Glad I Use Different ID/Passwords When Possible

[easysurfer]

Got an email a short time ago about a forum I'm on about a hack that happened back in June. Happy that I don't do the "reuse" method of same id/password across sites.

More about that mentioned hack:

Mega hacks affecting tens of millions of people are now occurring with depressing regularity.
The latest hack is a breach of VerticalScope, which is responsible for more than 1,000 popular websites and forums, including AutoGuide.com, Motorcycle.com, and PBNation.com

The data taken apparently includes email addresses, encrypted passwords, usernames, and IP addresses. Hacks like these that expose people's passwords are dangerous because they can lead to further hacks and account takeovers elsewhere.


That is because the majority of people, despite what security experts advise, reuse passwords across multiple websites and platforms. This means that if one service is compromised, hackers can try to use the exposed login information on other platforms.

VerticalScope hack steals info from 1,100 websites, forums - Business Insider

 

[COcheesehead]

How would the hackers know what other sites you use?

 

[easysurfer]

How would the hackers know what other sites you use?

The hackers are counting on people using the same id/password across different sites which many do out of carelessness or being lazy or not understanding the risk. So with your id/password they can try those same log ins on gmail, facebook, banks, ... and so on.

 

[COcheesehead]

The hackers are counting on people using the same id/password across different sites which many do out of carelessness or being lazy or not understanding the risk. So with your id/password they can try those same log ins on gmail, facebook, banks, ... and so on.

I get that, but how would they know which sites you use? Would a hacker know I use Schwab or Ameritrade or Chase or BAC .... ?

 

[Janet H]

I get that, but how would they know which sites you use? Would a hacker know I use Schwab or Ameritrade or Chase or BAC .... ?

The underlying issue is that once the user/pass combinations are available automated scripts can be used to attempt logins at other sites. Banking, Financial, Credit card Companies, Paypal are common targets. If the login fails, the script move on but if access is gained then an alert is set for the hackers and your stuff is theirs. Be careful out there and make certain that you use complex passwords and unique ones for any sensitive sites (banking, etc)

 

[COcheesehead]

The underlying issue is that once the user/pass combinations are available automated scripts can be used to attempt logins at other sites. Banking, Financial, Credit card Companies, Paypal are common targets.

And then what? My financial transactions can't take place without a code sent to my phone. My paypal is under its own email that I don't use for anything else. I get using the same login could be problematic, but careful individuals can implement other levels of security without having to manage so many different passwords.

 

[Janet H]

And then what? My financial transactions can't take place without a code sent to my phone. My paypal is under its own email that I don't use for anything else. I get using the same login could be problematic, but careful individuals can implement other levels of security without having to manage so many different passwords.

You asked earlier how would hackers know which sites you use - my point is that they don't need to know; they run scripts to try the most often used ones. Sometimes they get lucky and many folks don't take this level of caution

 

[pb4uski]

I use the same or similar passwords at some sites, but any sites of a financial nature have passwords where the first 4 or so characters are unique to the site and the last 6 characters are similar across financial sites that I use. Works so far.

 

[ziggy29]

I use the same or similar passwords at some sites, but any sites of a financial nature have passwords where the first 4 or so characters are unique to the site and the last 6 characters are similar across financial sites that I use. Works so far.

This is almost exactly the approach I take, too.

 

[braumeister]

Every one of my passwords is a long random string of letters, numbers, and symbols (where possible). Using a good password manager takes all the worry out of this issue.

 

[Sunset]

And then what? My financial transactions can't take place without a code sent to my phone. ....

Once they know the login to a bank or trading account, they can change the phone number to send the alert to, or cancel the secondary security.

 

[W2R]

Be careful out there and make certain that you use complex passwords and unique ones for any sensitive sites (banking, etc)

+1

In a recent post, ERD50 described an appealing method to create and remember strong, unique passwords.

 

[easysurfer]

You asked earlier how would hackers know which sites you use - my point is that they don't need to know; they run scripts to try the most often used ones. Sometimes they get lucky and many folks don't take this level of caution

+1.

In this hack, the estimate is about 45 million accounts got hacked. So, even if the hackers only hit correctly, say 5% of those accounts where folks use id/passwords across sites, that's still a lot of accounts compromised.

In my situation, I didn't have have a clue that forum got hacked until getting the email.

 

[FIREmenow]

I just use Lastpass. I does all of that for me. 14 digit passwords with upper/lower case, numbers, and symbols - every one is different. Don't have to remember any of them. Saved in the cloud and available locally with master password.

I use the secure notes feature, too. Encrypted, password protected storage of documents and other info.

Easy!

Disclaimer
I have no financial interest in Lastpass or any vendor that sells Lastpass products. Your mileage may vary. Names here may not represent real people. No animals were harmed in the making of this post. License required in some states. If redness or rash appears, seek medical advice immediately. May cause drowsiness. May cause cancer in lab animals. If erection lasts longer than four hours, see your doctor immediately