Password Strength

vienna · 04-05-21, 05:03 PM

Quote:

Originally Posted by Rockstar

I do, but I don't use words found in any dictionary. Just random use of no less than a combination of 12 (more the better) letters, special characters and numbers with a 2FA or two step verification. If your credit/debit cards get compromised its usually because people just aren't paying attention or save them in an online retailer provided wallet. Rather than attack individuals hackers will hack through a retailers security to get your and a lot of others information. I also shop online but never save credit card numbers as retailers try to convince us 'for your convenience'.

Should add too, my bank allows me to freeze and unfreeze my card between use. I also set up alerts and receive a text every time a card is used for a purchase by me or anyone, very convenient. That and I only browse using HTTPS only mode helps too.

Well, the gist of this thread has suddenly become relevant to me. I subscribe to a service the USPS offers where they email me a scan of any mail they process for my address; I usually use this to decide if I'll bother to go and retrieve my mail from the mailbox or leave it for a bit, sort of 'if its junk mail, it can wait'; last Friday, the scan showed a piece of junk mail and a letter from the insurer who administers my Medicare/Medi-Cal health insurance coverage; I thought it was just another of the monthly summaries of what was expended by the plan on my behalf, some thing which does not normally require me t respond in any way, so I left it there in the box; Saturday, the scan showed no new mail, so I also left the box untouched; yesterday night, Sunday, on the way home, I took the mail from my mailbox, but did not open it; today. I opened what I expected to be the usual monthly summary form the insurance company and found out I was being notified there had been a breach of patient records and that my data was part of the breach; the insurance company stated the breach had been a hack of a third -party service they contracted with to provide interface between the various entities involved in my coverage; so far, it seems the extent of the data is minimal and will not necessarily affect me financially; the insurer also stated they had terminated the third-party service (Duh!!) and offered me one year of cyber-security coverage for free for continued monitoring of any of my other accounts; like not a few of the others on this forum, I also have had a dim view of putting out too much info of websites and also have kept any financial dealings down to a very bare minimum (I don't even have credit cards), so I really doubt I am currently at much risk, but the incident does underscore just how tenuous the security of our data really is and how, even though one might have a degree of confidence in the security efforts of the entities we primarily deal with, we really have little to no knowledge of, or control over, the third-party contractor with whom they do business or with whom they contract and allow to access our data...

<O>

Rockstar · 04-06-21, 07:46 AM

When OPM got hacked I got a free year of cyber security too. Of course that year ended a long time ago and now I'm paying for it. Since then I've had two credit cards compromised. But thanks to instant bank notifications and the ability to freeze the cards until I need them. The thieves got nothing. However I think they must have gotten them by breaking into a major retail data bank rather than my computer.

Passwords are important. The people who hacked your information may not have gotten any passwords to break into and immediately see any of your sensitive data. But they may have seen your name and the length of your password. How far they can go depends on the length and complexity of that password.

Back in the day an 8 character password was considered strong and very effective. Not today though. Today's desktop computers with a good hack program can take an 8 character password with upper and lower case letters and crack it by brute force in less than 9 minutes. Adding numbers and special characters to it and only takes them 2.5 hours to hack.

And DO NOT ever ever use dictionary words in a password no matter how long you make them. Hack programs have and search through every imaginable word and variance Moon*Rocks or M0-0nRock$* it doesn't matter. Those kind of passwords will be brute forced instantly

Today it is mandatory your password is no less than 12 RANDOM characters. Simply using 12 random upper and lower case letters increases the time to brute force to 123 years (390 quintillion probabilities). Add special characters and numbers to it and you increase the time to hack to over 8,500 years (26 sextillion probabilities)

Tighten up those passwords!

I use five 12 to 16 random character passwords comprised of upper, lower case letters, number and special characters. I never save them on my PC and I couldn't remember them if I tried, I have to write them down. So as an additional security measure should anyone find the list, I run them together in one long string. Only thing I have to commit to memory is where the breaks are that separates them and what they go too.

Rockstar · 04-06-21, 09:41 AM

I forgot, just a few days ago I submitted a SPAM report. That's another thing you need to watch out for and be careful with a type of hack called Social Engineering. They can be found in emails, message boards or blogs. The hacker posts what looked like everyday spam, a small well written paragraph that made what he was selling look interesting, useful, increasing your curiosity. Made ya want to click on that link to see what it was.

DON'T EVER FALL FOR IT. It could be more than just a spammer trying to sell you something. That link could actually be malicious and lead to a security breach without you ever knowing about it until its too late.

