Really getting tired of hacking now

Associate
Joined
5 Sep 2008
Posts
1,420
Location
Karazhan
Thanks. I’m thinking of getting a password manager. Is Nordpass any good?

another vote for bitwarden the premium service is only $10 it found 25 weak passwords and couple of re used passwords I'd thought had been sorted., had some scroat from Jakarta trying too get into a gaming account the other day stuff like that i have linked too my mobile phone using 2FA.
 
Last edited:
Permabanned
Joined
9 Aug 2008
Posts
35,707
Looking at this
https://account.live.com/Activity


I have had a ton of (thankfully unsuccessful) attempts. Although when I set a password Firefox offers a random jumble of letter, numbers etc so I always go for that. Malyasia, Russia, Brazil etc. That's concerning...

They can try all they like if you have 2fa/mfa enabled they ain’t getting in.

How the hell does one get 5 accounts hacked in a few weeks? I don't remember get hacked once and I've been using the internet since the 90's...

Keyloggers, database breaches, sharing passwords among sites etc.
 
Soldato
Joined
22 Oct 2002
Posts
8,234
Location
Near Cheltenham
Netherlands and Russians seem persistent...



For sites and accounts that do not offer a form of 2FA, I have gone in and changed passwords with the randomly generated suggestion that Firefox pops up with then saves into its password manager. There is not a computer on the planet that can crack a password of that length in any reasonable amount of time so at the very least if you do not use 2FA, make sure your password is strong.

At least this way the only way they will hack into your account is if the service provider has a breach and passwords are not stored by them securely.

Just checked my activity and boringly just me!

Not sure if this would affect you, but I've been stung from storing passwords in Chrome etc, if anyone does compromise your PC, they can visit sites and any creds stored will get them access..
To cut a long story short I had a VM that got compromised (Lesson here, don't open RDP ports to the public) and on that VM luckily all I had was log in creds stored for my domain registrar, however someone got in , dropped a mail forwarding app on the PC and logged in to my account at the registrar and tried buying web-space which it let him do.

I was lucky, basically the hacker went through my web history, went to those sites to see if he could get anything from them.. had he been on another PC in the house, he'd have had a field day for anywhere not 2FA..

A close shave and I've radically changed my behaviour now!
 
Soldato
Joined
25 Oct 2014
Posts
3,064
Location
East of the Middle
It’s constant now. In the last few weeks, I’ve had the following accounts hacked:

Uber eats
Spotify
Netflix
eBay
Microsoft account

All have different passwords, but that doesn’t seem to be making any difference. It’s gone from merely annoying to seriously troublesome now.
Is your password just 'habybirtdoy' for all of them?
 
Man of Honour
Joined
17 Nov 2003
Posts
36,743
Location
Southampton, UK
Why a YubiKey over a phone?

I'll start by saying that most attacks are thwarted by OTP MFA, so the difference isn't all that much. But with that said:
  • Security Keys are theoretically more secure as the codes for Google auth or similar are stored on the phone. Sophisticated malware could compromise them, although the risk of this is very low.
  • YubiKeys support FIDO2 and webauthn, which means I don't put any passwords or codes into a service, all of that is handled by the key. I may need to touch it to confirm, but that's it.
  • I have 2 YubiKeys, so if I lost my phone, I'm not stuck.
  • I still use Authy for some OTP.
One the key things to remember is that SMS OTP is NOT secure, so avoid like the plauge.
 
Joined
27 Mar 2004
Posts
4,514
Location
Telford
been following this thread with interest,
not really taken my password regime too seriously but starting to think different
have been using chrome with password recycling to lots of different sites
with 2fa on ebay and emails only

is it worth ditching chrome as password manager and going the bitwarden route?

i think because its easy to remember a recycled password at some point im going to get caught out so have to change
 
Soldato
Joined
28 Oct 2006
Posts
12,456
Location
Sufferlandria
i think because its easy to remember a recycled password at some point im going to get caught out so have to change

The main problem with reusing passwords is that it's then only as secure as the least secure site you've used it on.
Your email provider, for example, might be doing security correctly (proper server security, storing encrypted passwords, etc) but if you use that same password on some random site with rubbish security and their user database gets broken into the username/email/password you used there can then be tried on lots of other sites.

You can check on https://haveibeenpwned.com/ to see if your account details have been leaked from any sites you use.
 
Soldato
Joined
13 Oct 2008
Posts
4,755
Location
SE London Born and Bred
We're not mind readers. If you don't phrase things properly we're all left guessing what you mean.

I for one interpreted your post as you telling the OP he had a keylogger on his PC.

Anyway we can move on now that you've clarified you were merely positing that as a suggestion.

Whereas I interpreted it as him saying or it could be that somehow you have a keylogger on your computer. Which to me was a valid statement. How YOU choose to read that is on you, not the poster.
 
Back
Top Bottom