Go Down

Topic: Advice: Do not use the same password for multiple purposes (Read 533 times) previous topic - next topic

Nick Gammon

Apparently the SMF forum was hacked fairly recently (July 2013).

http://www.simplemachines.org/community/index.php?topic=508232.0

The method used was, a site (not the SMF site) was compromised and the user passwords stolen.

An administrator on the SMF forum was using the same password for multiple sites. Once his password (on the other site) was discovered then the hackers therefore knew his password on the SMF forum. This allowed the hackers to then download the password file from the SMF forum, and possibly access personal messages. If personal messages were used to exchange passwords then even more passwords may now be known.

My advice is: whenever you are asked for a password, randomly generate a new one, and then store that somewhere secure. For example the Keychain Access app on the Mac, or using Password Safe for PC or Ubuntu.

http://passwordsafe.sourceforge.net/

Then the most that can happen is your password to one site is compromised, not all sites.

Even though passwords should be stored in encrypted or hashed form, it is not particularly hard to reverse such encryption or hashing by a dictionary lookup.

As a side note, you should consider your email password to be particularly valuable. After all, we all know that if you lose your password to most sites, you can get it back by a "reset password" action, which results in an email being sent to you. If someone has access to your email password they can probably find out your other passwords.
Please post technical questions on the forum, not by personal message. Thanks!

More info:
http://www.gammon.com.au/electronics

Jantje

Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

Coding Badly


https://www.random.org/passwords/?num=1&len=24&format=html&rnd=new

Go Up