Bitcoin Forum
November 01, 2024, 12:51:23 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Do not use same username and pw ANYWHERE  (Read 1764 times)
AwkwardSituation (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
October 09, 2012, 03:53:54 PM
 #1

Seriously.  The number one way to get owned is to use the same username and password, email and password, etc., on sites like here, and your mining pool, or email and facebook.  It negates the purpose of having a username and password if they are all the same.  We can't trust that the websites, and their databases and the traffic going between them are secure, so why not add a little fun to would be hackers trying to get your bitcoins by using a bunch of different passwords.  We are often locked into using the same username often times because it is our email address, but the password we can control.

You can use a computer NOT connected to the internet to run a program like KeePass to store all your different usernames and passwords, there are a lot of free password management programs.  Smart Phones have them too and if you don't install untrusted applications on your phone you can be "fairly" sure your smartphone is secure, though that's not guaranteed by any means either.

DO encrypt your bitcoin wallet and back it up.  Use a silly passphrase, not a password to secure it. 

That's all, god damn I'm tired of saying this.  Key loggers fucking suck.
Belami
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
October 09, 2012, 03:56:31 PM
 #2

Did you have a bad experience with this?
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
October 09, 2012, 03:57:21 PM
 #3

lol.

I had a thread written up and was stickied, but members kept trolling it, I ended up clearing the OP and locking it. Lets see how many more threads like this one here pop up. You can thank the mods for not cleaning up the OT posts and trolls.
RaTTuS
Hero Member
*****
Offline Offline

Activity: 792
Merit: 1000


Bite me


View Profile
October 09, 2012, 04:07:55 PM
 #4

just get yourself a lastpass [free] account and use it

In the Beginning there was CPU , then GPU , then FPGA then ASIC, what next I hear to ask ....

1RaTTuSEN7jJUDiW1EGogHwtek7g9BiEn
nobbynobbynoob
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


Annuit cœptis humanae libertas


View Profile WWW
October 09, 2012, 04:12:56 PM
 #5

Keyloggers are indeed pure evil, but good password management won't immunize one from those anyway, only multi-factor authentication (Yubikey, SMS verification, etc.) can do that.

Earn Free Bitcoins!   Earn bitcoin via BitcoinGet
BTC tip: 1PKkvuwC24Vqjv9odigXs1QVzE66jEJqmb (if <200 µBTC, please donate to charity)
LTC tip: LRqXaNdF79QHvhPpS5AZdEJZnLiNnAkJvq (if <Ł0,05, please donate to charity)
AwkwardSituation (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
October 09, 2012, 04:21:42 PM
 #6

Yeah two factor authentication would be nice to have everywhere, I use it for my gmail account myself.  No I have never had a bad experience with this, but i have helped hundreds of people who have. 

LastPass, KeePass, yeah good stuff.  Use it people.  Damn these forums get a TON of action, there probably aren't enough moderators man.....This is probably one of the busier forums I have seen.
Handle
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
October 09, 2012, 06:49:58 PM
 #7

This is very important! Some years back I found some databases of forums via google because the backup folders were not protected at all! One was from a forum with several thousand members. Sometimes it needs no uber-skilled crook to hack a site and steal their database, even admins of large sites can be lazy and / or careless so the best thing is always to expect the worst and choose a strong password you use only for that specific site. Tools for this (KeePass and so on) have already been mentioned here.
ryann
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
October 09, 2012, 06:56:00 PM
 #8

The only way to stop a keylogger is by using key encryption software.
WorldOfBitcoin
Member
**
Offline Offline

Activity: 102
Merit: 10



View Profile
October 09, 2012, 07:02:17 PM
 #9

The only way to stop a keylogger is by using key encryption software.

Or use on screen keyboard for important passwords
ryann
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
October 09, 2012, 07:15:33 PM
 #10

The only way to stop a keylogger is by using key encryption software.

Or use on screen keyboard for important passwords

On screen keyboards can still be seen by a trojan. If they are recording your screen they will see which buttons you pushed.
Kontakt
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250



View Profile
October 09, 2012, 07:26:06 PM
 #11

It would be interesting to design a hardware solution to this; some sort of keyboard that transmits encrypted data that could be decoded by a plugin in the web browser that would print the cleartext in the fields selected.
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
October 09, 2012, 07:31:07 PM
 #12

With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key.  Even if your not connected to a network.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
Kontakt
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250



View Profile
October 09, 2012, 07:33:48 PM
 #13

With the right hardware you can keylog by looking over the person's shoulder with a satellite.
nobbynobbynoob
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


Annuit cœptis humanae libertas


View Profile WWW
October 09, 2012, 08:24:46 PM
 #14

With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key.  Even if your not connected to a network.

Electromagnetic shielding is available for the truly paranoid! (Probably only via the black market in some countries?)

Earn Free Bitcoins!   Earn bitcoin via BitcoinGet
BTC tip: 1PKkvuwC24Vqjv9odigXs1QVzE66jEJqmb (if <200 µBTC, please donate to charity)
LTC tip: LRqXaNdF79QHvhPpS5AZdEJZnLiNnAkJvq (if <Ł0,05, please donate to charity)
Foxtra
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile
October 09, 2012, 08:31:21 PM
 #15

I didn't know LastPass, I just tried. It's amazing thx a lot.
EDIT : By the way, get one month free premium account for free signing here : https://lastpass.com/f?728556
pre4ead
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
October 09, 2012, 09:14:10 PM
 #16

Are there potential vulnerabilities with LastPass? (eg if someone accesses your LastPass, they have all of your passwords). Is there a risk here?
lakingsfan12
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
October 09, 2012, 09:20:25 PM
 #17

Are there potential vulnerabilities with LastPass? (eg if someone accesses your LastPass, they have all of your passwords). Is there a risk here?

At some point you have to trust someone.  It is scary to think that your passwords are all stored there - make sure your account password in to lastpass is very complex.  According to their site, they use an encryption method that uses your password to encrypt your passwords in their DB so even if they were hacked, your passwords are "safe."

I have been using lastpass for at least 3 years now and have been very happy with it.  The only problem I find is when I am away from my computer and want to log into a financial site or something - I have no idea of my password and have to do a little jumping around to their site to find it - but its worth it.
MaxSan
Sr. Member
****
Offline Offline

Activity: 369
Merit: 250


View Profile
October 09, 2012, 09:24:50 PM
 #18

lol LastPass

pretty sure was a LastPass account that got hacked which caused a fuckload of coins to be stolen from bitcoinica.

Stupid idea, nice way to make it easy for people to rob you, only have to log a single passoword and they gain all access.. magic.
cedivad
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
October 09, 2012, 09:37:56 PM
 #19

With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key.  Even if your not connected to a network.
Try it and then tell me.
I know about the physics under the wood, but its still fantascientific.

My anger against what is wrong in the Bitcoin community is productive:
Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)
Hashfast.org - Wiki for screwed customers
dirtycat
Sr. Member
****
Offline Offline

Activity: 456
Merit: 250



View Profile
October 09, 2012, 10:00:33 PM
 #20

so your saying I shouldn't use the same username / pass at all sites I register with?

poop!
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!