Pages: [1]   Go Down
Author Topic: Advice: Do not use the same password for multiple purposes  (Read 485 times)
0 Members and 1 Guest are viewing this topic.
Global Moderator
Offline Offline
Brattain Member
*****
Karma: 485
Posts: 18810
Lua rocks!
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Apparently the SMF forum was hacked fairly recently (July 2013).

http://www.simplemachines.org/community/index.php?topic=508232.0

The method used was, a site (not the SMF site) was compromised and the user passwords stolen.

An administrator on the SMF forum was using the same password for multiple sites. Once his password (on the other site) was discovered then the hackers therefore knew his password on the SMF forum. This allowed the hackers to then download the password file from the SMF forum, and possibly access personal messages. If personal messages were used to exchange passwords then even more passwords may now be known.

My advice is: whenever you are asked for a password, randomly generate a new one, and then store that somewhere secure. For example the Keychain Access app on the Mac, or using Password Safe for PC or Ubuntu.

http://passwordsafe.sourceforge.net/

Then the most that can happen is your password to one site is compromised, not all sites.

Even though passwords should be stored in encrypted or hashed form, it is not particularly hard to reverse such encryption or hashing by a dictionary lookup.

As a side note, you should consider your email password to be particularly valuable. After all, we all know that if you lose your password to most sites, you can get it back by a "reset password" action, which results in an email being sent to you. If someone has access to your email password they can probably find out your other passwords.
Logged


Belgium
Offline Offline
Edison Member
*
Karma: 68
Posts: 1920
Arduino rocks; but with my plugin it can fly rocking the world ;-)
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Very good advice.
Logged

Do not PM me a question unless you are prepared to pay for consultancy.
Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -

Global Moderator
Dallas
Online Online
Shannon Member
*****
Karma: 208
Posts: 12934
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset


https://www.random.org/passwords/?num=1&len=24&format=html&rnd=new
Logged

Pages: [1]   Go Up
Jump to: