Nothing personal
-
More and more people are taking action to regain control of their personal information online. With Data Privacy Day around the corner, we asked our devs for some tips on how to do this.
Click here to see the full blog post
-
Regarding to passwords, change them from time to time, in case someone is trying to hack you, he will need to start from the scratch.
-
@lamarca I would say that there is no net benefit to changing passwords on a time-expiry basis.
If you're remembering passwords manually (no password manager), you're just creating more work for yourself, which might lead you to use predictable passwords as replacements.
If you're using a password manager, your passwords are going to have enough entropy that a hacker trying to guess them is a silly endeavour that will get them nowhere.
And as far as changing your password manager master password on a regular basis, that won't do anything useful for you unless you also go through and change all of the passwords in your database as well, as you can't assume that someone hasn't got an old copy of your database.
Basically, just use a password manager with a strong secure yet memorable (to you) master password, and totally random passwords for anything else, and you'll be fine.
-
@lamarca said:
(...) in case someone is trying to hack you (...)
No need to hack me when it is seemingly easy to hack poorly secured web servers like equifax, or yahoo etc. pp.
Literally billions of passwords, mail accounts data, social security numbers and even more private data were leaked over the last years, no thanks to advanced cracking techniques, weakly secured passwords on servers (weak hashing algorithms etc.). Often the passwords are not even needed because the culprits can use hash collisions. Not that long ago some services still stored passwords and usernames as plain text (probably some still do), or it was easy to guess some additional data to get full disclosure about private data of literally millions of people up to and including full medical records.But this all is not about criminals stealing our data, they will always find a way, but about normal legitimate companies that collect our data on every step we take and create really detailed profiles about us.
Enough ranting about companies and some of them that obviously give a **** about securing our data, back to the browser:
Switch off JavaScript and cookies wherever you can.
Work with whitelists.
That makes it definitely, while by far not impossible, but way harder to collect data about you. -
So, why two factors authentification isn't available here ?
-
@lamarca said in Nothing personal:
Regarding to passwords, change them from time to time, in case someone is trying to hack you, he will need to start from the scratch.
If you make the change in the midst of the hacking attempt, perhaps. But other than that unlikely event, it makes no difference that the password has been changed, and is a waste of effort.
-
-
@lonm said in Nothing personal:
I would say that there is no net benefit to changing passwords on a time-expiry basis.
If you're remembering passwords manually (no password manager), you're just creating more work for yourself, which might lead you to use predictable passwords as replacements.
If you're using a password manager, your passwords are going to have enough entropy that a hacker trying to guess them is a silly endeavour that will get them nowhere.
And as far as changing your password manager master password on a regular basis, that won't do anything useful for you unless you also go through and change all of the passwords in your database as well, as you can't assume that someone hasn't got an old copy of your database.
Basically, just use a password manager with a strong secure yet memorable (to you) master password, and totally random passwords for anything else, and you'll be fine.I totally agree and couldn't have said it any better! I personally have over 1,000 strong passwords stored in my password manager and i have never been hacked in over 20 years.
-
@cqoicebordel: I am always restrained about two-factor authentification. I mean, i get the idea but those stupid companies are really good at losing my data and they already have more than i like. Now they also want to lose my telephone number? Yeah, great...
-
@sophos02 said in Nothing personal:
I am always restrained about two-factor authentification. I mean, i get the idea but those stupid companies are really good at losing my data and they already have more than i like. Now they also want to lose my telephone number? Yeah, great...
In addition to that, clever criminals have figured out that they can get access to your phone number which makes two-step verification even more insecure than none. See this article as an example:
https://www.howtogeek.com/212219/hereβs-how-an-attacker-can-bypass-your-two-factor-authentication/
-
@lamarca said in Nothing personal:
Regarding to passwords, change them from time to time, in case someone is trying to hack you, he will need to start from the scratch.
That's a common misconception. No matter how often you change your password, it will NOT change the chance of it being broken by force.
Changing password only prevents from their unauthorized reuse. Compare them to keys. If somebody steals spare set of keys, changing lock will deny access to the stolen keyset, but will not change the chance of lockpicking the door, assuming the lock type is equal. -
@sophos02 Except that 1) It's optional, and 2) a good two factors auth isn't based on your phone number, but on math, with an app on your phone, your computer, your keychain, that gives you a code that is only valid a very limited amount of time (usually 30s).
Which means that for an attacker to access your account, he needs your login/password + a physical object of your choosing.It doesn't change anything, if an intruder has access to the servers of the company, you are still boned. But only on that website. They couldn't reuse your login/password on any other site you are using them, because they don't have the physical object you choose.
-
-