Vintage Mustang Forums banner

1 - 20 of 26 Posts

·
Registered
Joined
·
91 Posts
Discussion Starter #1
FWIW, my profession is in the cyber security field. I like to think that I know of what I speak...

That said... I hear this complaining every day. For every password-change moan I hear, I *see* several cases of hacked passwords and breached/stolen accounts. Happens every day. Why? Because the vast, vast majority of Internet users are careless, clueless, and lazy.

The cyber world has changed, children. Hacking is no longer about a bored teenager graffiti-ing his school's web site. It's big business. YUUUUGE business. Like, more $$$ is now lost to cyber crime than to drug trafficking. Like $1 TRILLION worldwide.

You say you don't have anything worth stealing? Guess again. How about your identity? How about your Amazon, PayPal, [your-other-shopping-sites-of-choice], etc login credentials? How about your banking credentials? Or your 401k account? I can go on and on. Hopefully, you get the point by now.

You say your VMF account has no value? Guess again. Imagine that your VMF account is broken into... more than likely because of that weak, 8-character password that you probably use in a dozen other accounts. The cyber thief now has access to your VMF contacts. He starts sending PMs to VMF users, masquerading as YOU. He attaches a malicious file to those messages. The recipient sees it's from you - you've been corresponding with him a lot, so he knows and trusts you, right? He opens the attachment. Instantaneously, HIS account is stolen, too. And the PM-ing resumes with a fresh list of contacts. But that's not all. The crook installs a keystroke logger on every machine that he breaches. It silently records EVERYTHING that you do at your keyboard and mouse, and he starts to harvest a bumper crop of credentials, and much more. And then he puts the icing on top - he encrypts your entire drive, and then sends you a ransom email... send him $200, or kiss all your files goodbye. But you're OK because you backup your drive regularly and religiously, right? You don't?!?!? Tsk, tsk, tsk...

Not only have you shot yourself, but you've also placed the entire VMF community in jeopardy. All because you used your oldest child's name as your password. All because you don't wanna change that weak password occasionally, the same password that you're using all over the Internet. Maybe because you have your head in the sand. Maybe because you're a little lazy...

So, do us ALL a favor and change that password. Make it strong. Make it long. The longer the better - string a few words together, and you're all set. And if you don't wanna do it for yourself, do it for the rest of us. And stop complaining - just do it!
 

·
Registered
Joined
·
1,321 Posts
Philip, I totally agree with you however I struggled for a bit figuring out the first 4 characters of your post then went on to read the rest of the article talking about lazy people LOL.... now that one I know :)
 

·
Premium Member
Joined
·
2,854 Posts
Lmao how the eff do you make a few dozen different "long and strong" passwords and then remember them and which one goes to which account?

Sent from my SM-N910V using Tapatalk
 

·
Registered
Joined
·
42 Posts
Lmao how the eff do you make a few dozen different "long and strong" passwords and then remember them and which one goes to which account?

Sent from my SM-N910V using Tapatalk
Exactly. You have passwords for accounts, PINs for various things including credit cards, all with different rules and update frequencies, where does it stop? So you create a file with all your accounts and passwords and keep that somewhere that you can locate it easily, and then you have even less security than you started off with.
 

·
Registered
Joined
·
829 Posts
One option is to use Google Chrome as your browser and let it remember your passwords. Depend on the password recovery system on web sites when you need to know them.

Another is to have a tablet next to your computer with all of your passwords, and also use Chrome to remember them so you don't have to keep typing them, but you have them if you need it.

A better one is to use a password vault tool like LastPass or 1Password which integrates with your browser to allow you to unlock the vault and use the password on the site you are on automatically. This allows access to the vault from other devices once you authorize it. Pick a tool that has had a breach and survived like LastPass. The most effective way to get security religion is to survive an incident. Password vault tools can also auto generate passwords that comply and won't be looked up easily even if the site uses poor password encryption. This does put all of your eggs in one basket though, so manage your risk in what sites you choose to expose to the risk of compromise with the vault vendor.

Find your balance with risk and convenience. Use the right tool for the job. As the OP pointed out, there are very few true low value targets.
 

·
Registered
Joined
·
91 Posts
Discussion Starter #8
Exactly. You have passwords for accounts, PINs for various things including credit cards, all with different rules and update frequencies, where does it stop? So you create a file with all your accounts and passwords and keep that somewhere that you can locate it easily, and then you have even less security than you started off with.
Not true.

First, to coin a phrase, the only sure things in life are death and taxes. This is especially true of anything related to security. Most of us have resiged ourselves to the fact that, if someone REALLY wants to steal your car, he will. Does that mean we shouldn't bother with security at all? Hell, no. Something is always better than nothing. So, anything at all that you implement will make your car a less easy target and take it out of the category of low-hanging fruit.

