The Board Game Hut - Great Games Supported By Great Service
Dismiss Notice
Welcome to Senior Gamers!

We are a community for mature gamers who primarily play online games on PlayStation consoles (PS4, PS3, PS Vita). You can find out more in our About Us section.

If you are new to the site, why not register? By doing so and being an active member you can view the site without adverts, make posts and more. You can register here and even do so using Facebook, Twitter or Google+!

In light of all the hacking scandals...

Discussion in 'General Discussion' started by IamNumber6, 17 Aug 2017.

  1. IamNumber6

    IamNumber6 It's not me, it's my brain!
    Staff Member Senior Citizen

    Joined:
    7 Jul 2014
    Messages:
    1,325
    Likes Received:
    1,277
    Trophy Points:
    1,369
    PSN:
    IamNumber6
    Pretty much most security experts will tell you that any password is vunerable, but this article should hopefully provide you with a little extra security during these trouble times.

    How to Create a Strong Password

    Source (Lifehacker - How to Create a Strong Password)

    Security experts recently revamped their password recommendations, abandoning picking a favourite phrase and replacing a couple characters with symbols, like c4tlo^eR. These short, hard-to-read passwords look complicated to humans but very very simple to computers.

    Instead, you want long, weird strings that neither computers nor people can guess. Humans are bad at coming up with these—we all pick the same “random” words, and we’re bad at remembering actually random strings. Follow this guide to make good passwords, or better yet, let an app make and remember them for you.

    Make your passwords very long
    Your enemy isn’t some guy in a ski mask trying to guess your password one try at a time. It’s a programme that automatically runs through massive databases of common passwords or random combinations of characters.

    The best answer to that is a very long string of words. As the webcomic xkcd famously pointed out, a bunch of plain words will do fine.

    Don’t use a common phrase
    But don’t use the same bunch of plain words as everyone else. If your password consisted of the entire script of Hamlet, it would still be unsafe if everyone else had the same password. “When in the course of human events” is a shitty password. So is a famous movie line, or a Bible verse, or even an acronym of a Bible verse.

    And don’t get clever with thematic or personally meaningful passwords. Sometimes humans do try to crack passwords, so don’t help them out by using your son’s birthday or the phrase printed on your favourite coffee mug.

    Test your password
    If you use a password manager, it’ll test your password in real time, on the safety of your computer. The sites How Secure Is My Password?, How Big Is Your Password?, and How Strong Is Your Password? test if your password is long enough. But they won’t warn you about common guessable phrases, like those Bible verses.

    Of course, typing your passwords into unfamiliar sites is a bad habit. These sites are safe, as they’re all publicly run by trusted developers who promise that your entered text never leaves your computer. Still, to be safe, just use these sites to get the gist before you make your real password.

    Don’t reuse your password
    When your password on some web service gets hacked (and it will), you’d better hope you didn’t use the same password on three other services. Don’t use a weak password for services that “don’t matter,” because some day you might give one of those services your credit card info, or use it to authorise more important services, and you won’t think to beef up your password.

    Use a password manager
    Until you do this, no matter how hard you try all the rules above, you will keep picking bad passwords. Here’s how:
    • Your “random” string of words will be something like “monkey dragon baseball princess,” four extremely common password words, and a computer will guess it.
    • You’ll pick something memorable, which will limit your options, and a computer will guess it.
    • You’ll manage to make a password a computer can’t guess, and you’ll forget it, and you’ll have to replace it with a weaker password, and a computer will guess it.
    • You’ll pick something identifiable to anyone who follows you on Twitter or Facebook—like your dog’s name—and a human will guess it.
    Instead, get your computer to make and remember your passwords for you. This is the only reliable but convenient way to manage the vast quantity of passwords that modern life requires.

    The current best in class is 1Password. If you don’t care about the detailed differences between managers, just grab this one and follow Lifehacker’s setup guide.

