Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Glad I Use Different ID/Passwords When Possible
Old 08-19-2016, 11:06 AM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,025
Glad I Use Different ID/Passwords When Possible

Got an email a short time ago about a forum I'm on about a hack that happened back in June. Happy that I don't do the "reuse" method of same id/password across sites.

More about that mentioned hack:

Quote:
Mega hacks affecting tens of millions of people are now occurring with depressing regularity.
The latest hack is a breach of VerticalScope, which is responsible for more than 1,000 popular websites and forums, including AutoGuide.com, Motorcycle.com, and PBNation.com
Quote:
The data taken apparently includes email addresses, encrypted passwords, usernames, and IP addresses. Hacks like these that expose people's passwords are dangerous because they can lead to further hacks and account takeovers elsewhere.


That is because the majority of people, despite what security experts advise, reuse passwords across multiple websites and platforms. This means that if one service is compromised, hackers can try to use the exposed login information on other platforms.
VerticalScope hack steals info from 1,100 websites, forums - Business Insider
__________________

__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-19-2016, 11:09 AM   #2
Full time employment: Posting here.
 
Join Date: Jun 2016
Location: Denver
Posts: 852
How would the hackers know what other sites you use?
__________________

__________________
COcheesehead is online now   Reply With Quote
Old 08-19-2016, 11:22 AM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,025
Quote:
Originally Posted by COcheesehead View Post
How would the hackers know what other sites you use?
The hackers are counting on people using the same id/password across different sites which many do out of carelessness or being lazy or not understanding the risk. So with your id/password they can try those same log ins on gmail, facebook, banks, ... and so on.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 08-19-2016, 11:38 AM   #4
Full time employment: Posting here.
 
Join Date: Jun 2016
Location: Denver
Posts: 852
Quote:
Originally Posted by easysurfer View Post
The hackers are counting on people using the same id/password across different sites which many do out of carelessness or being lazy or not understanding the risk. So with your id/password they can try those same log ins on gmail, facebook, banks, ... and so on.
I get that, but how would they know which sites you use? Would a hacker know I use Schwab or Ameritrade or Chase or BAC .... ?
__________________
COcheesehead is online now   Reply With Quote
Old 08-19-2016, 11:43 AM   #5
Administrator
Janet H's Avatar
 
Join Date: Feb 2007
Location: Pacific NW
Posts: 4,872
Quote:
Originally Posted by COcheesehead View Post
I get that, but how would they know which sites you use? Would a hacker know I use Schwab or Ameritrade or Chase or BAC .... ?
The underlying issue is that once the user/pass combinations are available automated scripts can be used to attempt logins at other sites. Banking, Financial, Credit card Companies, Paypal are common targets. If the login fails, the script move on but if access is gained then an alert is set for the hackers and your stuff is theirs. Be careful out there and make certain that you use complex passwords and unique ones for any sensitive sites (banking, etc)
__________________
E-R.org Custom Google Search | You're only given a little spark of madness. You mustn't lose it. (Robin Williams)
Janet H is offline   Reply With Quote
Old 08-19-2016, 11:48 AM   #6
Full time employment: Posting here.
 
Join Date: Jun 2016
Location: Denver
Posts: 852
Quote:
Originally Posted by Janet H View Post
The underlying issue is that once the user/pass combinations are available automated scripts can be used to attempt logins at other sites. Banking, Financial, Credit card Companies, Paypal are common targets.
And then what? My financial transactions can't take place without a code sent to my phone. My paypal is under its own email that I don't use for anything else. I get using the same login could be problematic, but careful individuals can implement other levels of security without having to manage so many different passwords.
__________________
COcheesehead is online now   Reply With Quote
Old 08-19-2016, 11:56 AM   #7
Administrator
Janet H's Avatar
 
Join Date: Feb 2007
Location: Pacific NW
Posts: 4,872
Quote:
Originally Posted by COcheesehead View Post
And then what? My financial transactions can't take place without a code sent to my phone. My paypal is under its own email that I don't use for anything else. I get using the same login could be problematic, but careful individuals can implement other levels of security without having to manage so many different passwords.