The same is true of cyber security. It's not a question of IF you will be hacked, it's a matter WHEN it will happen. If you choose to make things easy for yourself with short, weak passwords that you use for all your accounts, you are making it even easier for cyber criminals. When you get hacked, ALL of your accounts will be in jeopardy if they all have the same short, weak password. The average internet user today has more than 100 accounts that require login credentials. You know how long it takes to (1) remember what all those accounts are, and (2) change every one of those passwords? I think you get the point...

BTW, this forum (and all the other forums that use the same forum software) has reset your password - you had no choice. They also recommended that you login and change your password to something other than the long, random, password that they gave you. What they didn't tell you is that, if you are one of the large number of users who use the same password in multiple accounts, you should change ALL those passwords, too.

And finally, keeping track of all your passwords. First, it is NOT a good idea to record all your credentials in a simple spreadsheet or Word document. It's even WORSE to store that file where you can "locate it easily". Again, pure laziness. WHEN you get hacked, all your secrets are now gone. BUT... there IS a better solution. it's called a "password manager". There are lots of free ones available - one that quickly comes to mind is Last Pass. (DISCLAIMER: I have no association with Last Pass other than as a very satisfied user.) All your passwords get stored in a "vault" that you can access anytime from anywhere. It can automatically generate random, unique, strong passwords for each account. The ONLY password that you have to remember is the one that unlocks your vault. That's the password that needs to be especially long - as far as passwords are concerned, length DOES matter. It has been proven that passwords that are at least 16 characters long are essentially uncrackable. Using brute-force password cracking techniques (which is how these forum passwords were cracked in February), it would take THOUSANDS of years for a 16+ character password to be broken. Each character beyond the 16th will exponentially increase the time to break the password. Bottom line: you and I will be long gone before the password is cracked.

And as regards passwords... Think of them as pass PHRASES, rather than pass WORDS. For example, something like "MyDogDeliversPizza" is a great password for a vault. It's long. And it's easy to remember. And using today's technology, it's virtually uncrackable.
 

·
Premium Member
Joined
·
2,854 Posts
Not true.

First, to coin a phrase, the only sure things in life are death and taxes. This is especially true of anything related to security. Most of us have resiged ourselves to the fact that, if someone REALLY wants to steal your car, he will. Does that mean we shouldn't bother with security at all? Hell, no. Something is always better than nothing. So, anything at all that you implement will make your car a less easy target and take it out of the category of low-hanging fruit.

The same is true of cyber security. It's not a question of IF you will be hacked, it's a matter WHEN it will happen. If you choose to make things easy for yourself with short, weak passwords that you use for all your accounts, you are making it even easier for cyber criminals. When you get hacked, ALL of your accounts will be in jeopardy if they all have the same short, weak password. The average internet user today has more than 100 accounts that require login credentials. You know how long it takes to (1) remember what all those accounts are, and (2) change every one of those passwords? I think you get the point...

BTW, this forum (and all the other forums that use the same forum software) has reset your password - you had no choice. They also recommended that you login and change your password to something other than the long, random, password that they gave you. What they didn't tell you is that, if you are one of the large number of users who use the same password in multiple accounts, you should change ALL those passwords, too.

And finally, keeping track of all your passwords. First, it is NOT a good idea to record all your credentials in a simple spreadsheet or Word document. It's even WORSE to store that file where you can "locate it easily". Again, pure laziness. WHEN you get hacked, all your secrets are now gone. BUT... there IS a better solution. it's called a "password manager". There are lots of free ones available - one that quickly comes to mind is Last Pass. (DISCLAIMER: I have no association with Last Pass other than as a very satisfied user.) All your passwords get stored in a "vault" that you can access anytime from anywhere. It can automatically generate random, unique, strong passwords for each account. The ONLY password that you have to remember is the one that unlocks your vault. That's the password that needs to be especially long - as far as passwords are concerned, length DOES matter. It has been proven that passwords that are at least 16 characters long are essentially uncrackable. Using brute-force password cracking techniques (which is how these forum passwords were cracked in February), it would take THOUSANDS of years for a 16+ character password to be broken. Each character beyond the 16th will exponentially increase the time to break the password. Bottom line: you and I will be long gone before the password is cracked.

And as regards passwords... Think of them as pass PHRASES, rather than pass WORDS. For example, something like "MyDogDeliversPizza" is a great password for a vault. It's long. And it's easy to remember. And using today's technology, it's virtually uncrackable.
So there's a computer program that stores your passwords in one secure location and if they hack that then you're screwed?

Sent from my SM-N910V using Tapatalk
 

·
Registered
Joined
·
829 Posts
So there's a computer program that stores your passwords in one secure location and if they hack that then you're screwed?
k
Yes. But I would rather store secrets in a bank than with my grocer. Banks make better targets, but their business depends on security.

For example, I would not be surprised to see something like a web forum to store clear text passwords, or simple hash based encryption which is easily defeated. But I would expect a security tool or site to use much more durable encryption and industry standards for securing data.

And if you do store your passwords in an excel file, at least put a password on it. It can still be cracked, but not everyone has skill or aptitude.
 

·
Premium Member
Joined
·
2,854 Posts
Yes. But I would rather store secrets in a bank than with my grocer. Banks make better targets, but their business depends on security.

