Don't use your bitcointalk account password on other websites

[lovesmayfamilis]

People learn from their mistake and so experience is what counts. So, users who have gone through and made some mistakes are sharing it and how it could be easily avoided by new users. So, it is important for users to check out such threads and see if they are doing same mistake then start correcting it.

You are completely correct in saying that the best lessons we learn only when we make our mistakes.
All guides described in this topic will be useful to everyone, not just beginners. We are often not very aware of security, thinking that nothing bad can happen to us.

The rule that must be learned is this: if your profile on the forum is dear to you, then take care of it. Strong passwords, mail with which you registered only on this forum, and has double verification, as well as a signed message from your bitcoin wallet with the name of your account on the forum.

Plus, don't store important data on your computer. Those who use Windows systems are very susceptible to all kinds of key loggers. Timely antivirus scanning will also help keep your data safe.

[1713969316]

1713969316

[1713969316]

1713969316

[1713969316]

1713969316

[1713969316]

1713969316

[Asuspawer09]

I was worried about this issue back in the day because if you just think about it websites could just use your password and login into your accounts if you use the same password on the other websites. And I think I've done the mistake in my early days because we know that it's easy to remember your password when you only have 1 password or 2 passwords .  As an IT I understand that passwords in a website are actually encrypted so even the programmers or the websites should not be able to see your password at least.

It's better to have a strong password or another layer of protection when it comes to your Gmail because every website is just connected to your email, having an access to your email account meaning having a access to all of your accounts on different websites most of the time.

But it's a different story when it comes to phishing websites or scammed websites because their goal is to get your information so I don't think they have encryption or anything.

Also, the construction of your password is important:



Source:
https://www.facebook.com/photo.php?fbid=10164381734490372&set=gm.2824409767782130&type=3&theater
https://howsecureismypassword.net/

You could also check how should your password here:
https://howsecureismypassword.net/
after what i said maybe you don't trust the website anymore, putting some password .

[tom_trader]

Using an exclusive computer linux  based to access your cryto related website businesses is a great step. Don't download anything from internet, be torrent or sharing-websites like mega. Don't install cracked softwares, nor apps and never connect usb to it.
Use it exclusively for crypto related browsing.

That way you can make individual powerful passwords and keep them in a txt file without putting them in risk.
 

[DdmrDdmr]

<…> That way you can make individual powerful passwords and keep them in a txt file without putting them in risk.

But having them on a txt file on the actual drive, even on linux, may still encounter the odd malware that you can install through a wallet downloaded from a wrong site. What’s more, even if isolating the computer as much as possible will mitigate risks, there’s still the risk that someone grabs/steals your physical computer, and mounts the linux disk as a secondary device to access the content, gaining access the txt file.

[khaled0111]

As an IT I understand that passwords in a website are actually encrypted so even the programmers or the websites should not be able to see your password at least.
...

This is not always true. It depends entirely on the website you are using and its owner.
The owner/developer is the one who decides how passwords are going to be saved on the database (plain text or encrypted).
As a user and without having access to the website's back end, there is no way to know how passwords are being saved.

Using an exclusive computer linux  based to access your cryto related website businesses is a great step.

I encourage everyone to use Linux but it doesn't mean you are going to be 100% safe. A Linux OS can be hacked too and it doesn't matter which OS you are using if you enter your credentials into a phishing website.

[tom_trader]

<…> That way you can make individual powerful passwords and keep them in a txt file without putting them in risk.

But having them on a txt file on the actual drive, even on linux, may still encounter the odd malware that you can install through a wallet downloaded from a wrong site. What’s more, even if isolating the computer as much as possible will mitigate risks, there’s still the risk that someone grabs/steals your physical computer, and mounts the linux disk as a secondary device to access the content, gaining access the txt file.

Well, then use a brand new usb flash drive to save it there and use it exclusively with that PC. Downloading anything infected with  malware is user's fault. Hence avoid downloading anything from that computer. And of course, having a genuine licensed antivirus will prevent most of the malwares beign installed.
If someone steals a PC, there is no much you can do about it.
  

[2double0]

<<>>
If someone steals a PC, there is no much you can do about it.
  

