I Was Hacked.

I can't believe the horse battery staple image is relevant about a decade after it was made!

Password manager with 2FA and a passphrase that's updated and randomly generated every 6 months. Easy.
 
dLockers said:
Micky my man, you were not "hacked". You simply used the same password for OCUK as you did on another site. That other site must have exposed your password, either in plain text or encrypted - if it was encrypted, it was easily 'decrypted' using a rainbow table. This is why you need to use complex passwords, because we know the encrypted versions of every simple/previously breached password and this means they are now totally pointless, forever more.

Your deets were then sold to some chancers out in India who tried to create a convincing MM for sale thread in your name.

Good job on promoting 2FA though, as this gets around the issue of passwords becoming more and more meaningless as more and more breaches happen.
Click to expand...

Agreed, I’ve been caught out before and nearly lost several very important accounts. One reason all of my passwords are now completely different and random which are changed regularly. Stored with a master password which is handwritten and 2FA.

Haven’t had any issues since then.
 
tyler_jrb said:
Agreed, I’ve been caught out before and nearly lost several very important accounts. One reason all of my passwords are now completely different and random which are changed regularly. Stored with a master password which is handwritten and 2FA.

Haven’t had any issues since then.
Click to expand...

What do you mean it's handwritten?? :confused:

Please tell me that doesn't mean it's written down on a scrap bit of paper in your wallet or desk drawer.
 
Ahleckz said:
See with password managers, can you use these on different devices? For example, can I have it on my PC, iphone and work laptop (the latter I can’t install software on)?

Also, what happens if the password manager password is compromised? But I guess that’s not a problem with 2FA.

What’s the recommended, free, password manager?
Click to expand...

I would also look at 1password , it is paid , but then about £30-40 a year ain't so bad. Has better integration than bitwarden from what i hear.
 
I used Google personally (both saved passwords and their Auth app) and LastPass at work.

For passwords, I would advise an easily memorable postcode or number plate (so it contains a number, feel free to substitute one with a symbol too) followed by 2-3 randomly generated words (https://randomwordgenerator.com). This removes any bias.

SE!2EUphysical-merit-sermon is much easier to remember and type and far more difficult to brute force than any conceived password made of random digits and numbers.
 
Russinating said:
What do you mean it's handwritten?? :confused:

Please tell me that doesn't mean it's written down on a scrap bit of paper in your wallet or desk drawer.
Click to expand...

At least someone needs physical access to that draw with the password book in it. That's of course if the passwords are all different for every account across the web.

I couldn't imaging writing down 160 different password combinations. :cry:
 
Bouton Aide said:
Maybe it will come very soon. The problem is what happens if someone doesn't own a smart phone. Some sites you can't do 2FA email just an app.

Where as some other sites do both and some do email 2FA only with no app.

And some do SMS only.....:cry:
Click to expand...

SMS is fine for the likely very-corner market of users who wouldn't have a smartphone that's capable of running some 2FA apps.

Either way it promotes good security practice.
 
You must log in or register to reply here.
Back
Top Bottom