Hacked Celebrity Photos
Discussion
Eric Mc said:
bhstewie said:
Use a password manager such as KeePass or LastPass.
I work in IT and have around 300 sets of credentials to remember and you're quite right, can't be done without a suitable tool for the job.
Until someone hacks your "password manager" - then your online life is effectively over.I work in IT and have around 300 sets of credentials to remember and you're quite right, can't be done without a suitable tool for the job.
Eric Mc said:
bhstewie said:
Use a password manager such as KeePass or LastPass.
I work in IT and have around 300 sets of credentials to remember and you're quite right, can't be done without a suitable tool for the job.
Until someone hacks your "password manager" - then your online life is effectively over.I work in IT and have around 300 sets of credentials to remember and you're quite right, can't be done without a suitable tool for the job.
For personal use it comes down to risk and for most people the reality is that without one they will just re-use passwords across sites and services.
Remember as well that the most likely scenario isn't your password manager being hacked, it's that a service you use is hacked.
Take PistonHeads for example, do you know how securely they store your details?
If you're in a position to have lots of unique passwords and keep them all in your head then absolutely do so, if you're more comfortable keeping them all in a little black book then by all means do so if you think you can assure its safety against theft loss or destruction.
SilverSpur said:
Eric Mc said:
bhstewie said:
Use a password manager such as KeePass or LastPass.
I work in IT and have around 300 sets of credentials to remember and you're quite right, can't be done without a suitable tool for the job.
Until someone hacks your "password manager" - then your online life is effectively over.I work in IT and have around 300 sets of credentials to remember and you're quite right, can't be done without a suitable tool for the job.
If you're super concerned about the application exfiltrating data, then you can simply block it from doing so using a firewall or applocker. You could even run it up in a virtual machine with no installed network interfaces if you were really paranoid.
Mr Happy said:
KeePass (at least) is open source software, its source code including the encryption implementations are available for anyone to download, view, use and recompile at will. If you're worried about compromise happening, you can roll your own version of it (if you are capable of doing so, of course).
If you're super concerned about the application exfiltrating data, then you can simply block it from doing so using a firewall or applocker. You could even run it up in a virtual machine with no installed network interfaces if you were really paranoid.
That's sorted then. Glad to know it's so simple. If only I knew what you actually said.If you're super concerned about the application exfiltrating data, then you can simply block it from doing so using a firewall or applocker. You could even run it up in a virtual machine with no installed network interfaces if you were really paranoid.
Eric Mc said:
Mr Happy said:
KeePass (at least) is open source software, its source code including the encryption implementations are available for anyone to download, view, use and recompile at will. If you're worried about compromise happening, you can roll your own version of it (if you are capable of doing so, of course).
If you're super concerned about the application exfiltrating data, then you can simply block it from doing so using a firewall or applocker. You could even run it up in a virtual machine with no installed network interfaces if you were really paranoid.
That's sorted then. Glad to know it's so simple. If only I knew what you actually said.If you're super concerned about the application exfiltrating data, then you can simply block it from doing so using a firewall or applocker. You could even run it up in a virtual machine with no installed network interfaces if you were really paranoid.
Don said:
What Mr Happy said is that KeePass is software that can be trusted - because the source code (computer instructions) are publically available and therefore subject to the review of millions of programmers. He also said if you want to prevent evildoers using an application like a Trojan Horse to steal your data and transmit it back to their lair you can use various and fairly simple technical means to do so. Much "malware" "phones home" with your data. Even if the malware is on your machine you can simply cut the phone line.
Yep, that's it in a nutshell - thanks DonEric Mc said:
Yep - all perfectly clear now.
I think I'll keep my passwords in a secret notebook.
Tbh Eric if you don't want to learn the tech that's as good an approach as any though not without pitfalls i.e. what if you lose it, the dog eats it etc.I think I'll keep my passwords in a secret notebook.
Handwritten though, I know a chap who stored everything in a Word document, which wasn't the best idea ever.
That said, something like KeePass take 2 minutes to download and setup so respectfully there aren't many good reasons not to take a look
Having a unique password for every website really isn't that hard.
For example, just remember a base password and stick letter and/or numbers on the end that are applicable to that particular site.
For instance, if your base password is "password" you can come up with a password for PistonHeads by adding a "P" to the front and a "H" to the end, making your password "PpasswordH"
That's a very simple version but the basics apply to a more complex solution too. You could add numbers that correspond to the letter's position in the alphabet, you could do a simple in-head calculation to create a number based on the number of letters in the site name.
PistonHeads has 11 characters in the title so why not make your password "PpasswordH11"
Have a rule whereby you always use a zero in place of the letter o or use a 5 in place of an S to get "Ppa55w0rdH"
For example, just remember a base password and stick letter and/or numbers on the end that are applicable to that particular site.
For instance, if your base password is "password" you can come up with a password for PistonHeads by adding a "P" to the front and a "H" to the end, making your password "PpasswordH"
That's a very simple version but the basics apply to a more complex solution too. You could add numbers that correspond to the letter's position in the alphabet, you could do a simple in-head calculation to create a number based on the number of letters in the site name.
PistonHeads has 11 characters in the title so why not make your password "PpasswordH11"
Have a rule whereby you always use a zero in place of the letter o or use a 5 in place of an S to get "Ppa55w0rdH"
I wouldn't bother with converting o to 0 and S to 5; that's been known for so long it's a waste of time.
But I agree about devising a single password system to remember instead of millions of passwords.
You can use a combination of something unique to the thing you're logging into:
e.g. letters 2,3 and 4 from the domain name:
pistonheads.com = ist
Add in something you can remember but is hard to guess such as a line from a film or a song lyric:
Imagine all the people = iatp
Add punctuation to strengthen it further and adhere to password strength checkers when necessary.
ist!iatp.
And a number can be either something you can remember, or something like the number of letters in the domain name:
pistonheads = 11 characters
Voila - pistonheads.com becomes:
ist!11iatp.
Or for Natwest
atw!7iatp.
Or lovemygoat.com
ove!10iatp.
etc.
Of course, if it were a personal attack and several of these had been leaked it wouldn't need Bletchley Park could figure it out, but with so many people having crappy passwords you elevate yourself into the category of, "not worth the bother".
But I agree about devising a single password system to remember instead of millions of passwords.
You can use a combination of something unique to the thing you're logging into:
e.g. letters 2,3 and 4 from the domain name:
pistonheads.com = ist
Add in something you can remember but is hard to guess such as a line from a film or a song lyric:
Imagine all the people = iatp
Add punctuation to strengthen it further and adhere to password strength checkers when necessary.
ist!iatp.
And a number can be either something you can remember, or something like the number of letters in the domain name:
pistonheads = 11 characters
Voila - pistonheads.com becomes:
ist!11iatp.
Or for Natwest
atw!7iatp.
Or lovemygoat.com
ove!10iatp.
etc.
Of course, if it were a personal attack and several of these had been leaked it wouldn't need Bletchley Park could figure it out, but with so many people having crappy passwords you elevate yourself into the category of, "not worth the bother".
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff