Announcement PSA: Passwords, Security, and Hackers... OH MY!!!!!

Pics
Date sort Score sort
TooCheep said:
I'm an info security fanatic. A password manager is pretty much required anymore. It allows you to keep an unlimited number of longer, more random passwords than you could ever memorize. I honestly don't even know the most of my own passwords because the PM is so easy to use and works so well.

There are many PMs, from free open source to commercial versions with various combinations of features. If you do decide to use one, it will simplify your life considerably. However, a couple of critical things to keep in mind:
  • Backups are critical- either by you or whatever vendor you work with. If you lose access to this data, you will have a very hard time accessing from dozens to hundreds of web sites/etc. If you are using an online PM, do they have some way to export your data in case you want to change PMs later and/or they go out of business?
  • Use your best protection techniques to access your PM. It is protecting all of your other credentials. Use a longer, complex password. If at all possible, turn on and use 2-factor authentication to get into the PM.
Once you become comfortable with your PM, you can keep other smaller types of info that you want to secure- bank account, credit card info, etc.
Click to expand...
I am honestly scared to use a password manager because it feels like if that was hacked I would lose everything.
Am I wrong?
 
aart said:
Were the members who were 'hacked' notified that this happened?
I had to log on the other day, I don't usually have to do that.
Click to expand...
Not yet, but just having to login isn't a sign that it might have happened to you. An account on BYC that was compromised would be banned and/or have their passwords reset (depending on the situation).
 
Nifty-Chicken said:
Not yet, but just having to login isn't a sign that it might have happened to you. An account on BYC that was compromised would be banned and/or have their passwords reset (depending on the situation).
Click to expand...
Thanks @Nifty-Chicken .
It's happened just a few times over the years I've been here,
I always figured it was just some glitch....and will continue to do so unless I am notified by you or one of the mods.
 
Thanks for asking @aart !

Ya, I've had random logoffs too. I think it's something to do with cookies, browsers, interweb connections, etc. It doesn't happen often, but from time to time.

(if it happens often, it's usually something with a browser/addon... like an ad-blocker that is impacting cookies)
 
RoyalChick said:
I am honestly scared to use a password manager because it feels like if that was hacked I would lose everything.
Am I wrong?
Click to expand...
The reality is that no matter how hard you try to secure your info, someone out there will still have a way to get to it. Now, that does not mean they're actively trying to attack you specifically, they're attacking the places you have accounts and hoping to steal your data from THEM. The idea is to make it as difficult as possible to get anything, and to limit the exposure if you are the victim of a compromise by using unique logins everywhere you go. That gets to be cumbersone, which is where the password manager comes in. It's a tool to help you keep track of all that stuff easily and safely.

A password manager is just one layer of the security. Going back to what nifty said about using tiered passwords, it should be the most complex and most secure password you have and should be completely unique. There are products out there that do not rely on a cloud based store of the passwords, so you have a local copy on your PC only and an attacker would have to not only compromise your machine, but also know the password you used to encrypt your password safe.

It's simply not the most efficient way to steal passwords, and if you are using good security and running solid AV protection at home, the risk is pretty low. I would never say it's "no risk" because as I said above, there's always a chance, but I've felt safe using PM's for almost 20 years and always recommend them. I personally have used keepass forever, and we also use it at work. it's simple and local. I keep a copy with me on a USB drive as a backup and have it also backed up to my encrypted backblaze vault. The files are encrypted automatically and you can't access the password manager data without giving it your unlock password. it's not foolproof, but it's about as secure as you can get.

So, long story short, don't be afraid of the password manager. Use a secure password and don't share that password with any other account you use. Ideally it's one of the only ones you will ever need to remember.
 
@azurbanclicker did an excellent job answering, but I wanted to add a few things:
azurbanclucker said:
A password manager is just one layer of the security. Going back to what nifty said about using tiered passwords, it should be the most complex and most secure password you have and should be completely unique. There are products out there that do not rely on a cloud based store of the passwords, so you have a local copy on your PC only and an attacker would have to not only compromise your machine, but also know the password you used to encrypt your password safe.
Click to expand...
That is why I also use Keepass. It is an open source, free password manager (PM). I also make hacking even harder by using a form of 2-factor authentication (2FA). The Keepass login allows you to (A) use your Windows login, (B) enter a master password or (C) use a "key file". I use B & C, so simply having the password isn't enough. You would also need to figure out what file I'm using. Of course that makes protecting and keeping a copy of that key file as important as protecting my password.

