The Heartbleed vulnerability clearly again demonstrated that we Internet users massively depend on our passwords. We need an extra password for each account: security experts preach this rule for years. If once a site or a user account is hacked or a vulnerability occurs, as now Heartbleed, then not all your data are in danger.
Taken from :
DON’T
» Reuse passwords. If you do, a hacker who gets just one of your accounts will own them all.
» Use a dictionary word as your password. If you must, then string several together into a pass phrase.
» Use standard number substitutions. Think “P455w0rd” is a good password? N0p3! Cracking tools now have those built in.
» Use a short password—no matter how weird. Today’s processing speeds mean that even passwords like “h6!r$q” are quickly crackable. Your best defense is the longest possible password.
DO
» Enable two-factor authentication when offered. When you log in from a strange location, a system like this will send you a text message with a code to confirm. Yes, that can be cracked, but it’s better than nothing.
» Give bogus answers to security questions. Think of them as a secondary password. Just keep your answers memorable. My first car? Why, it was a “Camper Van Beethoven Freaking Rules.”
» Scrub your online presence. One of the easiest ways to hack into an account is through your email and billing address information. Sites like Spokeo and WhitePages.com offer opt-out mechanisms to get your information removed from their databases.
» Use a unique, secure email address for password recoveries. If a hacker knows where your password reset goes, that’s a line of attack. So create a special account you never use for communications. And make sure to choose a username that isn’t tied to your name—like m****n@wired.com—so it can’t be easily guessed.
Have you already changed your password(s)?
If not, then immeadiately do so, use a password manager like ...
-----------------------------
The comic author illustrated the vulnerability with a stick figure that converse with a server: the male sends a message to the computer to see whether the applicant still connected. It consists of three parts: the question "you still there?", in a word, the computer should respond with the word, and the number of characters of the word. The "Heartbleed" error is that you can send a number of characters the server, which is much greater than that of the desired response. An example: "reply with 'Hat', in 500 characters." To the computer with the word responds "Hat" and another 497 characters that reside in his memory.
The male reveals so much more information than it should. May also be passwords, credit card details or other secret information about users.
Last edited by jwoegerbauer; 12-04-14 at 06:07 PM. Reason: img added
Look Here -> |
Nice post I must say. these days Passwords should be changed regularly. I also say that there should be another way of protecting ourselves rather than just passwords. I have seen some company that was acquired by Google that introduced the concept of voice passwords that we might be implemented soon.
I was listening to Steve Gibson talking about Heartbleed and security in general, he uses LastPast for his passwords so I downloaded the free one a couple of weeks ago.
Very impressed atm, well until the Last Past vault is hacked, but then if its good enough for Steve then its for me. LastPast has placed a site ssl checker on their site since Heartbleed.
Even the online password manager LastPass was affected by the heartbleed gap. Wondering who trusts such an online service furthermore. An offline password manager surely is the better alternative.
Does password manager use an offline master password and is the danger your computer dies you've lost all your passwords? or does it back it up to usb drive. Never used a program like keypass.
Some workplaces don't let you use your own programs or a USB for example Department of Defence civilian workers can't.
A post it note with you password/s stuck on the side of your screen! Nobody ever looks there for passwords.
Inside back cover of the 'Spiral Notebook' works a treat too
I have all my passwords & sign in details in alphabetical order on several pages in a Lotus word pro file that is protected & encrypted by 1 easy for me to remember master password.
Every time I change passwords for my bank or other website, it's simple to edit my list.
This can also be done in Microsoft word, however I prefer the lotus format for this.
Cheers, Tiny
"You can lead a person to knowledge, but you can't make them think? If you're not part of the solution, you're part of the problem.
The information is out there; you just have to let it in."
Bookmarks