I Was Hacked.

Soldato
Joined
27 Dec 2005
Posts
17,006
Location
Bristol
I can't believe the horse battery staple image is relevant about a decade after it was made!

Password manager with 2FA and a passphrase that's updated and randomly generated every 6 months. Easy.
 
Soldato
Joined
24 Aug 2013
Posts
4,551
Location
Lincolnshire
Micky my man, you were not "hacked". You simply used the same password for OCUK as you did on another site. That other site must have exposed your password, either in plain text or encrypted - if it was encrypted, it was easily 'decrypted' using a rainbow table. This is why you need to use complex passwords, because we know the encrypted versions of every simple/previously breached password and this means they are now totally pointless, forever more.

Your deets were then sold to some chancers out in India who tried to create a convincing MM for sale thread in your name.

Good job on promoting 2FA though, as this gets around the issue of passwords becoming more and more meaningless as more and more breaches happen.

Agreed, I’ve been caught out before and nearly lost several very important accounts. One reason all of my passwords are now completely different and random which are changed regularly. Stored with a master password which is handwritten and 2FA.

Haven’t had any issues since then.
 
Soldato
Joined
27 Dec 2005
Posts
17,006
Location
Bristol
Agreed, I’ve been caught out before and nearly lost several very important accounts. One reason all of my passwords are now completely different and random which are changed regularly. Stored with a master password which is handwritten and 2FA.

Haven’t had any issues since then.

What do you mean it's handwritten?? :confused:

Please tell me that doesn't mean it's written down on a scrap bit of paper in your wallet or desk drawer.
 
Associate
Joined
7 Mar 2015
Posts
1,005
See with password managers, can you use these on different devices? For example, can I have it on my PC, iphone and work laptop (the latter I can’t install software on)?

Also, what happens if the password manager password is compromised? But I guess that’s not a problem with 2FA.

What’s the recommended, free, password manager?

I would also look at 1password , it is paid , but then about £30-40 a year ain't so bad. Has better integration than bitwarden from what i hear.
 
Soldato
Joined
27 Dec 2005
Posts
17,006
Location
Bristol
I used Google personally (both saved passwords and their Auth app) and LastPass at work.

For passwords, I would advise an easily memorable postcode or number plate (so it contains a number, feel free to substitute one with a symbol too) followed by 2-3 randomly generated words (https://randomwordgenerator.com). This removes any bias.

SE!2EUphysical-merit-sermon is much easier to remember and type and far more difficult to brute force than any conceived password made of random digits and numbers.
 
Caporegime
Joined
9 Aug 2008
Posts
30,299
Location
127.0.0.1
What do you mean it's handwritten?? :confused:

Please tell me that doesn't mean it's written down on a scrap bit of paper in your wallet or desk drawer.

At least someone needs physical access to that draw with the password book in it. That's of course if the passwords are all different for every account across the web.

I couldn't imaging writing down 160 different password combinations. :cry:
 
Soldato
Joined
5 Mar 2010
Posts
10,240
Maybe it will come very soon. The problem is what happens if someone doesn't own a smart phone. Some sites you can't do 2FA email just an app.

Where as some other sites do both and some do email 2FA only with no app.

And some do SMS only.....:cry:

SMS is fine for the likely very-corner market of users who wouldn't have a smartphone that's capable of running some 2FA apps.

Either way it promotes good security practice.
 
Top Bottom