Tbh, keeping such things on a PC is not only stupid, but dangerous too.
Imho, I would never keep any of my passwords stored anywhere but write them down straight away. Keep a specific book (one is fine but you can keep 2 if you fear any kind of damage to the first one). Write the website name, username, email and password (and any extra details that are important to you like your security Q&A) and do the same in the second book. You can use a carbon paper and keep 2nd book's blank page under 1st book's page and then write if you don't want to do double up your workload. Keep both the books safe (but not in same place). Saving your passwords on browsers is also not a good practice if you want to save yourself from getting hacked.

[Assface16678]

Also I see a lot of reports before with the use and problem of the members about their accounts because some of them reports it's hacked and forgot the password sometimes they are using the same password to their different accounts and also to their emails which is not a good thing this is too much prone to hacking.

Also there are alot of them using only the left part of the keyboard to make it more easiest commonly with the use of

A
S
W
D
R
1
2
3

[Latviand]

Prioritize the security of your account above all because it is not that easy to earn your rank here.

Never settle with only one email that you will use when you access other platforms. Using VPN is not that hard to do, you can learn how to apply it in Youtube and any other tutorials because it is really important. Always make a unique password, as soon as possible maximize using letters, numbers, and symbols to have a unique combination of passwords. Keep in mind that bitcointalk account is not that instant to have, so value it and take care of it to prevent scamming and hacking.

[gentlemand]

I don't give a fuck about passwords for most websites. I use the same one a million times. There's no info of note.

However one's Bitcointalk account can be a truly valuable thing so you owe it to yourself to get it right. A few minutes of thought and memorisation will save you plenty of future grief.

[yazher]

My Bitcointalk password is always been unique since I last changed it because I was afraid that something like this could happen and getting it back is not guaranteed since the step is so complicated and there were some users who didn't get back their account after someone hacks them. Before things going out of our hand, it is better to do this step and don't forget before doing it, you must stake your BTC address here: https://bitcointalk.org/index.php?topic=990345.0

In case you messed up, The steps to recover your lost account is here: https://bitcointalk.org/index.php?topic=990345.0

[Rosilito]

-
For me, I highly recommend to the members use a
Camel Case
Symbol
Number

As far as making your password stronger goes, you should take a look with @bob123's reply, here, and have it into consideration whenever you'll create one or if you would make some changes with your pw. This maybe kind of odd to do for typical users, since it is quite straightforward  .

[Krislaw]

I've also done the same mistake but instead using my mobile number and adding my birthday which i thought a good and secured idea but it got hacked, so don't put shared personal information in your password and add a backup email. I suggest to use different email, I'm currently using different email on different social accounts so it will be more secured, when one account got hacked the others will be safe.

[Nellayar]

Actually, having an identical passwords in different websites will put you in a risk. Because hackers can easily access your account in any websites you may attended. This is the reason why I want to generate different passwords with strong security so that I can avoid loss of my accounts. My password in BTT is different in my password at binance or any social media app. There are many people have been victim because of their similar passwords and it should be a lesson for all of us that putting a strong password and different in any websites will put as away in harm.

[Asuspawer09]

As an IT I understand that passwords in a website are actually encrypted so even the programmers or the websites should not be able to see your password at least.
...

This is not always true. It depends entirely on the website you are using and its owner.
The owner/developer is the one who decides how passwords are going to be saved on the database (plain text or encrypted).
As a user and without having access to the website's back end, there is no way to know how passwords are being saved.

I agree, but it is a good practice to encrypt the password as a programmer since you cannot really leak any information from your users, it is against the law in my country.

That is actually the problem since they are a phishing website they just want to get information so the programmer programs it that way to get information easily.

[DdmrDdmr]

These are some statistics I’ve found on the topic of password reuse:

Here are some staggering statistics that show the magnitude of the password reuse problem.
1.   A Google survey found that at least 65% of people reuse passwords across multiple, if not all, sites.
2.   Another recent survey found that 91% of respondents claim to understand the risks of reusing passwords across multiple accounts, but 59% admitted to doing it anyway.
3.   Microsoft recently announced that a staggering 44 million accounts were vulnerable to account takeover due to compromised or stolen passwords.
4.   The average person reuses each password as many as 14 times.
5.   72% of individuals reuse passwords in their personal life while nearly half (49%) of employees simply change or add a digit or character to their password when updating their company password every 90 days. These forced resets are an ineffective tactic.
6.   And it is not just personal accounts. 73% of users duplicate their passwords in both their personal and work accounts.
7.   Security.org found that 76% of millennials recycle their passwords.
8.   This is why compromised passwords are responsible for 81% of hacking-related breaches, according to the Verizon Data Breach Investigations Report.