You asked earlier how would hackers know which sites you use - my point is that they don't need to know; they run scripts to try the most often used ones. Sometimes they get lucky and many folks don't take this level of caution
__________________
E-R.org Custom Google Search | You're only given a little spark of madness. You mustn't lose it. (Robin Williams)
Janet H is offline   Reply With Quote
Old 08-19-2016, 12:01 PM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
pb4uski's Avatar
 
Join Date: Nov 2010
Location: Vermont & Sarasota, FL
Posts: 14,296
I use the same or similar passwords at some sites, but any sites of a financial nature have passwords where the first 4 or so characters are unique to the site and the last 6 characters are similar across financial sites that I use. Works so far.
__________________
If something cannot endure laughter.... it cannot endure.
Patience is the art of concealing your impatience.
pb4uski is offline   Reply With Quote
Old 08-19-2016, 12:03 PM   #9
Moderator
ziggy29's Avatar
 
Join Date: Oct 2005
Location: Texas
Posts: 15,538
Quote:
Originally Posted by pb4uski View Post
I use the same or similar passwords at some sites, but any sites of a financial nature have passwords where the first 4 or so characters are unique to the site and the last 6 characters are similar across financial sites that I use. Works so far.
This is almost exactly the approach I take, too.
__________________
"Hey, for every ten dollars, that's another hour that I have to be in the work place. That's an hour of my life. And my life is a very finite thing. I have only 'x' number of hours left before I'm dead. So how do I want to use these hours of my life? Do I want to use them just spending it on more crap and more stuff, or do I want to start getting a handle on it and using my life more intelligently?" -- Joe Dominguez (1938 - 1997)
ziggy29 is offline   Reply With Quote
Old 08-19-2016, 12:15 PM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Posts: 7,096
Every one of my passwords is a long random string of letters, numbers, and symbols (where possible). Using a good password manager takes all the worry out of this issue.
__________________
braumeister is offline   Reply With Quote
Old 08-19-2016, 12:28 PM   #11
Thinks s/he gets paid by the post
Sunset's Avatar
 
Join Date: Jul 2014
Location: Chicago
Posts: 3,382
Quote:
Originally Posted by COcheesehead View Post
And then what? My financial transactions can't take place without a code sent to my phone. ....
Once they know the login to a bank or trading account, they can change the phone number to send the alert to, or cancel the secondary security.
__________________
Sunset is offline   Reply With Quote
Old 08-19-2016, 12:37 PM   #12
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 36,462
Quote:
Originally Posted by Janet H View Post
Be careful out there and make certain that you use complex passwords and unique ones for any sensitive sites (banking, etc)
+1

In a recent post, ERD50 described an appealing method to create and remember strong, unique passwords.
__________________


Retired in 2009 at age 61.

Mini-pension 13%, SS 20%, investments 67%.




W2R is online now   Reply With Quote
Old 08-19-2016, 12:38 PM   #13
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,025
Quote:
Originally Posted by Janet H View Post
You asked earlier how would hackers know which sites you use - my point is that they don't need to know; they run scripts to try the most often used ones. Sometimes they get lucky and many folks don't take this level of caution
+1.

In this hack, the estimate is about 45 million accounts got hacked. So, even if the hackers only hit correctly, say 5% of those accounts where folks use id/passwords across sites, that's still a lot of accounts compromised.

In my situation, I didn't have have a clue that forum got hacked until getting the email.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 08-19-2016, 01:22 PM   #14
Recycles dryer sheets
FIREmenow's Avatar
 
Join Date: May 2013
Posts: 380
I just use Lastpass. I does all of that for me. 14 digit passwords with upper/lower case, numbers, and symbols - every one is different. Don't have to remember any of them. Saved in the cloud and available locally with master password.

I use the secure notes feature, too. Encrypted, password protected storage of documents and other info.

Easy!

Disclaimer
I have no financial interest in Lastpass or any vendor that sells Lastpass products. Your mileage may vary. Names here may not represent real people. No animals were harmed in the making of this post. License required in some states. If redness or rash appears, seek medical advice immediately. May cause drowsiness. May cause cancer in lab animals. If erection lasts longer than four hours, see your doctor immediately
__________________

__________________
FIREmenow is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Keeping passwords safe summer2007 FIRE and Money 46 03-21-2008 11:34 AM
Property Tax Rates: Different States, Different Strokes? Orchidflower FIRE and Money 39 10-28-2007 01:41 PM
Default passwords cute fuzzy bunny Other topics 0 02-22-2006 10:13 AM
Website to Borrow Passwords? haha Other topics 9 06-23-2005 11:09 AM

 

 
All times are GMT -6. The time now is 08:40 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.