For example, I would not be surprised to see something like a web forum to store clear text passwords, or simple hash based encryption which is easily defeated. But I would expect a security tool or site to use much more durable encryption and industry standards for securing data.

And if you do store your passwords in an excel file, at least put a password on it. It can still be cracked, but not everyone has skill or aptitude.
Who's storing money in a grocery store?

Sent from my SM-N910V using Tapatalk
 

·
Premium Member
Joined
·
2,854 Posts
One option is to use Google Chrome as your browser and let it remember your passwords. Depend on the password recovery system on web sites when you need to know them.

Another is to have a tablet next to your computer with all of your passwords, and also use Chrome to remember them so you don't have to keep typing them, but you have them if you need it.

A better one is to use a password vault tool like LastPass or 1Password which integrates with your browser to allow you to unlock the vault and use the password on the site you are on automatically. This allows access to the vault from other devices once you authorize it. Pick a tool that has had a breach and survived like LastPass. The most effective way to get security religion is to survive an incident. Password vault tools can also auto generate passwords that comply and won't be looked up easily even if the site uses poor password encryption. This does put all of your eggs in one basket though, so manage your risk in what sites you choose to expose to the risk of compromise with the vault vendor.

Find your balance with risk and convenience. Use the right tool for the job. As the OP pointed out, there are very few true low value targets.
I notice those apps you mention are free. So what are they selling to stay in business?

Sent from my SM-N910V using Tapatalk
 

·
Registered
Joined
·
91 Posts
Discussion Starter #14
As the old saying goes, "you can lead a horse to water, but you can't make him drink." :shrug:

But at least you CAN make him change his password every few months to something other than his hound dog's name... :wink:
 

·
Registered
Joined
·
4,634 Posts
I have no problem changing my passwords, I use a password manager that can generate a password of up to 99 characters with just a few clicks. I have accounts that require changing once each 90 days, and it's not a problem.
Vertical Scope admits to getting hacked in Feb and the only way they knew about it was when their information appeared for sale, including our email addresses. So now we are going to get emails for all kinds of Nigerian and Russian scams as well as the scammers spoofing our addresses for all kinds of mischief. We can change our passwords, but it way more difficult to change your email address, unless you have an email provider that allows you to use "disposable addresses". Get hacked, simply change your email.

I think that this all falls at the feet of Vertical Scope, they didn't have good enough systems in place to secure our info, and then didn't even have any idea about it for 4 months, until they were told.
 

·
Just some guy
67 coupe, 69 Sportsroof, 86 hatchback
Joined
·
20,357 Posts
Lmao how the eff do you make a few dozen different "long and strong" passwords and then remember them and which one goes to which account?
Well, there's these.

Kind of dated though. I have a very well worn one myself. You could get my passwords out of it but I'd expect you'd be more interested in rolling my unconscious body over to get the cash out of my wallet first.

I don't mind changing my password because there was a data breach. I mind having to use an obnoxiously difficult password because someone broke into a computer belonging to someone I had entrusted my data to which had absolutely nothing to do with my personal security habits to start with. I don't see why I can't be annoyed a bit by that.
 
  • Like
Reactions: Redneckgearhead

·
Registered
Joined
·
138 Posts
SO ?? Any one else seeing the security and data breach click on notice at the top of the page?
Yep, and I had no intentions of clicking on it , because how do I know it's not another scam site to gain your PASSWORD.
I have no problem changing my password, but it is a pia and gets confusing with the multiple passwords for multiple sites, so I can understand others complaints.
And to answer radojko, you have to be a fool to put your personal information on any forum that could lead to identity theft or access to your finances. My info is very brief and blocked.
 

·
Registered
Joined
·
96 Posts
Dont' know about the rest of you, but I've started a book with all the necessary usernames and passwords. I agree, change them and make them difficult to hack and write them down. thanks to the adminstrators.
 

·
Registered
Joined
·
91 Posts
Discussion Starter #20
And to answer radojko, you have to be a fool to put your personal information on any forum that could lead to identity theft or access to your finances. My info is very brief and blocked.
Please read my post again - I never said anything about leaving personal information on a forum that could lead to identity theft.

What I DID say is that having your weak VMF password cracked that you also use on multiple other accounts makes it very easy to deduce login credentials for other sites that DO contain personal information that CAN be used to commit identity theft.

This isn't hypothetical. It happens every day. The statistics are staggering.

Was Vertical Scope remiss? Absolutely. Should they have discovered the breach more quickly? That's debatable. The fact is that the average time to discover a data breach like this is almost 7 months - in that regard, Vertical Scope fared better than most. The bottom line is that, worst case, what was stolen was your VMF password and the email address that you use for VMF correspondence. So, the cyber criminals had access to only your VMF account... So what? Not a big deal, unless... you use the same password all over the Internet. With just those two bits of data, it becomes pretty easy to find your other web footprints. So, who's remiss then...? Take a good look in the mirror...
 
1 - 20 of 26 Posts
Top