|
||||
|
|
General Discussions Discuss Out of the Park Developments' games, web site, downloads, research and anything else related to OOTP Developments. |
|
Thread Tools |
02-01-2023, 09:07 AM | #1 |
Global Moderator
Join Date: Nov 2002
Location: Vancouver, Canada
Posts: 10,706
|
Don't Get Hacked: Practice Better Password Management
Occassionally we see long-term legit user accounts start posting spam out of nowhere and I have to imagine it's due to poor password practice. We then have to ban these accounts. You might say, just email them to reset their password. Well, that might work, but oftentimes the spammer will replace all the user's data with spam links so we have no way to contact the user. And even if the email is still legit, we can't wait for them to maybe respond and let the spammer spam more.
Anyway, if you don't want your account to be at risk of being hacked, please make sure you are practicing good password management. There are plenty of sites out there listing what you should do and not do, but here's a list off the top of my head:
__________________
Last edited by kq76; 02-01-2023 at 01:25 PM. Reason: replaced LastPass with BitWarden and added note about keeping some only in your head |
02-01-2023, 11:13 AM | #2 |
Hall Of Famer
Join Date: May 2003
Location: Under The Christmas Fish
Posts: 7,490
|
This is all very, very good information.
I would advise against LastPass, as they've had a number of data leaks and breaches over the years. https://www.cnet.com/tech/services-a...eir-passwords/ Personally, I'm a fan of BitWarden which is also free. For the more technically inclined there is KeePass, which is more secure since it doesn't store your data in the cloud, but the tradeoff is that the cloud-based services are a heck of a lot more convenient. If you opt for a cloud-based password manager I would also strongly suggest enabling MFA (multi-factor authentication) on it. And, honesty, I'd enable MFA everywhere that supports it. Last edited by eriqjaffe; 02-01-2023 at 11:14 AM. |
02-01-2023, 11:30 AM | #3 |
Global Moderator
Join Date: Nov 2002
Location: Vancouver, Canada
Posts: 10,706
|
Thanks, eriq! You're right, I should switch. Thanks for recommending BitWarden. I saw some headlines awhile ago about LP and figured I should look into others, but didn't for whatever reason. I'll try BitWarden now.
|
02-01-2023, 12:22 PM | #4 |
Hall Of Famer
Join Date: Apr 2009
Location: United States
Posts: 10,456
|
Here's the deal with those online password managers: They are accessible to hackers who are just as good at what they do as the security programmers.
So my preference is for Password Safe, for this reason: I control the data file. The program makes an encrypted file of all of your passwords so that you only have to remember one master password. Mine is 18 characters and I could type it out in my sleep. But the crucial difference is, unless some professional hacks into my laptop, finds this file, and solves an 18-character password, there is little chance of chicanery. Being a small fry, I doubt anyone will take the time and effort in my case. "Whoa, buster. That's fine for your laptop. What about your phone?" Well, it so happens that another kind soul, and again for free, has designed an app for Password Safe. The only trick is, when I update my passwords file on my laptop, I must remember to copy the file to my Google Drive. Then I download it from my drive to my phone, overwriting the old file. Of course, the file on Google Drive is immediately and permanently trashed. I do NOT allow browsers to remember by login data. That's asking for trouble. Yes, it's a minor hassle to need to open Password Safe and copy over the data (it does have a nifty, customizeable auto-type feature, though) but I would rather do that than cleaning up after a data breach. Over the long run, you think BitWarden is going to be any better than LastPass in that regard? I come across discussions like this in various places. I am surprised that Password Safe gets so little mention. Why is that? Because of the extra little work that is involved. Sad, really.