Instead let the cursor hover over link to see the entire url first before you click on it. Better yet just ignore it

Skybird · 04-06-21, 10:26 AM

Maintain two systems, and never ever mix their content. One simple one with non-Windows and only meant for banking or trusted shopping, very sensible emailing with adresses you never share with just anybody, the other system for surfing, gaming, working, whatever.

I do so since years.

And never ever have email adresses, emailing, shopping, paying, banking installed on your cellphone. NEVER. Nothing personal on your smartphone. NOTHING expect your google account data.

Needless to say: keep your google account empty and tidy, do not use their services requesting you to have GPS and tracking on, personal profiling on, personal data sharing on, cloud computing on, all that beeping, blinkling sweet candy-kind of glamour child's play-stuff.

Think of all that as refined white sugar or glucose sirup. Its sweet, it makes many things taste better, its offered everywhere, all the time, in everything, the temptation is omnipresent. But your health is better off without it. Even more, your health will NEVER EVER benefit from it in any way if you consume it.

Rockstar · 04-06-21, 11:28 AM

Think about all the links people post on subsim to confirm our bias. Anyone of us could instead post a malicious url. Thankfully most of us have enough problems just trying to figure out how to turn our computers on let alone hacking one.

But start practicing good security habits keeping things in mind like Skybird suggests strong passwords, isolated, neat, and tidy systems, VPNs, 2FA. Know what a malicious address might look like and learn to float the cursor over the link to see the complete url before clicking on it.

I'm pretty sure the 5 Eyes Alliance has the means to see everything anyway. But I use protonmail end to end encryption, Norton anti-virus and VPN to give me an even greater illusion of security against everyone else

Rockstar · 04-12-21, 11:11 PM

Anyone of heard of or use CylancePROTECT? From what I understand it could be described as a proactive antivirus program. Where it detects and prevents virus/malware BEFORE it gets installed on your hardware. Whereas the one like I use and most others use react to the installation of malware.

Guess its been around for a few years already but I just ran across it when I saw it was partly funded by In-Q-Tell. Which happens to be conected to some high up government mucky mucks and the CIA.

vienna · 04-16-21, 11:47 AM

A couple of years ago, in the SubSim PC Hardware/Software forum, I posted a link to a free service offered by Firefox for finding out if your particular email address has been compromised in a data breach; you don't have to be a Firefox user to use the service; you simply input your email address(es) and the service scans for any mention of that address in any known data breach(es); I thought reposting the link might be of some use in regards to this topic...

Firefox Monitor:

https://monitor.firefox.com/

This is the link to the underlying service used by Firefox for its Monitor; if you wish, you can go directly to this link and search your address(es); this link does give a bit more detail on the breaches, if any, associated with your email address...

Have i been pwned?

https://haveibeenpwned.com/

<O>

04-06-21, 07:46 AM	#2
Rockstar In the Brig Join Date: Nov 2002 Location: Zendia Bar & Grill Posts: 12,614 Downloads: 10 Uploads: 0	When OPM got hacked I got a free year of cyber security too. Of course that year ended a long time ago and now I'm paying for it. Since then I've had two credit cards compromised. But thanks to instant bank notifications and the ability to freeze the cards until I need them. The thieves got nothing. However I think they must have gotten them by breaking into a major retail data bank rather than my computer. Passwords are important. The people who hacked your information may not have gotten any passwords to break into and immediately see any of your sensitive data. But they may have seen your name and the length of your password. How far they can go depends on the length and complexity of that password. Back in the day an 8 character password was considered strong and very effective. Not today though. Today's desktop computers with a good hack program can take an 8 character password with upper and lower case letters and crack it by brute force in less than 9 minutes. Adding numbers and special characters to it and only takes them 2.5 hours to hack. And DO NOT ever ever use dictionary words in a password no matter how long you make them. Hack programs have and search through every imaginable word and variance MoonRocks or M0-0nRock$ it doesn't matter. Those kind of passwords will be brute forced instantly Today it is mandatory your password is no less than 12 RANDOM characters. Simply using 12 random upper and lower case letters increases the time to brute force to 123 years (390 quintillion probabilities). Add special characters and numbers to it and you increase the time to hack to over 8,500 years (26 sextillion probabilities) Tighten up those passwords! I use five 12 to 16 random character passwords comprised of upper, lower case letters, number and special characters. I never save them on my PC and I couldn't remember them if I tried, I have to write them down. So as an additional security measure should anyone find the list, I run them together in one long string. Only thing I have to commit to memory is where the breaks are that separates them and what they go too. Last edited by Rockstar; 04-06-21 at 11:34 AM.

