I Was Hacked.

Man of Honour
Joined
13 Oct 2006
Posts
81,954
This is why complex passwords are totally and utterly flawed anyway.

Even in this day and age there are sites where the backend doesn't use a particularly strong password system i.e. limited length hash where multiple passwords will match. Bit less usual these days but I know some still do.

I find 2FA a pain in the rear, every site seems to have a slightly different implementation and while the security from other people is much higher so is the chance of locking yourself out of your account forever.

Please tell me that doesn't mean it's written down on a scrap bit of paper in your wallet or desk drawer.

With 2FA systems you often have to store back up codes somewhere as well... (well you don't strictly have to but it is a good idea to have a copy of them).
 

mrk

mrk

Man of Honour
Joined
18 Oct 2002
Posts
90,856
Location
South Coast
Also a recommendation for storing passwords/backup codes and other personal details. I keep them in a password protected OneNote file. This is synced to my MS account (coud be on Google Drive/DropBOx etc too or whatever else you use) so I can get to it on my phone if needed or if my computer dies etc. If someone gets into your files then they cannot access the data in the file as it's encrypted. You could use a spreadsheet etc too but I find OneNote far nicer to format everything in a consistent way and makes pasting in scanned documents like passport copies etc easier too. My entire paper filing system is digital for pretty much everything all within one OneNote.
 
Associate
Joined
2 Jul 2019
Posts
1,836
Good to hear no one lost money.

As we're on the subject of security, what's actually feasible with regards to PC physical security? PC gets stolen, that's your drives gone. Is the WIndows' login password actually secure?
 

mrk

mrk

Man of Honour
Joined
18 Oct 2002
Posts
90,856
Location
South Coast
Good to hear no one lost money.

As we're on the subject of security, what's actually feasible with regards to PC physical security? PC gets stolen, that's your drives gone. Is the WIndows' login password actually secure?


Windows login secures your account from being logged into and used as if it was you using it, but it doesn't stop someone connecting the drives to another PC and copying the data off it. This is where you can enable BitLocker to encrypt your drives at a drive partition level rather than the more time consuming and resource costly file level. Right click any drive (inc USB drives) in This PC and turn on Bitlocker. If some parts of your system don't meet min reqs then it will advise you on those and you can go from there.

A BitLocker encrypted drive is a paperweight to a thief. Just keep your recovery key safe as you will need it if your PC ever dies and you need to get back into your drives on another system.
 
Soldato
Joined
5 Mar 2010
Posts
10,240
Also a recommendation for storing passwords/backup codes and other personal details. I keep them in a password protected OneNote file. This is synced to my MS account (coud be on Google Drive/DropBOx etc too or whatever else you use) so I can get to it on my phone if needed or if my computer dies etc. If someone gets into your files then they cannot access the data in the file as it's encrypted. You could use a spreadsheet etc too but I find OneNote far nicer to format everything in a consistent way and makes pasting in scanned documents like passport copies etc easier too. My entire paper filing system is digital for pretty much everything all within one OneNote.

That's a lot of faff though. The big luxury with password managers is the auto fill.
 

mrk

mrk

Man of Honour
Joined
18 Oct 2002
Posts
90,856
Location
South Coast
That's a lot of faff though. The big luxury with password managers is the auto fill.

You can't store other details in a password manage though, just your passwords for accounts. Granted it is a few extra steps but you only need to set it up once, then anytime after it's just accessing like any other account/device/file. At least I know that all my details for anything meaningful whether digital or physical is stored in one place.

Autofill is great though yeah, but as mentioned it's just for passwords to log into apps and websites. I use Firefox on all devices so autofill is able to complete logon for apps on my pone, websites etc etc really easily.
 
Associate
Joined
2 Jul 2019
Posts
1,836
Windows login secures your account from being logged into and used as if it was you using it, but it doesn't stop someone connecting the drives to another PC and copying the data off it. This is where you can enable BitLocker to encrypt your drives at a drive partition level rather than the more time consuming and resource costly file level. Right click any drive (inc USB drives) in This PC and turn on Bitlocker. If some parts of your system don't meet min reqs then it will advise you on those and you can go from there.

