Front Page

Content

Authors

Game Index

Forums

Site Tools

Submissions

About

KK
Kevin Klemme
March 09, 2020
35176 2
Hot
KK
Kevin Klemme
January 27, 2020
20840 0
Hot
KK
Kevin Klemme
August 12, 2019
7430 0
Hot
O
oliverkinne
December 19, 2023
3987 0
Hot
O
oliverkinne
December 14, 2023
3511 0
Hot

Mycelia Board Game Review

Board Game Reviews
O
oliverkinne
December 12, 2023
2080 0
O
oliverkinne
December 07, 2023
2587 0

River Wild Board Game Review

Board Game Reviews
O
oliverkinne
December 05, 2023
2258 0
O
oliverkinne
November 30, 2023
2501 0
J
Jackwraith
November 29, 2023
3022 0
Hot
O
oliverkinne
November 28, 2023
1973 0
S
Spitfireixa
October 24, 2023
3699 0
Hot
O
oliverkinne
October 17, 2023
2627 0
O
oliverkinne
October 10, 2023
2463 0
O
oliverkinne
October 09, 2023
2295 0
O
oliverkinne
October 06, 2023
2511 0

Outback Crossing Review

Board Game Reviews
×
Bugs: Recent Topics Paging, Uploading Images & Preview (11 Dec 2020)

Recent Topics paging, uploading images and preview bugs require a patch which has not yet been released.

× A place to talk about stuff that doesn't belong anywhere else.

Kickstarter Breached

More
15 Feb 2014 20:17 - 15 Feb 2014 20:56 #171977 by Sagrilarus
Kickstarter just informed me that "some" customers' data has been breached.

I used a password that I've used on other sites, and of course two of them are down for maintenance this weekend so I can't enter new passwords.

Another reason to buy at your local store.

S.
Last edit: 15 Feb 2014 20:56 by Sagrilarus.
The following user(s) said Thank You: Rliyen

Please Log in or Create an account to join the conversation.

More
15 Feb 2014 21:01 #171980 by DukeofChutney
got this email too. Pain

Please Log in or Create an account to join the conversation.

More
15 Feb 2014 21:16 #171981 by jeb
Replied by jeb on topic Re: Kickstarter Breached
Get and use a password manager. I use LastPass, others use KeePass, there are a bunch of them. Most are cross-platform, integrate with browsers, even iOS. It's worth it.

I don't even know what my passwords are on most sites (this one included). It's some noisy bunch of crap that includes 20 characters (or less, if the site stupidly requires this.) I got this notice, logged in over there and had a new pile of schwas as my password in about 20 seconds.

If you will spend $5 on a latté, spend $5 on a password manager.
The following user(s) said Thank You: Josh Look, engineer Al

Please Log in or Create an account to join the conversation.

More
16 Feb 2014 09:39 #171994 by gversace
Replied by gversace on topic Re: Kickstarter Breached
Password managers fall down for me when I am logging in to something on a computer I don't have the password manager on, such as at work, or at a friend's. I find not knowing my password to be a pain, and LastPass requires a subscription for the iOS app (at least last I checked).

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 10:39 #172031 by SuperflyPete
It's not a big deal. It will take 2 years for the hackers to get people's passwords, and even if they do, they won't be the same as the actual passwords shown.

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 11:11 #172034 by san il defanso

jeb wrote: Get and use a password manager. I use LastPass, others use KeePass, there are a bunch of them. Most are cross-platform, integrate with browsers, even iOS. It's worth it.

I don't even know what my passwords are on most sites (this one included). It's some noisy bunch of crap that includes 20 characters (or less, if the site stupidly requires this.) I got this notice, logged in over there and had a new pile of schwas as my password in about 20 seconds.

If you will spend $5 on a latté, spend $5 on a password manager.


How do these work on other computers, like work or something like that? This would be a really good investment for me, but I do things on about three different machines.

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 11:21 #172036 by SuperflyPete
There are packages that hold the passwords and the software on a flash drive, so they're portable. I used to have a password software like this and a key fob USB drive to make things "easier" but then I found a password convention that produces incredibly strong passwords but allows you to remember thousands of them with zero effort.

