Comments 1 - 22 of 22 Search these comments
Is anyone surprised?
I'm only surprised that it didn't happen sooner. Previously, I felt surprised by all the talking heads exhorting everyone to use these services and the credulous "news" channels relaying that advice, but maybe some of them were working for the hackers, and in this dot-con bubble maybe an over funded money losing startup financed a PR campaign to get their app into the "news".
I've heard them talking as well. I overheard someone at my brother's Christmas bash last year telling another guest how he uses it, and his whole company uses it.
I have a habit of pissing people off, when I speak the inevitable truth. So I just kept quiet.
So what the hell do we do? What is the best way of remembering all those passwords, especially for an absent minded, disorganized person like me.
It's time to revise America's security model, it's an exercise in stupidity.
The truth is, it's not the "abc123" passwords that are getting hacked. Well NOT on the end user side, when it's something as simple as admin or default password not being changed. Then that's a whole different story rather than Jane the secretary's simple "abc123" password. Systems are more venerable to system wide attacks where users whole life is stored. Are all due to the systems them selves that have all of the information in one place. Then to tempt Irony they cancel your password every 30 days, and make you renew it, to something you don't remember. So you call up a call center, with some guy you don't know, named David but his real name is Sahir, where he has access to a database, he then resets your password, you write a new one down on post It note, then tack it to your monitor, and continue on your way.
The lady with "abc123" never forgets, and doesn't have to call a call center in New Deli every time she forgot to log into a system and change her password before 30 days was up. I like passwordless systems that relies on other information to know it's you other than your input. If NSA knows every site you go to, then damn it, those sites can know who in the hell you are with out giving hackers a chance to steal your credentials due to the unnecessary security prompts. Windows Authentication Provider is great, it should be used more than it is, for enterprise level application authentication. Creating a separate SQL database for Forms Authentication is insane. It's too bad Windows users or domain users don't integrate better with IIS to be able to create users that are for web authentication only, with out windows log on privileges. Other things I use are random obfuscated field names for each request. Register mac addresses. And never use .net controls, just regular html and code. Have a virtual machine that mimics a bogus network that you redirect all suspicious network requests to. No User name and pass word required, just seamless security. Badguys never get to crack the password.
I have a habit of pissing people off, when I speak the inevitable truth.
Captain, I have a simple suggestion to alleviate that issue. As you mentioned you voted for Ralph Nader, you might benefit from reading his opinion on something before jumping to any conclusions about what the "inevitable truth" will be. For example, in 2010, he called Obamacare "a disaster," but he had also been campaigning for marriage equality since at least as far back as 2000, when both the Democrats and the Republicans opposed it. Nader's opinions on both of those issues are the majority opinions today. (You can see for yourself here and here.) It seems to me that sometimes you get angry at the Democrats or the Republicans or both, and in that mode you say things that even Nader would reject. In those circumstances, just as everyone is fallible, you might want to consider that Nader is correct.
this all seemed inevitable to me too.
So what the hell do we do? What is the best way of remembering all those passwords, especially for an absent minded, disorganized person like me.
keep a pgp-encrypted file of your passwords. https://en.wikipedia.org/wiki/Pretty_Good_Privacy
then you have to remember just one password to use it, but unlike those other services, the password file is always on your computer alone.
and be sure to delete the unencrypted version of file after every time you decrypt to retrieve a password. just in case someone steals or gets into your computer.
LastPass, a digital password protection service, hasn’t been so safe for crypto holders who stored their vault backup passwords with the service. Several digital security researchers have now concluded that a series of large cryptocurrency thefts, claiming 150 victims and snatching $35 million, can be traced back to two hacks against LastPass in August and November last year.
I wonder how to manage all of my passwords? The only "password manager" I use is Firefox and that's for things which are not financial.
I wonder how to manage all of my passwords? The only "password manager" I use is Firefox and that's for things which are not financial.
Is anyone surprised? what kind of moron would create a account with one web site, just to give that website the your user name and password information for every online service/site that you use.
So what the hell do we do? What is the best way of remembering all those passwords, especially for an absent minded, disorganized person like me.
So what the hell do we do? What is the best way of remembering all those passwords, especially for an absent minded, disorganized person like me.
So what the hell do we do? What is the best way of remembering all those passwords, especially for an absent minded, disorganized person like me.
Strategist says
So what the hell do we do? What is the best way of remembering all those passwords, especially for an absent minded, disorganized person like me.
Strategist If you keep a pgp file of passwords, then you do not need to remember them.
I deliberately make my passwords unmemorable now. I just create a random md5 hash, like a82ed74b7987c50455ba5963b6f53a6e
Even if someone tortured me, I couldn't tell them my passwords, except the one to the file.
have only one standard password that is strong...then on every site that you use it on, all the first 3 letter of the site name to it..for example if your password is JoeBlow00/ then for patnet it would be patJoeBlow00/....for gmail it would be gmaJoeBlow00/
The solution I have is SHA256SUM (password + website). It's uncrackable without the original password.
Even if someone tortured me, I couldn't tell them my passwords, except the one to the file.
http://money.cnn.com/2015/06/15/technology/lastpass-password-hack/index.html
Is anyone surprised? what kind of moron would create a account with one web site, just to give that website the your user name and password information for every online service/site that you use.
It would seem to me, that hacking is a reality. Sites are to get hacked, you should limit your exposure to the damage that could be done.