__________________
- Bru |
02-01-2023, 12:51 PM | #5 | |
Global Moderator
Join Date: Nov 2002
Location: Vancouver, Canada
Posts: 10,706
|
Quote:
I don't use them for everything however. For example, my banking passwords I only use long passphrases that are only in my head. I have a hints file somewhere to remind me what they are in case I forget, but only I would be able to make sense of the hints. And on top of it I change part of them every once in awhile. I think those are pretty full proof, but with how many things we need passwords for now (I probably have well over 100 in lastpass) there's no way I would want to do that for everything. And while your solution sounds great for you, I don't think it would work for everyone. It does sound like it's a bit more work than most people are willing to put in, but if you are willing to put in that extra effort then great. It's like how I use a program VeraCrypt to encrypt some files on my computer. It's great, but I think it's something many wouldn't want to bother with. My opening post was more meant for those people who aren't past using really simple passwords and using the same password for most of the sites they visit. The user I banned this morning posted in a thread 2 years ago that his steam account got hacked. And maybe he was employing some good password practices, but I'd say it's more likely that he wasn't. |
|
02-02-2023, 11:39 AM | #6 | |
All Star Reserve
Join Date: Nov 2009
Location: Fort Worth, TX
Posts: 940
|
Quote:
Another option is KeePass, which you can keep on a USB stick and store until you need to use again. |
|
02-02-2023, 04:06 PM | #7 |
Hall Of Famer
|
The key here should not be on ranking the best password managers; but recognizing the risks. For many years, I used the same or similar passwords, carrying them around in my head. Then there were enough for me to have to write them down. But that list only helped at home. When away, I could be locked out. And the passwords were still way too simple. After I migrated to Apple products, I eventually discovered Keychain. This is a simple way to store the passwords I choose, accesible on all my devices, with a reasonable degree of security. Now I can use the suggested seventeen-character passwords, and never have to worry about remembering or inputting them. Of course, this amps up the importance of my Apple password - the one I have to remember. But now I can set my phone for facial ID, and my ipad for fingerprint (which works less well). No, I don’t worry over thieves forcing me to access my phone, or cutting off my thumbs. It’s the hidden hackers I’m trying to beat.
__________________
Pelican OOTP 2020-? ”Hard to believe, Harry.” |
02-03-2023, 11:19 AM | #8 |
Hall Of Famer
Join Date: Feb 2012
Location: Inside The Game
Posts: 30,808
|
"like password or 12345678"
mine is 1234567890 its harder and people dont think to put 0 after 9.
__________________
Go today don't wait for tomorrow It isn't promised, all the time you get borrowed Don't live your life for other people Don't bottle your emotions till they crack and fill a couple just sorrows Take your mind and refocus go get a paper write your goals out Throw your middle fingers to all your haters "Stay Strong" |
02-04-2023, 01:48 PM | #9 |
Hall Of Famer
Join Date: Oct 2014
Location: Seattle
Posts: 2,224
|
Yes! Best reply ever.
|
10-12-2023, 11:00 AM | #10 |
Minors (Double A)
Join Date: Aug 2023
Location: Wilkes-Barre, PA
Posts: 179
|
Who has enough free time to care enough to hack someone's ootp forum account lol
__________________
-cody |
01-06-2024, 11:51 AM | #11 |
All Star Reserve
Join Date: Nov 2009
Location: Fort Worth, TX
Posts: 940
|
|
01-07-2024, 04:02 AM | #12 |
Hall Of Famer
Join Date: Feb 2012
Location: Inside The Game
Posts: 30,808
|
My sister is my password manger. Her ideas for passwords are great. of course i have to put them all on paper and my phone in case i get logged out. the passwords i create all revolve around players in my leagues. You would have to really follow my dynasty threads and know the backstory of the players i use passwords of.Only account i have ever had hacked was FB 10+ years ago and it was a simple PW.
__________________
Go today don't wait for tomorrow It isn't promised, all the time you get borrowed Don't live your life for other people Don't bottle your emotions till they crack and fill a couple just sorrows Take your mind and refocus go get a paper write your goals out Throw your middle fingers to all your haters "Stay Strong" |
02-09-2024, 06:49 AM | #13 |
Bat Boy
Join Date: Jan 2024
Location: london
Posts: 5
|
Your approach with Password Safe seems solid, especially with the emphasis on control and minimizing the attack surface. While online password managers have their conveniences, the trade-off with potential vulnerabilities is a real concern. Your method of managing the encrypted file locally and being mindful of syncing it to your phone via Google Drive provides a good balance of security and convenience. It's a bit more manual, but the added control might be worth the effort, especially for those who prioritize security over seamless integration. It's interesting how some effective solutions get less attention, possibly due to the extra steps involved, even though they offer a robust approach to password management.
Last edited by kq76; 02-21-2024 at 01:04 AM. Reason: removed quote |
02-21-2024, 12:25 AM | #14 |
Bat Boy
Join Date: Feb 2024
Posts: 10
|
I'm also a long-time fan of Bitwarden, until I start to experience some bugs. I am now using the free version of Proton Pass, and I am pretty happy with it.
|
Bookmarks |
|
|