I have my Keepass data file and key file both backed up on my network and in a cloud backup.

There are many password managers available- from free/open source to commercial versions. Some of the commercial PMs even offer theirs for free with some limitations/fewer features. PMs have different features and advantages/disadvantages to consider.

Keepass is very good, but has definite limitations. The data cannot be shared between devices or between people easily. Some (generally commercial) PMs keep your data "in the cloud" which makes it much easier to access from different devices via the Internet. Some have advanced features that allow you to share some of your accounts with others- like husband/wife/family, business teams, etc.

With a local PM like Keepass, you are absolutely responsible for protecting your data. If your file becomes corrupted or your drive crashes, you must have a good backup file. Cloud PMs handle this for you.

Lastpass was recently hacked and was revealed to have done some things very poorly, so I don't recommend them. Two commercial/cloud versions that have a good reputation are 1password and Bitwarden.
 
Last edited:
TooCheep said:
@azurbanclicker did an excellent job answering, but I wanted to add a few things:

That is why I also use Keepass. It is an open source, free password manager (PM). I also make hacking even step harder by using a form of 2-factor authentication (2FA). The Keepass login allows you to (A) use your Windows login, (B) enter a master password or (C) use a "key file". I use B & C, so simply having the password isn't enough. You would need to figure out what file I'm using. Of course that makes protecting and keeping a copy of that key file as important as protecting my password.

I have my Keepass data file and key file both backed up on my network and in a cloud backup.

There are many password managers available- from free/open source to commercial versions. Some of the commercial PMs even offer theirs for free with some limitations/fewer features. PMs have different features and advantages/disadvantages to consider.

Keepass is very good, but has definite limitations. The data cannot be easily shared between devices or between people easily. Some (generally commercial) PMs keep your data "in the cloud" which makes it much easier to access from different devices via the Internet. Some have advanced features that allow you to share some of your accounts with others- like husband/wife/family, business teams, etc.

With a local PM like Keepass, you are absolutely responsible for protecting your data. If your file becomes corrupted or your drive crashes, you must have a good backup file. Cloud PMs handle this for you.

Lastpass was recently hacked and was revealed to have done some things very poorly, so I don't recommend them. Two commercial/cloud versions that have a good reputation are 1password and Bitwarden.
Click to expand...
You do almost exactly the same thing I do. :)

+1 bitwarden.
 
azurbanclucker said:
The reality is that no matter how hard you try to secure your info, someone out there will still have a way to get to it. Now, that does not mean they're actively trying to attack you specifically, they're attacking the places you have accounts and hoping to steal your data from THEM. The idea is to make it as difficult as possible to get anything, and to limit the exposure if you are the victim of a compromise by using unique logins everywhere you go. That gets to be cumbersone, which is where the password manager comes in. It's a tool to help you keep track of all that stuff easily and safely.

A password manager is just one layer of the security. Going back to what nifty said about using tiered passwords, it should be the most complex and most secure password you have and should be completely unique. There are products out there that do not rely on a cloud based store of the passwords, so you have a local copy on your PC only and an attacker would have to not only compromise your machine, but also know the password you used to encrypt your password safe.

It's simply not the most efficient way to steal passwords, and if you are using good security and running solid AV protection at home, the risk is pretty low. I would never say it's "no risk" because as I said above, there's always a chance, but I've felt safe using PM's for almost 20 years and always recommend them. I personally have used keepass forever, and we also use it at work. it's simple and local. I keep a copy with me on a USB drive as a backup and have it also backed up to my encrypted backblaze vault. The files are encrypted automatically and you can't access the password manager data without giving it your unlock password. it's not foolproof, but it's about as secure as you can get.

So, long story short, don't be afraid of the password manager. Use a secure password and don't share that password with any other account you use. Ideally it's one of the only ones you will ever need to remember.
Click to expand...
What happens if/when you don’t trust most people anymore?
 

Similar threads

Nifty-Chicken
    • Like
    • Love
    • Wow
Moderator Account Accessed By 3rd Party
15 16 17
Replies
169
Views
19K
Marie2020
Marie2020
K
    • Like
advantage to a unique username
Replies
3
Views
1K
nuthatched
nuthatched
A
    • Love
    • Wow
how's this essay #2
2
Replies
18
Views
898
A_dele
A
A
    • Love
    • Like
how's this essay?
Replies
6
Views
706
A_dele
A
P
What is killing my hens? Two died, a third one seems about to.
Replies
1
Views
471
Eggcessive
Eggcessive

New posts New threads Active threads

Back
Top Bottom