CAUTION:Guys,
I did a small security check of our forum user database.
Please change all your passes on every single site and exchange.
Engine was able to find some decrypted salted(md5) hashes from the forum in an open hash database.
(mosts sites are using simple md5)
I was able to login on a known exchange with one of the forum accounts. (affected users are PM'ed)
That's showing us:
public password lists aren't fake. ![Shocked](https://bitcointalk.org/Smileys/default/shocked.gif)
If I am able to do that - do the math.. How many other evil people are able to do that?
Some of you guys (to be honest: including myself) are always using the same user/pass/mail combination. I'm right, am I not?
That's really negligently and a major issue.
If you are really paranoid, follow these rules: Use a strong master password that's easy to remember like: my-Mother-1s-k1ll1ng-the-CAT!my-Mother-1s-k1ll1ng-the-CAT!
Use a separate password for every single page.
Create a text password file (in an encrypted container). On Mac you can create a password protected DMG file for that.
Change your master password from time to time and never write it down.
Use 2-factor-auth where ever it's possible
Create 10 or more different mail addresses (or redirection services).
If you have remote access to any of your home pcs or internet servers, then use strong passwords for SSH/FTP or VNC.
Change your standard ports. (Example: SSH 443 -> 8223)
Close every unused port in your router.
Never use any kind of closed source software like Teamviewer. If there is no other way, don't forget to close it. Paste your passes into wallets. Don't use a keyboard for the input. If thats impossible use a virtual keyboard.
Use a Firewall for outgoing traffic (Little snitch on MacOS as an example)
Cheers,
Ray