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 11:25 - 17 Feb 2014 11:28 #172037 by wice
Replied by wice on topic Re: Kickstarter Breached


(after this XKCD cartoon was published, hackers added "correct horse battery staple" and all iterations of these words to their scripts)
Last edit: 17 Feb 2014 11:28 by wice.

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 11:49 #172040 by jeb
Replied by jeb on topic Re: Kickstarter Breached
I know some folks use KeePass, with the USB dongle, as Pete describes. That just gives me something else to lose and panics me a bit. I use KeePass with the database saved to Dropbox, which is universally accessible on my platforms. It can be integrated with clipboards for the most part, if not the browser, and can at least be seen in iOS, which can be enough.

www.howtogeek.com/165882/how-to-use-keep...s-and-on-your-phone/

Look into it. The hassle factor is there, but the hassle factor of recovering from a breach is MUCH lower.

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 12:44 #172043 by Sagrilarus
Replied by Sagrilarus on topic Re: Kickstarter Breached
I'm on seven or eight machines and have to keep track of about 50 passwords right now each in a set that can never repeat. I use a black book, as it's the only way to remain sane.

Keypass is a good idea that doesn't work for me personally. I could use it for my personal passwords but can't use it for work places.

S.

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 12:48 - 17 Feb 2014 12:49 #172045 by ChristopherMD
I usually just use the word password for pretty much everything. Its easy to remember. Sometimes I use my date of birth if it requires numbers.
Last edit: 17 Feb 2014 12:49 by ChristopherMD.
The following user(s) said Thank You: Aarontu, DeletedUser, Black Barney, ThirstyMan

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 12:55 - 17 Feb 2014 12:57 #172046 by SuperflyPete
I'll give you a secret method that I have used in the past, but I have a newer, better, secret'er way.


AAAAA(symbol)BBBBBBC

A= is the first letters of the web address. You can use the last letters (minus the dot com or whatever)
Symbol= Your symbol of choice which is the same symbol you use for everything
B=6 letter word that is the core of all your passwords
C=Alphanumeric code for the type of site, ie 1 for sites that have credit card info, 2 for anything else

An example would be
fort~fuckoff2 (first 4, tilde, personal key, non-shopping site) or keeg%fuckoff2 (same convention, just used last 4 backwards).

All you need to remember is the convention and your personal key "fuckoff", and all your passwords become very easy to remember. If you need to change password due to a breach, just use the last letters instead of the first. If you have to change AGAIN, due to another breach, don't go back to that site because they don't give a shit about your safety.
Last edit: 17 Feb 2014 12:57 by SuperflyPete.

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 13:42 - 17 Feb 2014 13:53 #172048 by tin0men
Replied by tin0men on topic Re: Kickstarter Breached
What jeb said; and a bit of Pete's comment: I use a sync'd password manager and a variety of long passwords (2-factor where available) for anything secure. But for low-risk sites, I'll often build variant passwords with 'known-formula' to let me 'reconstruct' the pw manually if I need to.

But for security, as an IT type with a lot of passwords with 12-15char minimums and as short as 2-week password rotations (at work), it makes for a lot of balls in the air, if you have an aging memory.

So I use the _freeware_ Keypass2 on my home pc, work pc, iphone4s and ipad2, all sync'd with dropbox.

On the IOS devices I use Minikeepass reading the synced kbdx file - not the snappiest method to open the db - esp if you're punching in a long master password, and a 2-factor keyfile spec, to get it open. But it does the job.

For most complex requirements or work, I use LONG 18-20char mixed case, + numbers + punctuation passwords, and Keepass's autotype functions to hot-key enter passwords.
The keepass 'URL in Title Bar' plugin can go a long way to helping you get a 'recognizable' browser title string, for matching the proper entry to the proper page.

