Really getting tired of hacking now

Deleted member 77746 · 14 Mar 2021 at 16:47

Tony Edwards said:
Are you refering to bum holes again by any chance?

I have never referred to anything as a bum hole you must have me mistaken for someone else.

opethdisciple · 14 Mar 2021 at 16:50

robfosters said:
Thanks. I’m thinking of getting a password manager. Is Nordpass any good?

I use keepassxc. It's free and open source.

Raggs · 14 Mar 2021 at 18:08

robfosters said:
Thanks. I’m thinking of getting a password manager. Is Nordpass any good?

another vote for bitwarden the premium service is only $10 it found 25 weak passwords and couple of re used passwords I'd thought had been sorted., had some scroat from Jakarta trying too get into a gaming account the other day stuff like that i have linked too my mobile phone using 2FA.

TurtleTwo · 15 Mar 2021 at 07:27

How the hell does one get 5 accounts hacked in a few weeks? I don't remember get hacked once and I've been using the internet since the 90's...

Digital X · 15 Mar 2021 at 07:27

Looking at this
https://account.live.com/Activity

I have had a ton of (thankfully unsuccessful) attempts. Although when I set a password Firefox offers a random jumble of letter, numbers etc so I always go for that. Malyasia, Russia, Brazil etc. That's concerning...

Deleted member 77746 · 15 Mar 2021 at 08:24

Digital X said:
Looking at this
https://account.live.com/Activity

I have had a ton of (thankfully unsuccessful) attempts. Although when I set a password Firefox offers a random jumble of letter, numbers etc so I always go for that. Malyasia, Russia, Brazil etc. That's concerning...

They can try all they like if you have 2fa/mfa enabled they ain’t getting in.

TurtleTwo said:
How the hell does one get 5 accounts hacked in a few weeks? I don't remember get hacked once and I've been using the internet since the 90's...

Keyloggers, database breaches, sharing passwords among sites etc.

Demon · 15 Mar 2021 at 08:28

mrk said:
Netherlands and Russians seem persistent...

For sites and accounts that do not offer a form of 2FA, I have gone in and changed passwords with the randomly generated suggestion that Firefox pops up with then saves into its password manager. There is not a computer on the planet that can crack a password of that length in any reasonable amount of time so at the very least if you do not use 2FA, make sure your password is strong.

At least this way the only way they will hack into your account is if the service provider has a breach and passwords are not stored by them securely.

Just checked my activity and boringly just me!

Not sure if this would affect you, but I've been stung from storing passwords in Chrome etc, if anyone does compromise your PC, they can visit sites and any creds stored will get them access..
To cut a long story short I had a VM that got compromised (Lesson here, don't open RDP ports to the public) and on that VM luckily all I had was log in creds stored for my domain registrar, however someone got in , dropped a mail forwarding app on the PC and logged in to my account at the registrar and tried buying web-space which it let him do.

I was lucky, basically the hacker went through my web history, went to those sites to see if he could get anything from them.. had he been on another PC in the house, he'd have had a field day for anywhere not 2FA..

A close shave and I've radically changed my behaviour now!

Deleted member 77746 · 15 Mar 2021 at 09:04

Demon said:
A close shave and I've radically changed my behaviour now!

To combat security this is what people need to do. It's 2021 and there is new rules people really need to stick to. Not defined rules but simple rules that will help them be as secure as possible.

skaif · 15 Mar 2021 at 11:07

robfosters said:
It’s constant now. In the last few weeks, I’ve had the following accounts hacked:

Uber eats
Spotify
Netflix
eBay
Microsoft account

All have different passwords, but that doesn’t seem to be making any difference. It’s gone from merely annoying to seriously troublesome now.

Is your password just 'habybirtdoy' for all of them?

Burnsy2023 · 15 Mar 2021 at 11:14

I recently invested in a couple of YubiKeys, so the keys to my castle (O365, Google, domain registrars and a couple of other key services) are all secured by them.

Deleted member 77746 · 15 Mar 2021 at 11:16

isn't all these hardware keys the same as a phone mfa though, you still need a second device to authenticate successfully.

Burnsy2023 · 15 Mar 2021 at 11:47

Bouton Aide said:
isn't all these hardware keys the same as a phone mfa though, you still need a second device to authenticate successfully.

Well yes, that is the idea of multi factor auth. Something you know and something you have (in this instance).

Deleted member 77746 · 15 Mar 2021 at 11:48

Burnsy2023 said:
Well yes, that is the idea of multi factor auth. Something you know and something you have.

Why a YubiKey over a phone?

Burnsy2023 · 15 Mar 2021 at 11:57

Bouton Aide said:
Why a YubiKey over a phone?

I'll start by saying that most attacks are thwarted by OTP MFA, so the difference isn't all that much. But with that said:

Security Keys are theoretically more secure as the codes for Google auth or similar are stored on the phone. Sophisticated malware could compromise them, although the risk of this is very low.
YubiKeys support FIDO2 and webauthn, which means I don't put any passwords or codes into a service, all of that is handled by the key. I may need to touch it to confirm, but that's it.
I have 2 YubiKeys, so if I lost my phone, I'm not stuck.
I still use Authy for some OTP.

One the key things to remember is that SMS OTP is NOT secure, so avoid like the plauge.

Beans on toast Dave · 16 Mar 2021 at 09:27

been following this thread with interest,
not really taken my password regime too seriously but starting to think different
have been using chrome with password recycling to lots of different sites
with 2fa on ebay and emails only

is it worth ditching chrome as password manager and going the bitwarden route?

i think because its easy to remember a recycled password at some point im going to get caught out so have to change

touch · 16 Mar 2021 at 10:07

Beans on toast Dave said:
i think because its easy to remember a recycled password at some point im going to get caught out so have to change

The main problem with reusing passwords is that it's then only as secure as the least secure site you've used it on.
Your email provider, for example, might be doing security correctly (proper server security, storing encrypted passwords, etc) but if you use that same password on some random site with rubbish security and their user database gets broken into the username/email/password you used there can then be tried on lots of other sites.

You can check on https://haveibeenpwned.com/ to see if your account details have been leaked from any sites you use.

Deleted member 77746 · 16 Mar 2021 at 10:12

Beans on toast Dave said:
is it worth ditching chrome as password manager and going the bitwarden route?

Yep. Bitwarden locks when you reboot or by a time period.

Beans on toast Dave · 16 Mar 2021 at 10:15

right signed up to bitwarden, its going to take a fair while to get things more secure but its a start

Randomface74 · 16 Mar 2021 at 10:24

TurtleTwo said:
How the hell does one get 5 accounts hacked in a few weeks?

They get your email address, then use password recovery everywhere else.

pepp77 · 16 Mar 2021 at 10:24

FoxEye said:
We're not mind readers. If you don't phrase things properly we're all left guessing what you mean.

I for one interpreted your post as you telling the OP he had a keylogger on his PC.

Anyway we can move on now that you've clarified you were merely positing that as a suggestion.

Whereas I interpreted it as him saying or it could be that somehow you have a keylogger on your computer. Which to me was a valid statement. How YOU choose to read that is on you, not the poster.