AwkwardSituation (OP)
Newbie
Offline
Activity: 29
Merit: 0
|
|
October 09, 2012, 03:53:54 PM |
|
Seriously. The number one way to get owned is to use the same username and password, email and password, etc., on sites like here, and your mining pool, or email and facebook. It negates the purpose of having a username and password if they are all the same. We can't trust that the websites, and their databases and the traffic going between them are secure, so why not add a little fun to would be hackers trying to get your bitcoins by using a bunch of different passwords. We are often locked into using the same username often times because it is our email address, but the password we can control.
You can use a computer NOT connected to the internet to run a program like KeePass to store all your different usernames and passwords, there are a lot of free password management programs. Smart Phones have them too and if you don't install untrusted applications on your phone you can be "fairly" sure your smartphone is secure, though that's not guaranteed by any means either.
DO encrypt your bitcoin wallet and back it up. Use a silly passphrase, not a password to secure it.
That's all, god damn I'm tired of saying this. Key loggers fucking suck.
|
|
|
|
Belami
Newbie
Offline
Activity: 5
Merit: 0
|
|
October 09, 2012, 03:56:31 PM |
|
Did you have a bad experience with this?
|
|
|
|
pekv2
|
|
October 09, 2012, 03:57:21 PM |
|
lol.
I had a thread written up and was stickied, but members kept trolling it, I ended up clearing the OP and locking it. Lets see how many more threads like this one here pop up. You can thank the mods for not cleaning up the OT posts and trolls.
|
|
|
|
RaTTuS
|
|
October 09, 2012, 04:07:55 PM |
|
just get yourself a lastpass [free] account and use it
|
In the Beginning there was CPU , then GPU , then FPGA then ASIC, what next I hear to ask ....
1RaTTuSEN7jJUDiW1EGogHwtek7g9BiEn
|
|
|
nobbynobbynoob
|
|
October 09, 2012, 04:12:56 PM |
|
Keyloggers are indeed pure evil, but good password management won't immunize one from those anyway, only multi-factor authentication (Yubikey, SMS verification, etc.) can do that.
|
|
|
|
AwkwardSituation (OP)
Newbie
Offline
Activity: 29
Merit: 0
|
|
October 09, 2012, 04:21:42 PM |
|
Yeah two factor authentication would be nice to have everywhere, I use it for my gmail account myself. No I have never had a bad experience with this, but i have helped hundreds of people who have.
LastPass, KeePass, yeah good stuff. Use it people. Damn these forums get a TON of action, there probably aren't enough moderators man.....This is probably one of the busier forums I have seen.
|
|
|
|
Handle
Newbie
Offline
Activity: 12
Merit: 0
|
|
October 09, 2012, 06:49:58 PM |
|
This is very important! Some years back I found some databases of forums via google because the backup folders were not protected at all! One was from a forum with several thousand members. Sometimes it needs no uber-skilled crook to hack a site and steal their database, even admins of large sites can be lazy and / or careless so the best thing is always to expect the worst and choose a strong password you use only for that specific site. Tools for this (KeePass and so on) have already been mentioned here.
|
|
|
|
ryann
Member
Offline
Activity: 70
Merit: 10
|
|
October 09, 2012, 06:56:00 PM |
|
The only way to stop a keylogger is by using key encryption software.
|
|
|
|
WorldOfBitcoin
Member
Offline
Activity: 102
Merit: 10
|
|
October 09, 2012, 07:02:17 PM |
|
The only way to stop a keylogger is by using key encryption software.
Or use on screen keyboard for important passwords
|
|
|
|
ryann
Member
Offline
Activity: 70
Merit: 10
|
|
October 09, 2012, 07:15:33 PM |
|
The only way to stop a keylogger is by using key encryption software.
Or use on screen keyboard for important passwords On screen keyboards can still be seen by a trojan. If they are recording your screen they will see which buttons you pushed.
|
|
|
|
Kontakt
|
|
October 09, 2012, 07:26:06 PM |
|
It would be interesting to design a hardware solution to this; some sort of keyboard that transmits encrypted data that could be decoded by a plugin in the web browser that would print the cleartext in the fields selected.
|
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1147
The revolution will be monetized!
|
|
October 09, 2012, 07:31:07 PM |
|
With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key. Even if your not connected to a network.
|
|
|
|
Kontakt
|
|
October 09, 2012, 07:33:48 PM |
|
With the right hardware you can keylog by looking over the person's shoulder with a satellite.
|
|
|
|
nobbynobbynoob
|
|
October 09, 2012, 08:24:46 PM |
|
With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key. Even if your not connected to a network.
Electromagnetic shielding is available for the truly paranoid! (Probably only via the black market in some countries?)
|
|
|
|
Foxtra
Newbie
Offline
Activity: 28
Merit: 0
|
|
October 09, 2012, 08:31:21 PM |
|
I didn't know LastPass, I just tried. It's amazing thx a lot. EDIT : By the way, get one month free premium account for free signing here : https://lastpass.com/f?728556
|
|
|
|
pre4ead
Newbie
Offline
Activity: 12
Merit: 0
|
|
October 09, 2012, 09:14:10 PM |
|
Are there potential vulnerabilities with LastPass? (eg if someone accesses your LastPass, they have all of your passwords). Is there a risk here?
|
|
|
|
lakingsfan12
Newbie
Offline
Activity: 4
Merit: 0
|
|
October 09, 2012, 09:20:25 PM |
|
Are there potential vulnerabilities with LastPass? (eg if someone accesses your LastPass, they have all of your passwords). Is there a risk here?
At some point you have to trust someone. It is scary to think that your passwords are all stored there - make sure your account password in to lastpass is very complex. According to their site, they use an encryption method that uses your password to encrypt your passwords in their DB so even if they were hacked, your passwords are "safe." I have been using lastpass for at least 3 years now and have been very happy with it. The only problem I find is when I am away from my computer and want to log into a financial site or something - I have no idea of my password and have to do a little jumping around to their site to find it - but its worth it.
|
|
|
|
MaxSan
|
|
October 09, 2012, 09:24:50 PM |
|
lol LastPass
pretty sure was a LastPass account that got hacked which caused a fuckload of coins to be stolen from bitcoinica.
Stupid idea, nice way to make it easy for people to rob you, only have to log a single passoword and they gain all access.. magic.
|
|
|
|
cedivad
Legendary
Offline
Activity: 1176
Merit: 1001
|
|
October 09, 2012, 09:37:56 PM |
|
With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key. Even if your not connected to a network.
Try it and then tell me. I know about the physics under the wood, but its still fantascientific.
|
My anger against what is wrong in the Bitcoin community is productive: Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)Hashfast.org - Wiki for screwed customers
|
|
|
dirtycat
|
|
October 09, 2012, 10:00:33 PM |
|
so your saying I shouldn't use the same username / pass at all sites I register with?
|
poop!
|
|
|
|