**** Please enable 2FA on your OcUK forum account ****

andy_mk3 said:
I agree it's a nice offer but I wouldn't take it.

You're better off buying a Raspberry Pi and hosting it yourself if you really wanted to.
Click to expand...

Most people wouldn't trust themselves that's why they get others to do it. For the sake of £10 a year that might cost you a lot more loss if someone ever gets into your accounts, and it's hosted correctly (not saying people on here don't host it correctly) but it's a team of people who look after it I assume (BitWarden).
 
Bouton Aide said:
Most people wouldn't trust themselves that's why they get others to do it. For the sake of £10 a year that might cost you a lot more loss if someone ever gets into your accounts, and it's hosted correctly (not saying people on here don't host it correctly) but it's a team of people who look after it I assume (BitWarden).
Click to expand...

Hence the "if you really wanted to" :P But yes, just paying the £10 a year is a much better option. :D
 
Done, along with 2FA on my email, hopefully I’m a bit more secure….

Rainmaker said:
Actually, if anyone wants a free premium Bitwarden account including OTP/2FA (hosted by me and encrypted with your own key) give me a shout and I'll hook you up. OcUK members only, and at your own risk*.



* The server is backed up twice, onsite and offsite every 24h - and is protected by both Cloudflare and an OpenBSD firewall. Had zero issues in years, but... well, disclaimer disclaimer to be safe and all that.
Click to expand...
Most definitely interested, I’m wondering why you say hosted by you? - isn’t Bitwarden it’s own entity with its own servers etc? (Sorry , I’m well out of my depth on this stuff…) :)
 
Scania said:
Most definitely interested, I’m wondering why you say hosted by you? - isn’t Bitwarden it’s own entity with its own servers etc? (Sorry , I’m well out of my depth on this stuff…) :)
Click to expand...

There's two types, hosted by BitWarden and Self Hosted. Self hosted requires you to set it up on your own and look after backups, ssl certs, power consumption bill for the server it's on, hardware replacement purchasing e.t.c.
 
So the data breach was a lie or some people have been phished via some unofficial OCUK discord/group or some scalper that got banned has gone mad.

Someone breaks into an email and first thing they think off is trying to scam on a computer hardware forum. :rolleyes:

I hope you're also reworking the trust system and the MM process as I've had to politely email a couple of users on here to **** off, delete my personal infomation and remove me off their spam email lists as for some reason they still have my email/personal details 6-12+ months after I've purchased something from them.

All it takes is one person who uses the MM to get their account hacked and if its one of these I need purchase all this hardware for my "friends" types they'll have mountains of names/address/banking info and phone numbers in their emails.
 
G J said:
So the data breach was a lie or some people have been phished via some unofficial OCUK discord/group or some scalper that got banned has gone mad.

Someone breaks into an email and first thing they think off is trying to scam on a computer hardware forum. :rolleyes:

I hope you're also reworking the trust system and the MM process as I've had to politely email a couple of users on here to **** off, delete my personal infomation and remove me off their spam email lists as for some reason they still have my email/personal details 6-12+ months after I've purchased something from them.

All it takes is one person who uses the MM to get their account hacked and if its one of these I need purchase all this hardware for my "friends" types they'll have mountains of names/address/banking info and phone numbers in their emails.
Click to expand...

You can say that about any site. Facebook market place, Gumtree, Ebay e.t.c. Not just relating to OcUK. It's more important now than ever before to set up a secure password vault with best practices.

Remove yourself from sites you don't use, delete your data online where possible.

Educate yourself about secure password vaults, implement it so in future you shouldn't come across this problem again. If all websites made 2FA compulsory it wouldn't matter.

For someone to get access to an account with 2FA/MFA on they must have the code that gets sent to you on top of the password you use. Using a password manager enables you to click and forget.

i.e - password "nS2ac#ezu@LPnxyCvY$Tz37E", or "horse-staple-battery". Both of these would never be used on another website so when a website is compromised you don't have to worry about changing it for every other website you have an account with. It's all saved in the password vault.

It takes a little while to set up though, but do it over time. I have 160 passwords currently saved. Every place uses a different password with all sites that have 2FA/MFA allowed, enabled.

As time goes on these attacks are just going to get bigger so if you don't have this enabled you are going to find yourself having to change passwords a lot more than ever before.

In theory, I could give you my password for overclockers but you would never get in because it uses a second authentication. You need both to login successfully. Not only that is, that one password is only used here so you would never gain access to my other accounts anywhere else.

What's worse is if you have to change it for every single site because you have used the same password over and over again for different places. :)

--------
We do have a problem though if your vault is compromised they still have access to the whole entire list of your passwords. So it's important 2FA is enabled on the vault.
 
Glad this was posted, Someone had changed my email address..

I've now changed my email address back to my own, Changed passwords and enabled security.
 
Last edited:
dLockers said:
Because when you get hit by a bus/win the lottery; it's all gone?
Click to expand...

As I said, it’s two clicks to back up your vault from any Bitwarden instance or browser extension. You’d surely do that regularly no matter who hosts it. If (when) I drop dead (or BW itself disappears), you load your backup somewhere else and carry on.
 
Rainmaker said:
As I said, it’s two clicks to back up your vault from any Bitwarden instance or browser extension. You’d surely do that regularly no matter who hosts it. If (when) I drop dead (or BW itself disappears), you load your backup somewhere else and carry on.
Click to expand...

and you do know that the backup is plain text right? It warns you to delete it properly and not to store it on any standard drive.

Go backup yours and open that file.

EDIT: ahhhhh they must have just implemented encrypted .json recently. It never used to be like that on the previous version. I just noticed there is now an option for encrypted backups. My bad.

9DGX6Ir.png

8aoCATb.png
 
G J said:
So the data breach was a lie or some people have been phished via some unofficial OCUK discord/group or some scalper that got banned has gone mad.

Someone breaks into an email and first thing they think off is trying to scam on a computer hardware forum. :rolleyes:

I hope you're also reworking the trust system and the MM process as I've had to politely email a couple of users on here to **** off, delete my personal infomation and remove me off their spam email lists as for some reason they still have my email/personal details 6-12+ months after I've purchased something from them.

All it takes is one person who uses the MM to get their account hacked and if its one of these I need purchase all this hardware for my "friends" types they'll have mountains of names/address/banking info and phone numbers in their emails.
Click to expand...
With all the various breaches that are in "the wild" all it takes is someone to look for specific usernames/email address and to potentially try them on similar sites.

For example if my details from another computer related site were hacked someone might look for my username on other sites and try that password&name combo to see if it works, potentially you can automate this to a very high degree.

If you've got a breach that might include emails or their contents it become even easier.

It's one of the reasons I've never reused a password across two sites, and for my important ones like here the password is long and complicated (my old UO passwords were long but because I was typing them in multiple times a day I can still do them in seconds).
 
Bouton Aide said:
and you do know that the backup is plain text right? It warns you to delete it properly and not to store it on any standard drive
Click to expand...

Yes I’ve been running servers for 30 years and contributing to FOSS for 20 of them. I’m aware of some backup options being plain text, but there is an encrypted option. Plus it’s a single command to encrypt the file with GPG or any other system you prefer (AES or whatever). It’s not hard to put it on an encrypted USB and gpg —encrypt file.txt for safekeeping.

Edit: I’ve just seen your own edit. No bother. Whether it’s hosted with BW, me or the pope doesn’t matter. Back up your vault weekly or monthly, use a strong master password and you’re set. The offer was to less techy members, I’d imagine most of us can run a server and use GPG and AES crypt.
 
You must log in or register to reply here.
Back
Top Bottom