Other plugins I like (from the keepass plugins page)
-KeePassFaviconDownloader (dl's an entry's matching icon - speeds up visually id'ing them in your lists)
-KPEntryTemplates - gives you custom entry screens for custom items like credit cards, or in my case, inventorying items at home (ser#'s, make, model, detailed specs on collections of things).
-PronouncePwGen - I don't use this much yet, but it's designed to build more human-readable passwords
-RDCAutoTypeAndTCATO - I use this one for compatibility with mstsc (MS TermServ RDP client, for remoting servers).
-WordSequence (custom-pw-construction-algorithm plugin, supports word lists & custom dictionaries)

Since I have it on my phones & dropbox, I've also taken to leveraging KP's capacity for holding files within an entry; passport & birthcertificates, vaccination-record scan images, , etc, for when traveling, or on my son.

Using a two-factor authentication (with a common-generic-item keyfile), and secure-desktop entry of the master password, *should* make things fairly secure. I'd like it better if I was re-encrypting the sync file on dropbox, but at this point, it's more important that I have the data sync'd than that one extra piece of security.

Also, with all the data breaches these day's I'm becoming a big fan of use of Google Authenticator and Symantec\Verisign VIP Access 2-factor apps on my devices:
GoogleAuth supports, google, facebook, dropbox & microsoft's sites (or any that provides a QR code export).
Symantec supports paypal, ebay, and a range of financial sites.
The above help ensure that, even if someone gets your uid & password, that they still are missing a piece of the puzzle to get logged on.

Would that more sites were actually using 2-factor though...
Well.. and that helpdesks at places like Amazon/Apple etc weren't staffed with idiots that hand out password resets over the phone, like candy...
Last edit: 17 Feb 2014 13:53 by tin0men.

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 14:29 - 17 Feb 2014 14:44 #172054 by tin0men
Replied by tin0men on topic Re: Kickstarter Breached

Sagrilarus wrote: I'm on seven or eight machines and have to keep track of about 50 passwords right now each in a set that can never repeat. I use a black book, as it's the only way to remain sane.


If this is a for-real policy position at a firm, they really need to consider revising, and/or providing a central alternative. Because, hand-written unencrypted records (or the old standard 'magical word .doc of passwords') are suicidally risky. And at the end of the day, their restrictions of secure password tools are in many ways making them _more_ at risk.

Most of the firm's I've worked at, not only permit you to use independent password keepers (or actively look the other way), some had active projects in the pipe to look at *buying* central password-management db apps. It's that important.

One of my prior jobs was at a firm that did US govt work, and wouldn't even permit *any* non-VPN remote email-access at all. They used 2-factor auth on all remote access (s'why they wouldn't do email; it didn't support it smoothly). They also drove 14day password expirations and other ridiculously burdensome options. But they didn't support or provide any centrally-approved means of managing passwords. And Security wasn't concerned about results, just paper policy. The firm also had an IT workforce with ages averaging over 50. Net result of the above combo was that I had coworkers with passwords openly written on cubicle walls...
Completely nuts.
Last edit: 17 Feb 2014 14:44 by tin0men.

Please Log in or Create an account to join the conversation.

More
17 Feb 2014 21:15 #172079 by MattFantastic

SuperflyTNT wrote: I'll give you a secret method that I have used in the past, but I have a newer, better, secret'er way.


AAAAA(symbol)BBBBBBC

A= is the first letters of the web address. You can use the last letters (minus the dot com or whatever)
Symbol= Your symbol of choice which is the same symbol you use for everything
B=6 letter word that is the core of all your passwords
C=Alphanumeric code for the type of site, ie 1 for sites that have credit card info, 2 for anything else

An example would be
fort~fuckoff2 (first 4, tilde, personal key, non-shopping site) or keeg%fuckoff2 (same convention, just used last 4 backwards).

All you need to remember is the convention and your personal key "fuckoff", and all your passwords become very easy to remember. If you need to change password due to a breach, just use the last letters instead of the first. If you have to change AGAIN, due to another breach, don't go back to that site because they don't give a shit about your safety.


your core word is dangerously accurate for many of my passwords you hacker fuck! hahaha

Please Log in or Create an account to join the conversation.

Moderators: Gary Sax
Time to create page: 0.171 seconds