Jump to content

Photo

Protect Yourself, Use a Password Manager and 2-Step Verification


  • Please log in to reply
23 replies to this topic

#1
Naaackers

Naaackers

  • Forum Member
  • OTS FPR TJE LODS

  • 6,903 posts

I woke up to a couple emails/texts this morning. Two separate email accounts of mine we were accessed overseas. Now, hearing about the all the Gmail passwords that leaked last week, I was a tiny bit worried. It looks like they did have my password - but because I had my 2-step verification enabled, access was denied. 

What is 2-step verification? It's an extra layer of security. Before you can login to your email, a special code is sent to a secondary email or your phone. asking for confirmation that it's indeed you going into your account. Once you get that code, you input it and away you go. If you value your money and identity, I'd suggest you use a feature like this. 

Now what is a password manager, and where does it fit into all of this? A password manager is an application or web based software that keeps track of all your passwords. All your credentials are saved either locally or on their server side. For the particular one I use, Dashlane, my credentials are stored and synced between all my devices. I love this software because it also makes my life a lot easier. Instead of having 20 different unique, long passwords for all my account, Dashlane makes it so ALL your accounts can be unlocked with one mast password. 

 

So, lets say I have 3 Gmail accounts. And I have 20 character letter/number/symbol password for each account. When you log into your computer and visit Gmail, it will auto-fill your username and password. HOWEVER, you can't get into your email without using you Dashlane master password. That's where they extra layer of security comes in. In addition, Dashlane will not work until you log into the application when you power on your computer. 

So this allows you to have long, complex and unique passwords for all of your accounts, but doesn't require you to have to remember them all. As long as you have one master password, your are all set. Dashlane also offers other features like sync, password generators, password analyzer, etc. etc. They will also let you know when one of your accounts reports a security breach so you can quickly change your passwords. Just keep in mind that if you ever lose your master password, your account is gone forever. There is no password reset via email or phone. They also use 256-bit encryption for their sync-API and cloud storage, so no worries there. 

One of my favorite features is being able to store your personal and payment information. So when you order things from a website you don't have your credit/debit card stored in, with a click of a button and master password, you can enter your debit info, shipping and billing address REAL quick. Makes life so much easier. 

 

Obviously, no service can keep you 100% protected all the time, but why not give yourself some cushion?

In my opinion, in this day and age, everyone in the world should be using a manager - period. Even my dad is using this! Please let me know if you have any questions. 

P.S - Another password manager app to consider is LastPass. They even go as far as making you print out a random crypto-key every month that you must carry with you at all times in order to get access to your account. Pretty crazy stuff!



#2
M2THE49

M2THE49

  • Retired
  • 5,410 posts

these stolen passwords and stuff as of lately really get me concerned. ive ended up changing all my passwords and using google's cell # verification thingy. as much as i love the internet and electronic media, i feel like someday the entire world will get DDoS'd or some emp attack will destroy everything and everyone will be super fucked because no one knows how to do things the old fashioned way



#3
Naaackers

Naaackers

  • Forum Member
  • OTS FPR TJE LODS

  • 6,903 posts

these stolen passwords and stuff as of lately really get me concerned. ive ended up changing all my passwords and using google's cell # verification thingy. as much as i love the internet and electronic media, i feel like someday the entire world will get DDoS'd or some emp attack will destroy everything and everyone will be super fucked because no one knows how to do things the old fashioned way

 

anigif_enhanced-buzz-19677-1355769606-3.



#4
Paronity

Paronity

  • Forum Member
  • var Paronity = new Guru();

  • 16,889 posts

Great post Nackers!

 

I would like to add something to this. One of the biggest reasons that leaked passwords are a big deal is not the passwords you use, but rather the passwords you re-use. Many people use the same password for everything, so once someone has a password and your email address, they can access any of your accounts. If a password manager is out of the question (some companies forbid them), I would like to offer a solution to creating unique passwords to every site and being able to remember them on the fly. It's called the salt method, or using a salt. A salt is simply a dynamic string or text that you can add to your general password to make each of them unique, but due to you knowing your salt, you will always know what your password is. In this case the salt will vary based on each site, but will be the same info. It looks something like this:

 

1.) Let's say my password of choice is "paronilaw22". I can use this password everywhere and remember it just fine, but if my account info gets leaked somewhere, people could potentially access any account that I have anywhere. 