See: https://securityboulevard.com/2020/04/8-scary-statistics-about-the-password-reuse-problem/

The above link allows us to reference the original source for each statement, originated in different surveys over the last couple of years, with different scopes and population sizes.

The surge and constant expansion of sites we suscribe to, that require the creation of an account (ecommerce and so forth), requires an excessive memory exercise, which leads to bad habits such as password reuse. Keeping just a few distinct credential pairs in mind for sensitive sites (hopefully with 2FA as an additional platform feature), and using a decent password manager to keep track of the others, should present a reasonable scenario where no site credentials are reused. The problem is that many people still remain unaware of the threat that password reuse practice poses.

[cheezcarls]

Most of the people are aware of this issue. And there might be few topics about this matter before. I just want to share my experience with you all and hope it will be helpful for those who aren't aware of it.

Firstly my intention was to earn bitcoin from faucets. But slowly slowly the forum introduced me with other crypto related things (like gambling, mining, trading, investing). I started to engage myself with those platform and created account at most of the new sites that I have found in this forum. I used the same password, email and username at most other sites which I have used in my forum account. It was my fault. Hacker got my password from any of those site(phishing) and accessed my account.

Though he didn't made any post or spam from my account. But he changed my account password on 9th July, 2018. On 12th July I came back and found that my password was changed, was unable to login. So I reset my password via mail. Within two weeks my account get locked for security reason.


Finally I took step to get back my account in May this year. And recovered it on 5th June.
I'm not the alone victim of the hacker. The hacker just used my sMerit and send it to someone in this reply
I think that user is also a victim of the hacker. There are few more user in the list.

• Danglen1010
• ChardsElican28
• bgpsq
• peter0425

Maybe there are more victim of this. First three people are banned now. The 4th user peter0425 has recovered his account and created a topic about the hacked issue. Check it here.

Hacker just used sMerit from these account during that time and sent one to another. If you notice those user security log at bpip.org you can realize it.

Check this topic to realize the importance of account password & how to secure it.
Prevent your bitcointalk account from hacker- prevention is better then cure.

As a newbie all should stay aware of this matter. For your account safety don't use the same password at other sites. Every website isn't going to be legit what you will see in this forum. Stay aware of phishing sites.[/list]

Exactly. I have learned my lesson the hard way when I use the same password of my email with other third party platforms (which I registered the same email over and over again). Since I am so worried about my accounts getting hacked anytime without warning, I make sure that my passwords are very hard. I create long passwords mixed with special characters or so (but not using the same hard long password to other platforms).

In case I forgot my password in my email, social media accounts (or even here on Bitcointalk), I put them on a notebook and write them down for me to remember. I also back them up in my USB drive through Notepad.

[Bitcoinislife09]

I've also done the same mistake but instead using my mobile number and adding my birthday which i thought a good and secured idea but it got hacked, so don't put shared personal information in your password and add a backup email. I suggest to use different email, I'm currently using different email on different social accounts so it will be more secured, when one account got hacked the others will be safe.

When it comes to phishing websites it might be every log-in is just recorded to just get every information possible to use it in a lot of possible websites. I think the phishing websites are just targeting your email because your account is connected to your email. Getting the email is just what they needed to reset your accounts or to know the websites that you are connected because everything is emailing your mail. For me having different emails in different social media account is a good thing because you could easily organized your emails. But it could be confusing because you have a lot of emails. Maybe a personal email and a business email is enough you could just put a lot of protection to your one email If you only have one and it is easy to manage.

[Mahdirakib]

Bumping this topic, because

the best lessons we learn only when we make our mistakes.

And when we watch other people's mistakes

[Mpamaegbu]

Some simple steps can save us from lot of phishing like

Your numbers 1–5 as enumerated in your post are apt. Though I think item 4 will be a lot more difficult to avoid since a lot of sites will need app downloads from Google playstore or apple. However, the catch there is to make sure one is certain that the site in question has an app to be downloaded before heading to a third party for it. As for those using simple passwords, it's advisable not to. I guess a lot of people use simple password so they can easily recall it off by heart instead of writing it down on paper. That's not good to want to remember it that way. We should know that the mind is sometimes subject to forgetfulness. Write out the passwords, and since one is writing it out it will be nice to make it a strong and difficult one. There's no harm in doing that.