Call Search
     

New to Ham Radio?
My Profile

Community
Articles
Forums
News
Reviews
Friends Remembered
Strays
Survey Question

Operating
Contesting
DX Cluster Spots
Propagation

Resources
Calendar
Classifieds
Ham Exams
Ham Links
List Archives
News Articles
Product Reviews
QSL Managers

Site Info
eHam Help (FAQ)
Support the site
The eHam Team
Advertising Info
Vision Statement
About eHam.net

donate to eham
   Home   Help Search  
Pages: Prev 1 [2]   Go Down
  Print  
Author Topic: Short rant  (Read 3596 times)
AC7CW
Member

Posts: 1159




Ignore
« Reply #15 on: March 25, 2018, 07:30:04 AM »

I've had better experience with Dashlane than Lastpass.
Logged

Novice 1958, 20WPM Extra now... (and get off my lawn)
N5MAJ
Member

Posts: 1




Ignore
« Reply #16 on: April 14, 2018, 12:33:40 PM »

I work in the computer security industry, and this is a common complaint.

The current industry recommended "best practice" is to use a different password for each website, and use password management software to remember all of those passwords. You should also use multi-factor authentication, sometimes called two-factor authentication, whenever available.

Some common questions and answers:

*  Why use different passwords for each website?  Because if you use the same password everywhere, that means that one website getting breached means the attackers now have your email address and password to ALL of your websites. You might not care that much about a ham radio website, but if you use the same email address and password for your bank, or for a shopping site like Amazon, then an attacker can quietly start using your identity for financial purposes. Another thing to remember is that sometimes breaches go undetected for YEARS, and a hacker can quietly use your information "under the radar," and you won't know until it's too late.

*  Why use password management software?  Unless you have an eidetic memory, you cannot memorize that many "strong" passwords. That's the biggest reason why people reuse passwords. However, if you have some software that stores all of your passwords in an encrypted format, and unlocks them with a single password, that means you just have to remember that one "master" password. There are some tips you can use for memorizing a single strong password.

*  What if the password management software is hacked? Generally speaking, this is less of a concern than you might think as long as you use a reputable product. The password managers generally store the data encrypted with very strong encryption algorithms that have been subjected to intense peer review by cryptographers. As long as your password is reasonably strong, and isn't something like "123456," it's mathematically infeasible for most attackers to decrypt your data. Yes, a determined attacker (like a government) might be able to do so, but your average criminal won't have those resources. The likelihood of a website being hacked is MUCH higher than a bad guy breaking into your PC and decrypting your password data.

Logged
N5MAJ
Member

Posts: 1




Ignore
« Reply #17 on: April 14, 2018, 12:39:09 PM »

Also, in case someone is interested, most of the time if you're trying to "crack" encrypted data, they use what's called a dictionary attack.

You take a list of words, such as a dictionary, and you write a computer program to try all of those words as a password.

These tools are also sophisticated enough to try spelling them backwards, and substituting the number zero for the letter "oh", etc.

That's why GOOD passwords are a seemingly random string of numbers, letters, and symbols. Something like "pa$$w0rD" would be guessed in less than a second using automated tools. Something like "VrapbgeuPDZsowvRYPtLj5q@TLLjdKNs" as a password would take a VERY long time, so long that it would be infeasible.

In the cryptography/security industry, there's a humorous term called the "rubber hose" attack. That's where they beat you with a rubber hose until you tell them your password.   Wink
Logged
N0YXB
Member

Posts: 1254




Ignore
« Reply #18 on: April 15, 2018, 08:13:27 AM »

Good advice MAJ.
Logged
N2MG
Administrator

Posts: 10091



« Reply #19 on: April 17, 2018, 06:06:44 AM »

How will we all feel when sites like eHam are forced (more or less) into using two-factor authentication?

;-)

Mike N2MG
Logged
N5MAJ
Member

Posts: 1




Ignore
« Reply #20 on: April 17, 2018, 07:35:11 AM »

How will we all feel when sites like eHam are forced (more or less) into using two-factor authentication?

I think you know that I would welcome 2FA as an option, but I think there would be a lot of grumbling if it were mandatory.

Recently someone in Eastern Europe somehow got ahold of my Microsoft password, but they couldn’t log in using it due to the 2FA I had in place. I am mostly a Mac/Linux user, and use Microsoft only for my Xbox, so the old password was “only” eight characters.

I have now changed it to something new, but I was happy that 2FA stopped them from high jacking my account.
Logged
N0TLD
Member

Posts: 59




Ignore
« Reply #21 on: April 18, 2018, 05:39:47 AM »

How will we all feel when sites like eHam are forced (more or less) into using two-factor authentication?

I think you know that I would welcome 2FA as an option, but I think there would be a lot of grumbling if it were mandatory.

Recently someone in Eastern Europe somehow got ahold of my Microsoft password, but they couldn’t log in using it due to the 2FA I had in place. I am mostly a Mac/Linux user, and use Microsoft only for my Xbox, so the old password was “only” eight characters.

I have now changed it to something new, but I was happy that 2FA stopped them from high jacking my account.

Salient point.
Logged
Pages: Prev 1 [2]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!