2.) Lets say that I want to create a salt. My salt could be the first 4 letters of whatever domain Im logging into. So lets take a couple sites for example. My passwords for each would look like this:

 

gsngaming.com : gsngparonilaw22

reddit.com : reddparonilaw22

gmail.com : gmaiparonilaw22

newegg.com : neweparonilaw22

 

I think you get the picture. This will give you an easily remembered different password for each site. 



#5
Naaackers

Naaackers

  • Forum Member
  • OTS FPR TJE LODS

  • 6,903 posts

Great post Nackers!

 

I would like to add something to this. One of the biggest reasons that leaked passwords are a big deal is not the passwords you use, but rather the passwords you re-use. Many people use the same password for everything, so once someone has a password and your email address, they can access any of your accounts. If a password manager is out of the question (some companies forbid them), I would like to offer a solution to creating unique passwords to every site and being able to remember them on the fly. It's called the salt method, or using a salt. A salt is simply a dynamic string or text that you can add to your general password to make each of them unique, but due to you knowing your salt, you will always know what your password is. In this case the salt will vary based on each site, but will be the same info. It looks something like this:

 

1.) Let's say my password of choice is "paronilaw22". I can use this password everywhere and remember it just fine, but if my account info gets leaked somewhere, people could potentially access any account that I have anywhere. 

2.) Lets say that I want to create a salt. My salt could be the first 4 letters of whatever domain Im logging into. So lets take a couple sites for example. My passwords for each would look like this:

 

gsngaming.com : gsngparonilaw22

reddit.com : reddparonilaw22

gmail.com : gmaiparonilaw22

newegg.com : neweparonilaw22

 

I think you get the picture. This will give you an easily remembered different password for each site. 

 

Very good points Paronity. Thank you! I like that strategy or creating passwords. 

Me, I use finger-rolling techniques for all my passwords. None of my passwords have any words in them. This is the main reason I like having a numpad.

For example, with my left hand I'll hold shift and roll my right hands fingers across the top row

 

NM<>

 

then i'll let go of left shift and roll my left hand 

 

rewq

 

then i'll move my hand to the number pad and do a slide down from the first column

 

741

 

so in three quick finger swipes, I get NM<>rewq741

Harder for brute force password crackers and guesses, as well as giving me super fast access using muscle memory instead of..memory, memory. lol. 



#6
Al Hoff

Al Hoff

  • Forum Member
  • You ain't got no legs Lieutenant Dan!

  • 1,771 posts

Good posts! So my password should be something other than password?



#7
Naaackers

Naaackers

  • Forum Member
  • OTS FPR TJE LODS

  • 6,903 posts

Good posts! So my password should be something other than password?

A building I recently took under my wing had 'password' for password for their server login and wireless key. I was so flabbergasted my dick fell off. 



#8
Paronity

Paronity

  • Forum Member
  • var Paronity = new Guru();

  • 16,889 posts

I was so flabbergasted my dick fell off. 

 

This explains a lot. 



#9
Machine Gun Preacher

Machine Gun Preacher
  • Forum Member
  • Yes, I know I post too much.

  • 4,647 posts
I've gained access to a few of my friends social media accounts by just going through their likes and pictures and what not. A little bit of googling can get their mothers maiden name n shit like that so I only have to guess a security password sometimes.


My tip on security passwords - if it asks them for something like your mothers maiden name give them your fathers middle name and just remember that you did it. Don't do favorite movies or music because chances are you've liked it on Facebook and made it 10x easier for a person who doesn't even know you to take control.

Two step verification is handy because it requires that physical contact be made (Slipping someone's phone) but once that physical contact is made you are pretty screwed anyways. Having a screen lock is good but most people don't have complex passswords and either 0000 it or make an L shaped pictograph. Remember that a lot of the shit you use on your phone is only protected by your lock screen. My phone has a security flaw where it will show the text message without having to even unlock it unless you wanna reply. And no, password typed backwards won't fool me either....

#10
emttim

emttim

  • Retired
  • 2,058 posts
I've been using Dashlane for about 6 months and love it. I let it create passwords and then let it store and sync to my mobile devices (cheap: $20/yr for the sync, everything else is free). Its a great way to keep all passwords secure.