    There are several other fantastic, full-featured password managers for Windows and OS X, beloved by Lifehacker staff and readers. All these apps will create and remember your passwords. And all of them tell you how secure each of your passwords are. Some even alert you when the services you use get hacked, whether or not you were personally exposed.

    Of these top picks, the most distinctive is the open-source KeePass. It focuses on local storage rather than cloud solutions, and it even lets you use a file to unlock it, so you could turn a physical thumb drive into your “password.”

    Cloud-based services like 1Password and LastPass are more vulnerable to remote attacks. But because they heavily encrypt your data and don’t store your master password, you’re still safe even if those services are hacked—as long as your master password is too hard to crack. (You can also sync your encrypted password file with Dropbox or Google Drive; a hacker would still need your master password to unlock it.)

    You just need to remember one password: The one that locks your password manager. Follow all the rules above to create a strong master password, especially if you sync your data. Otherwise, if your password service ever gets hacked, the hackers will also guess your weak master password, and they will swim around in all your accounts as in a silo of Scrooge McDuck money.

    Now if you just have to write that master password down, do it on paper, and keep it somewhere safe like your wallet. Don’t write “MASTER PASSWORD” on it. Rip it up as soon as you’ve memorised it (which will take just a day or two, thanks to the muscle memory of typing it in every time you log into anything).

    Don’t forget your master password, or you could be completely and utterly screwed.

    Don’t store passwords in your browser
    Those can get hacked, too. Some of Opera’s saved passwords were partially hacked last year. Even Google accounts are vulnerable. A hacker doesn’t have to defeat Google’s security—they just have to trick you, and it’s a lot easier for hackers to pose as Google and request your login than it is for them to pretend to be your chosen password management app. If your Google account gets hacked, you’ll be in enough trouble without also worrying about all your saved passwords.

    Follow the rules every time
    Of course, your bank, your doctor’s portal, and your library are still following the outdated security recommendations, so they’ll still force you to follow weirdly specific rules for password creation, like making you start with a letter or include one symbol. (Ironically, by lowering the number of possible passwords, these rules make them easier to crack.)

    First generate a random, secure password with your password manager. Then amend that password as minimally as possible to comply with the service’s specific rules. Do your password editing inside your password manager, so it can alert you if you’re turning a strong password into a weak one.

    We’ve covered how to create a memorable password if you absolutely have to. But since all our recommended password managers offer mobile apps (KeePass recommends certain third-party mobile ports), you can save your password anywhere you go. There’s just no reason to make up your own password.

    Use two-factor authentication
    While it isn’t foolproof, two-factor provides a layer of security for only a minimal loss of convenience. But not all two-factor is equally secure. Dedicated authentication apps are a lot safer than just getting a code over SMS. But both are safer than a password alone.

    Don’t ruin all this by using security questions
    Security questions? More like insecurity questions! I’m fun at parties. Point is, the concept of security questions made some sense when they were used in 1906 and answered face-to-face, but they’re ludicrous now that anyone can Google up your mother’s maiden name, where you went to school, or your favourite ice cream flavour, then call Amazon tech support and pose as you.

    Treat security questions basically the same way you treat your passwords: Make up fake answers, and save them in your password manager. Security questions are for talking to humans, not computers, so you don’t have to add weird characters to your answers. Instead, you want to pick wrong and uncommon answers. What high school did you go to? Scoobert Doobert High. What’s your mother’s maiden name? Blempgorf. This is where you can put all that clever energy that you’re not allowed to put into your passwords. (It’s also a decent strategy for picking that one master password that you have to memorise.)

    Remember, everything is broken
    Passwords are bad and dumb. But so is everything else. Fingerprints can be stolen, two-factor texts can be rerouted, keys can be copied. As tech reporter Quinn Norton put it, everything is broken, and as writer/programmer Dan Nguyen put it, everything is (even more) broken. Security technology is a race between the good guys and the bad guys, and it’s just impossible to have perfectly secure technology without sacrificing many of that technology’s benefits.

