Password Strength

[Rockstar]

An eye opener how fast people crack open your bank account.

[August]

Why I won't let my bank set up an online account.

[Rockstar]

I do, but I don't use words found in any dictionary. Just random use of no less than a combination of 12 (more the better) letters, special characters and numbers with a 2FA or two step verification. If your credit/debit cards get compromised its usually because people just aren't paying attention or save them in an online retailer provided wallet. Rather than attack individuals hackers will hack through a retailers security to get your and a lot of others information. I also shop online but never save credit card numbers as retailers try to convince us 'for your convenience'.


Should add too, my bank allows me to freeze and unfreeze my card between use. I also set up alerts and receive a text every time a card is used for a purchase by me or anyone, very convenient. That and I only browse using HTTPS only mode helps too.

[Eichhörnchen]

I don't have enough money to be worried about any of this But just keep your hands off my nuts

[Jimbuna]

I've crossed swords with a couple of people that used to specialise in this type of thing and it can be quite an eye opening experience.

[Skybird]

For sensitive, money-related things, I use randomly choosen combinations of letters, numbers and symbols, not shorter than 20 characters, and 2 way authentication.



With more laidback puposes, I indeed use easy to remember words. Forum accesses for example.



The first i store on usb sticks, i never use any sort of password managers for them and do not save them encrypted or else on hd or online. Paste and copy, after the transaction done the stick gets disconnected physically and goes back to the safe. System gets a cold start afterwards and browser gets cleaned. I do not allow cookies much andstoring of typed in content. I also do such actions only on a second, hardened system running linux. Windows is a lousy choice and keyloggs any entry and phones it home to MS and NSA.



I NEVER would do banking via smartphone again, or shopping. My smartphone holds no personal or sensitive data or files whatever.


Ikeep it simpler with uncritical purposes and very tough and uncomfortable with sensitive purposes.

[vienna]

Quote:

Originally Posted by Eichhörnchen

I don't have enough money to be worried about any of this But just keep your hands off my nuts

<O>

[Rockstar]

[vienna]

Quote:

Originally Posted by Rockstar

I do, but I don't use words found in any dictionary. Just random use of no less than a combination of 12 (more the better) letters, special characters and numbers with a 2FA or two step verification. If your credit/debit cards get compromised its usually because people just aren't paying attention or save them in an online retailer provided wallet. Rather than attack individuals hackers will hack through a retailers security to get your and a lot of others information. I also shop online but never save credit card numbers as retailers try to convince us 'for your convenience'.


Should add too, my bank allows me to freeze and unfreeze my card between use. I also set up alerts and receive a text every time a card is used for a purchase by me or anyone, very convenient. That and I only browse using HTTPS only mode helps too.

Well, the gist of this thread has suddenly become relevant to me. I subscribe to a service the USPS offers where they email me a scan of any mail they process for my address; I usually use this to decide if I'll bother to go and retrieve my mail from the mailbox or leave it for a bit, sort of 'if its junk mail, it can wait'; last Friday, the scan showed a piece of junk mail and a letter from the insurer who administers my Medicare/Medi-Cal health insurance coverage; I thought it was just another of the monthly summaries of what was expended by the plan on my behalf, some thing which does not normally require me t respond in any way, so I left it there in the box; Saturday, the scan showed no new mail, so I also left the box untouched; yesterday night, Sunday, on the way home, I took the mail from my mailbox, but did not open it; today. I opened what I expected to be the usual monthly summary form the insurance company and found out I was being notified there had been a breach of patient records and that my data was part of the breach; the insurance company stated the breach had been a hack of a third -party service they contracted with to provide interface between the various entities involved in my coverage; so far, it seems the extent of the data is minimal and will not necessarily affect me financially; the insurer also stated they had terminated the third-party service (Duh!!) and offered me one year of cyber-security coverage for free for continued monitoring of any of my other accounts; like not a few of the others on this forum, I also have had a dim view of putting out too much info of websites and also have kept any financial dealings down to a very bare minimum (I don't even have credit cards), so I really doubt I am currently at much risk, but the incident does underscore just how tenuous the security of our data really is and how, even though one might have a degree of confidence in the security efforts of the entities we primarily deal with, we really have little to no knowledge of, or control over, the third-party contractor with whom they do business or with whom they contract and allow to access our data...







<O>

[Rockstar]

When OPM got hacked I got a free year of cyber security too. Of course that year ended a long time ago and now I'm paying for it. Since then I've had two credit cards compromised. But thanks to instant bank notifications and the ability to freeze the cards until I need them. The thieves got nothing. However I think they must have gotten them by breaking into a major retail data bank rather than my computer.

Passwords are important. The people who hacked your information may not have gotten any passwords to break into and immediately see any of your sensitive data. But they may have seen your name and the length of your password. How far they can go depends on the length and complexity of that password.

Back in the day an 8 character password was considered strong and very effective. Not today though. Today's desktop computers with a good hack program can take an 8 character password with upper and lower case letters and crack it by brute force in less than 9 minutes. Adding numbers and special characters to it and only takes them 2.5 hours to hack.

And DO NOT ever ever use dictionary words in a password no matter how long you make them. Hack programs have and search through every imaginable word and variance Moon*Rocks or M0-0nRock$* it doesn't matter. Those kind of passwords will be brute forced instantly

Today it is mandatory your password is no less than 12 RANDOM characters. Simply using 12 random upper and lower case letters increases the time to brute force to 123 years (390 quintillion probabilities). Add special characters and numbers to it and you increase the time to hack to over 8,500 years (26 sextillion probabilities)


Tighten up those passwords!


I use five 12 to 16 random character passwords comprised of upper, lower case letters, number and special characters. I never save them on my PC and I couldn't remember them if I tried, I have to write them down. So as an additional security measure should anyone find the list, I run them together in one long string. Only thing I have to commit to memory is where the breaks are that separates them and what they go too.

[Rockstar]

I forgot, just a few days ago I submitted a SPAM report. That's another thing you need to watch out for and be careful with a type of hack called Social Engineering. They can be found in emails, message boards or blogs. The hacker posts what looked like everyday spam, a small well written paragraph that made what he was selling look interesting, useful, increasing your curiosity. Made ya want to click on that link to see what it was.


DON'T EVER FALL FOR IT. It could be more than just a spammer trying to sell you something. That link could actually be malicious and lead to a security breach without you ever knowing about it until its too late.


Instead let the cursor hover over link to see the entire url first before you click on it. Better yet just ignore it

[Moonlight]

Quote:

Originally Posted by August

Why I won't let my bank set up an online account.

Me too, here in the UK we have what's called telephone banking, it's what I use to transfer funds from one account to another, it's voice activated as well if you want to use that option.