#11
TacticalSandels

TacticalSandels
  • Forum Member
  • 3,210 posts

I use a program called 'My lastpass vault' its incredibly good. it changes my passwords daily for me to be a 18 digit random number letter combo so if somehow somebody cracks the autogenerated code of 4G7fgYh6Yh3Gtj8Uhd the next day it will be invalid. it also has a very nice cell phone app associated with it.

 

The program also shows you all your passwords when u install it, it scans firefox/chrome and IE and shows them all to you which goes to show how vulnerable they are when not protected.  The program also knows where I live so if somebody from India or china tries to use my passwords it emails me letting me know.

 

Did i also mention its free?

https://lastpass.com/

 


Edited by TacticalSandals, September 15, 2014.


#12
Naaackers

Naaackers

  • Forum Member
  • OTS FPR TJE LODS

  • 6,903 posts

 Having a screen lock is good but most people don't have complex passswords and either 0000 it or make an L shaped pictograph. Remember that a lot of the shit you use on your phone is only protected by your lock screen. 

 

Thankfully,  Dashlane requires your master password and PIN to unlock the app which is awesome. I wish you could enable this for every app. 



#13
Machine Gun Preacher

Machine Gun Preacher
  • Forum Member
  • Yes, I know I post too much.

  • 4,647 posts

Thankfully, Dashlane requires your master password and PIN to unlock the app which is awesome. I wish you could enable this for every app.


Android has apps on the store that can lock any app you want likr text messages n shit but again... all you gotta do is get into the phone via computer and simply delete the app file... I really don't like using my phone but its a convince even if its risk of getting stolen is higher than someone breaking into my house and steeling my computer, whih again they'd have to brute force a 16 digit password but after that they'd have full access (and I'd change my passwords but some things like Twitter don't require you to sign in if you've already logged on with a correct password once and haven't logged out)

#14
LoneWolf

LoneWolf

  • Forum Member
  • 1,237 posts

https://howsecureismypassword.net/

 

Of course, never put you actual password into this, however it is easy to see using this how strong a password style or structure is. Most people personalize the password. I remember a long time ago, never put a word or phrase found in any dictionary, etc. It would take a computer program over 1,000,000 days to get into mine.

 

Forgot to mention, never use patterns on the keyboard either. The q2w3Q@W# crap is figured out very fast. <--- probably the #1 password on government sites for military members like password is to civilians. Don't just go with something that fits the letter, number and special character minimum requirement to get a program to accept the password.


Edited by LoneWolf, September 15, 2014.


#15
Paronity

Paronity

  • Forum Member
  • var Paronity = new Guru();

  • 16,889 posts

 It would take a computer program over 1,000,000 days to get into mine.

 

Is that a challenge?  :D



#16
LoneWolf

LoneWolf

  • Forum Member
  • 1,237 posts

Lol, not my GSN one... Thats simple, I use simple ones for accounts that dont have personal information, etc.



#17
Al Hoff

Al Hoff

  • Forum Member
  • You ain't got no legs Lieutenant Dan!

  • 1,771 posts

I've already changed my password for amazon 5 times in the last day or so because of this post. Problem is, its so complex and random that I forget it a few hours later. Gotta practice the muscle memory unless you like writing passwords down.



#18
Naaackers

Naaackers

  • Forum Member
  • OTS FPR TJE LODS

  • 6,903 posts

I've already changed my password for amazon 5 times in the last day or so because of this post. Problem is, its so complex and random that I forget it a few hours later. Gotta practice the muscle memory unless you like writing passwords down.

orrrrrrr get a password manager? Lol. 



#19
Aryanix

Aryanix

  • Member
  • 1,063 posts

I currently use LastPass and I love it because I just have to log into in on any computer on chrome directly.  How does that compare to Dashlane?  Is Dashlane software for the computer? 

 

Is one better over the other or did you just use Dashlane first?

 

 

As an aside, I also have 1Password on my phone (got it once on sale), and it's amazing for when you are not at your own computer or when you need to save password for things not on the internet, like game launchers or steam (works good for membership # and info too).  I use LastPass to generate a password, then I enter everything into 1Password on my phone for safe keeping.  I know there is a PC/mac version of 1Password, but I didn't want to spend that much money.



#20
Al Hoff

Al Hoff

  • Forum Member
  • You ain't got no legs Lieutenant Dan!

  • 1,771 posts

orrrrrrr get a password manager? Lol. 

I don't believe in the black arts!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users