    So once you’ve set up your password manager, replaced all your passwords, and enabled two-factor authentication, don’t think your work is done. Some day everything will move onto a new security system, and you’ll have to adapt. That’s the price we pay for putting our lives online.

    Source (Lifehacker - How to Create a Strong Password)
     
  2. Martok

    Martok Board Game Addict
    Staff Member Senior Citizen

    Joined:
    12 Mar 2012
    Messages:
    4,844
    Likes Received:
    2,938
    Trophy Points:
    2,400
    PSN:
    Martok-
    This is something I mentioned at the end of last year in this thread:

    Time to re-think your online security?

    It's good that Lifehacker have brought up the issue again and it's really worth folks thinking about their password use on various sites.

    I use 1Password (we have the Families version which works out cheaper than 2 single versions and means we can have up to 5 family members in total) and it's great.

    I also use 2 factor authentication on important sites/accounts (email, banking etc) and what's neat is that I can use 1Password as my 2FA authenticator (it has built in fields that allow this) rather than having to use another app.

    Just a reminder that you can enable 2FA on here if you want to (I do but that's a no brainer seeing as I'm an admin). :)
     
  3. IamNumber6

    IamNumber6 It's not me, it's my brain!
    Staff Member Senior Citizen

    Joined:
    7 Jul 2014
    Messages:
    1,325
    Likes Received:
    1,277
    Trophy Points:
    1,369
    PSN:
    IamNumber6
    I read an interesting article regarding the guy who created the password criteria of 'At least one capital letter, one lower case, a numerical character and a special character' who stated that he is now sorry for his original statement stating that it was a load of rubbish.
     
  4. Martok

    Martok Board Game Addict
    Staff Member Senior Citizen

    Joined:
    12 Mar 2012
    Messages:
    4,844
    Likes Received:
    2,938
    Trophy Points:
    2,400
    PSN:
    Martok-
    Yes, I read that too. Reported in a few places including the BBC:

    Password guru regrets past advice - BBC News

    Replacing letters with numbers doesn't work, password cracking programs are designed to try these simple replacements.

    As for businesses that force users to change their password every 90 days:

    This is exactly what I did with my previous employer and I know that several colleagues did the same.

    A phrase consisting of random words is a much better solution (easier to remember for humans than random letters & numbers & symbols):

    [​IMG]

    The best solution IMO though is a password manager to give you very long, unique passwords for every site that you use (150+ for me!!)
     
  5. Plaxinator

    Plaxinator Wino extraordinaire
    Staff Member Senior Citizen

    Joined:
    30 Jun 2012
    Messages:
    3,109
    Likes Received:
    2,301
    Trophy Points:
    1,790
    PSN:
    Plaxinator
    But aren't you worried about your password manager getting hacked? I'm surprised this hasn't actually happened yet - seems a logical choice for crooks that want to steal peoples passwords. Like keeping your eggs all in one basket.
     
  6. Martok

    Martok Board Game Addict
    Staff Member Senior Citizen

    Joined:
    12 Mar 2012
    Messages:
    4,844
    Likes Received:
    2,938
    Trophy Points:
    2,400
    PSN:
    Martok-
    No due to the security that is in place for this. For 1Password you can read about it here:

    Security - 1Password

    and more detail in their white paper:

    https://1password.com/files/1Password for Teams White Paper.pdf


    The encryption used just will not be broken, so even if they did steal all the data on the 1Password servers they'd never be able to crack it. Also the master password that I use (which is easy for me to remember but is very strong) isn't stored anywhere, nor is it transmitted anywhere either, so there's no way that they could get hold of it.

    It's far less safe to continue to use weak passwords or ones based on the number-replacement method as mentioned above (all of which can be cracked as password crackers just work through huge lists of these types of passwords) than it is to use strong passwords secured within a good password manager.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice