PWs for everything and I have selected PWs set to expire at reasonably frequent intervals.

 

[NotAGolf]

Imo everyone should learn how to use a password manager, it's insane that people use the same passwords for different websites.

How secure are password managers? I've never used one, but don't use the same password for the same site (apart from junk accounts). If your password manager is compromised somehow, then is it possible for the hacker to access all linked accounts?

Also, if you have to install the password manager, what happens if you're on a different machine, e.g. at work or a friends machine. Are you stuck unless you can install the same software?

 

[Judgeneo]

In your experience, does China really play that big a part in hacking?

Certainly, though obviously knowing exactly how much is very difficult. Countries with such corrupt goverments are the perfect place for cyber crime to thrive. Russia causes a crap load too, RBN makes hundreds of millions every year by themselves. http://en.wikipedia.org/wiki/Russian_Business_Network


Just to scare you guys a little more, Cyber crime is now worth more globally than the drugs trade. http://www.zdnet.com/blog/btl/cyber...economy-more-lucrative-than-drugs-trade/57503

 

[Kreeeee]

I am yet to upload any personal information to the internet. Except a photo my desk on this forum or talking about my job in a job thread.

I try not to link accounts that do not have to be connected to my real name to any information that is connected to my real name.

For example a forum about firefox, i don't use my real info and don't use my email address with my real name it. That email i don't use anywhere with my real name in it. So if the db of the firefox forum was hacked they wouldn't be any better off with that info. If for example i had used the same login and email at other places they might have a high chance of attacking those.

Looking at your post history and trust information, you reveal a lot of personal information on OcUK alone.

 

[Angilion]

Yeah, we have to change our passwords every 2 months and the IT dept gets loads of calls from people who've forgotten their new passwords because they have to change it so often. It's ridiculous - I have to remember about 12 passwords at work alone.

It is probably more secure to use stronger passwords and write them down than it is to use weaker passwords that you can remember, since most attacks are remote.

I have a dozen or so passwords related to an obscure subject that I can remember easily and I use those for places I don't much care about.

For anywhere that has any financial details, I use a very long password based on utter nonsense that's based on something that made me laugh. Cracking a >20 character alphanumeric password that isn't any word in any dictionary is unlikely to be possible in any practical amount of time.

But work enforces a password change every 4 weeks, so I do what everyone else does - use the same weak password with a number at the end and increase the number by 1 each time.

Come to think of it, OcUK is an exception. I've been using it for so long that I'm still using an older password, before I changed to my current method.

Amazon bugs me because there is no way to stop any card you use to shop there being automatically added as a payment option. Which means that anyone who gets access to your Amazon account can use your card to buy anything and have it delivered anywhere, without any checks. That should be optional. I'd prefer to have to enter my card details every time I pay for something. More accurately, I'd prefer accessing my Amazon account to be useless to anyone who doesn't have my card details.

In general, I use noscript and I don't use dodgy sites. That helps. If a site requires me to grant permission for dozens of sites to run whatever they want to run on my PC, I'll go somewhere else. It's probably just advertising. Probably.

 

[caz32]

Would a password like this be secure then?

DOnk3yf4c3#!#!5432

Or would it be easy to hack?

 

[mrk]

Would a password like this be secure then?

DOnk3yf4c3#!#!5432

Or would it be easy to hack?

https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx

 

[Cybergangster]

I put all my faith in LastPass.

Got help me if their database is compromised.

 

[asim18]

Not illegal but there should certainly be a warning. I always request a password reset upon creating a new account to see if the password is stored securely or not.

How does requesting your password tell you if it's stored securely or not?

The password can/will still be hashed. The script knows it's only sending the password to the registered email address; so it will automatically look up your record, decrypt it, and send it. It's not a human on the other side that gets your password and types it up in an email to you.


Though this type of plain text password emailing is a problem if your email account is compromised, just as much as other methods of password resetting.