A BitLocker encrypted drive is a paperweight to a thief. Just keep your recovery key safe as you will need it if your PC ever dies and you need to get back into your drives on another system.

Thanks! I'll get onto Bitlocker, and a quick look it sounds decent. I previously looked into encryption but never came across this as i was looking at encrypting drives on the hardware side, and quickly found out that wasn't really feasible for me.
 
Soldato
Joined
18 Aug 2007
Posts
9,215
Location
Liverpool
You can't store other details in a password manage though, just your passwords for accounts.

Wut? Bitwarden stores: my passwords, bank accounts, credit and debit cards (all with auto fill), 2FA/OTP codes, and the 'secure note' section can be filled with anything you like. I have my Bitlocker and luks passwords/codes in there, my recovery codes (saved in each domain's own record with the user/pass and OTP), encryption seed phrases for my e2e instant messengers, recovery seeds for my crypto wallets, software serials/keys, online banking PINs and login codes... You name it. If your password manager doesn't do all that and more, upgrade. :p
 
Soldato
Joined
5 Aug 2013
Posts
5,440
Location
Shropshire
I use a password manager but for some reason I never used it on OCUK - so after reading the other thread it's now got a18 digit password.
 
Soldato
Joined
5 Mar 2010
Posts
10,240
You can't store other details in a password manage though, just your passwords for accounts.

You can store some things on there. I think a lot of services do offer some cloud storage. Granted you're not going to get loads on there - I use a bitlocker VHD for digitised everything.
 
Soldato
Joined
5 Mar 2010
Posts
10,240
Wut? Bitwarden stores: my passwords, bank accounts, credit and debit cards (all with auto fill), 2FA/OTP codes, and the 'secure note' section can be filled with anything you like. I have my Bitlocker and luks passwords/codes in there, my recovery codes (saved in each domain's own record with the user/pass and OTP), encryption seed phrases for my e2e instant messengers, recovery seeds for my crypto wallets, software serials/keys, online banking PINs and login codes... You name it. If your password manager doesn't do all that and more, upgrade. :p

:cry: so basically if you lose that or its hacked, then you're ****** :p:D
 

mrk

mrk

Man of Honour
Joined
18 Oct 2002
Posts
90,856
Location
South Coast
Wut? Bitwarden stores: my passwords, bank accounts, credit and debit cards (all with auto fill), 2FA/OTP codes, and the 'secure note' section can be filled with anything you like. I have my Bitlocker and luks passwords/codes in there, my recovery codes (saved in each domain's own record with the user/pass and OTP), encryption seed phrases for my e2e instant messengers, recovery seeds for my crypto wallets, software serials/keys, online banking PINs and login codes... You name it. If your password manager doesn't do all that and more, upgrade. :p

Ah did not know of that app, only really hear people talk about Authy and the like! I choose specifically not to put total faith in one third party solution though. For example I know that Mozilla won't ever go under, well they could but it's highly unlikely. The same reason I know the MS Authenticator app will always be around and Firefox will always have a synchronised password/autofill system.
 
Soldato
Joined
1 Apr 2014
Posts
14,817
Location
Aberdeen
I use Authy for 2fa and LastPass for passwords. I do need a way of having recovery codes available when I’m travelling. Suggestions? Having them on my iPad or phone isn’t a good idea.
 
Soldato
Joined
18 Aug 2007
Posts
9,215
Location
Liverpool
:cry: so basically if you lose that or its hacked, then you're ****** :p:D

Haha. I'm not a moron, so I have backups of the database in three places (on-prem and off-prem); and good luck cracking AES256 with a 4096 bit key (seeded by a 30 character aA1& space password) further layered at-rest inside GPG crypt. I'll even give you a clue - it starts with '3'. :p
 
Top Bottom