04-06-21, 09:41 AM	#3
Rockstar In the Brig Join Date: Nov 2002 Location: Zendia Bar & Grill Posts: 12,614 Downloads: 10 Uploads: 0	I forgot, just a few days ago I submitted a SPAM report. That's another thing you need to watch out for and be careful with a type of hack called Social Engineering. They can be found in emails, message boards or blogs. The hacker posts what looked like everyday spam, a small well written paragraph that made what he was selling look interesting, useful, increasing your curiosity. Made ya want to click on that link to see what it was. DON'T EVER FALL FOR IT. It could be more than just a spammer trying to sell you something. That link could actually be malicious and lead to a security breach without you ever knowing about it until its too late. Instead let the cursor hover over link to see the entire url first before you click on it. Better yet just ignore it Last edited by Rockstar; 04-06-21 at 11:40 AM.

04-06-21, 10:26 AM	#4
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,681 Downloads: 10 Uploads: 0	Maintain two systems, and never ever mix their content. One simple one with non-Windows and only meant for banking or trusted shopping, very sensible emailing with adresses you never share with just anybody, the other system for surfing, gaming, working, whatever. I do so since years. And never ever have email adresses, emailing, shopping, paying, banking installed on your cellphone. NEVER. Nothing personal on your smartphone. NOTHING expect your google account data. Needless to say: keep your google account empty and tidy, do not use their services requesting you to have GPS and tracking on, personal profiling on, personal data sharing on, cloud computing on, all that beeping, blinkling sweet candy-kind of glamour child's play-stuff. Think of all that as refined white sugar or glucose sirup. Its sweet, it makes many things taste better, its offered everywhere, all the time, in everything, the temptation is omnipresent. But your health is better off without it. Even more, your health will NEVER EVER benefit from it in any way if you consume it. __________________ If you feel nuts, consult an expert.

04-06-21, 11:28 AM	#5
Rockstar In the Brig Join Date: Nov 2002 Location: Zendia Bar & Grill Posts: 12,614 Downloads: 10 Uploads: 0	Think about all the links people post on subsim to confirm our bias. Anyone of us could instead post a malicious url. Thankfully most of us have enough problems just trying to figure out how to turn our computers on let alone hacking one. But start practicing good security habits keeping things in mind like Skybird suggests strong passwords, isolated, neat, and tidy systems, VPNs, 2FA. Know what a malicious address might look like and learn to float the cursor over the link to see the complete url before clicking on it. I'm pretty sure the 5 Eyes Alliance has the means to see everything anyway. But I use protonmail end to end encryption, Norton anti-virus and VPN to give me an even greater illusion of security against everyone else Last edited by Rockstar; 04-06-21 at 11:46 AM.

04-12-21, 11:11 PM	#6
Rockstar In the Brig Join Date: Nov 2002 Location: Zendia Bar & Grill Posts: 12,614 Downloads: 10 Uploads: 0	Anyone of heard of or use CylancePROTECT? From what I understand it could be described as a proactive antivirus program. Where it detects and prevents virus/malware BEFORE it gets installed on your hardware. Whereas the one like I use and most others use react to the installation of malware. Guess its been around for a few years already but I just ran across it when I saw it was partly funded by In-Q-Tell. Which happens to be conected to some high up government mucky mucks and the CIA. Last edited by Rockstar; 04-12-21 at 11:21 PM.

04-16-21, 11:47 AM	#7
vienna Navy Seal Join Date: Jun 2005 Location: Anywhere but the here & now... Posts: 7,719 Downloads: 85 Uploads: 0	A couple of years ago, in the SubSim PC Hardware/Software forum, I posted a link to a free service offered by Firefox for finding out if your particular email address has been compromised in a data breach; you don't have to be a Firefox user to use the service; you simply input your email address(es) and the service scans for any mention of that address in any known data breach(es); I thought reposting the link might be of some use in regards to this topic... Firefox Monitor: https://monitor.firefox.com/ This is the link to the underlying service used by Firefox for its Monitor; if you wish, you can go directly to this link and search your address(es); this link does give a bit more detail on the breaches, if any, associated with your email address... Have i been pwned? https://haveibeenpwned.com/ <O> __________________ __________________________________________________ __