Discussion in 'Site Announcements' started by Mendo Cath, Aug 24, 2016.
Mine was only 86 days old. It was way too young to die. I lose.
Mine was 1480-something too
Personally, I like KeePass (http://keepass.info/download.html) a lot cause it works on almost everything and is open source (meaning it wont cost you anything to use)
google and text file
To echo Caerwyn: Password Managers are *crucial* these days. Please look into them, choose one and use it religiously. Please don't reuse passwords. Also, please don't store passwords in your browser (as in, don't allow Chrome to remember the password when you put it in) - browser password storage is notoriously insecure.
IT Team: Sorry you're all having to deal with this. Could you please expand on what method was used to hash passwords? Thanks.
Thanks for taking care of things so quickly!
Jalen, yeah but I'm lazy. and I cant use password managers on all devices but my google account is a different thing but it's about knowing the risks. Don't follow my example.
Jalen: The vBulletin 4 hash algorithm is md5(md5(password) + salt). Some amount of effort required, especially for strong passwords, but definitely pretty weak by modern standards.
Thank you for the info.
It wasn't just TV, Funcom's forums (also vBulletin) had everyone change their password to each of their games forums. I would guess that something in vBulletin itself was the target, not a specific tower, so vBulletin sent info to everyone currently using vBulletin software.
It sucks that this happened, but at least it's a good reminder and an educational opportunity. I read through the link that Caerwyn Gaidin posted and am now downloading LastPass.
I am a LastPass fan! There's a small fee if you want to use it on mobile devices, which I gladly pay. My password here also predated my conversion, but now it's updated. And it reminded me to do a security challenge and reset some other places too.
I've also (for a few weeks now) been transitioning over to LastPass. The free version is great for easy use on your phone and the premium is only $12 which is nothing for a year.
You can pick one 'type' of device for your free version PC, tablet, phone and any other devices of the same type are free to sync but you have to pay if you then want it on a different type of device.
Thank you for taking care of us so swiftly.
Fine, I'll improve my security.
I've been planning on moving to a password manager of some sort for a while, I guess it's time to actually do it.
The main reason to move to a password manager (any one you're comfortable with, although I use LastPass), is that it eliminates the "use the same password on lots of websites" problem. (by letting you make strong passwords and easily use a *different* one on every site).
This is about the 5th or 6th site that i've been a member of that has had either actual passwords or salted password hashes stolen from it. (for lots of reasons, stealing hashes is almost as bad as stealing actual passwords, people's password choices are *VERY* predictable).
Its going to happen again. Worse things are going to happen. The level of attacks out there in the wild is just stunning, with all levels of actors from teen-hacker all the way to large-agency-of-government level actors. Its only a matter of time before almost any password you set is compromised - one of the best things to do is contain the blast radius by not reusing them between sites. (changing them periodically, interestingly, is less effective. There's some evidence that making people change their password every now and then doesnt improve password quality and may decrease it).
So all you people who have 1000 day old passwords arent really making your security worse because they're old. mother)
But you're probably choosing terrible passwords that can be recovered with a script anyway.
So don't do that.
PS: Its not only passwords online that have this problem. I once got into a very expensive property (legitimately, i was returning something i'd borrowed but didnt have the owner's phone # and you couldn't see the house from the gate), by typing "1234" into the electric gate keypad. Voila, open sesame...
Thank you for you hard work
I should tell you about the security headaches I dealt with in 2014 working on a query/data/records/physical security systems merger between two police departments over a beer some time, away from prying eyes, Caer. You'll get a chuckle.
Separate names with a comma.