|
posi
|
 |
April 09, 2021, 03:04:26 PM |
|
As Welsh said, only Theymos can provide honest to the OP question but from my own presumption changing of account password every year shouldn't be a problem if done in the right way.
With that been said, according to what I have learnt ever since I have been browsing online is that to prevent vulnerability and for security purpose, it's nice to change ones account password at least every 6months.
|
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
mk4
Legendary
 Offline
Activity: 2758
Merit: 3830
Paldo.io 🤖
|
|
April 09, 2021, 03:11:34 PM |
|
*psst. Current-dashlane user here! Heard a wee bit on Bitwarden, is it better than Dashlane do you reckon oui matêë? *
*psst. Aye m8, g'day. Based on my past research, Dashlane has been bloody reputable from what I remember.*Unfortunately I can't recommend nor not-recommend it because I haven't tried it personally, but it seems pretty good. I'm just more of a fan of open-source. How do you mean 'if they blow up'?
I'm guessing something broke or something when he/she was in the process of configuring his/her account. |
|
|
|
RickDeckard
Legendary
Offline
Activity: 1008
Merit: 3007
|
|
April 09, 2021, 06:01:53 PM |
|
*psst. Current-dashlane user here! Heard a wee bit on Bitwarden, is it better than Dashlane do you reckon oui matêë? *
*psst. Aye m8, g'day. Based on my past research, Dashlane has been bloody reputable from what I remember.**psst *psst *psst From all the password managers out there, I would only be able to recommend bitwarden because it's the only one that provides you with an option to self-host[1] your client. This means that you're not storing your encrypted passwords somewhere in the cloud (or bitwarden servers) but you're actually hosting that same environment but in a much more closer entity (your machine). As a side note, you'll find in here - https://www.privacytools.io/ - a great list of apps and addons that you can use to increase your privacy in almost every spectrum of a computer use (programs, OS, Internet ...).
[1] https://bitwarden.com/help/article/install-on-premise/ |
|
|
|
pugman
Legendary
Offline
Activity: 2383
Merit: 1551
dogs are cute.
|
|
April 09, 2021, 11:57:24 PM |
|
For the last couple weeks, I'm actually in the process of consolidating all my passwords from Lockwise, GPG files and iCloud to LastPass. And I can tell you that migrating from one password manager to another is a very laborious process when you have hundreds of passwords. Makes me shy away from self-hosted password managers which can screw me over if they blow up (which Bitwarden actually did to me, I never even got it past the install stage).
Okay what the hell? How- what? huh? explain sir. *psst. Aye m8, g'day. Based on my past research, Dashlane has been bloody reputable from what I remember.*
Unfortunately I can't recommend nor not-recommend it because I haven't tried it personally, but it seems pretty good. I'm just more of a fan of open-source.
*psst. [whispering slowily] I...love dashlane but-- they are switching to an entirely browser-based platform which I am not sure if I like.*psst *psst *psst From all the password managers out there, I would only be able to recommend bitwarden because it's the only one that provides you with an option to self-host[1] your client. This means that you're not storing your encrypted passwords somewhere in the cloud (or bitwarden servers) but you're actually hosting that same environment but in a much more closer entity (your machine). As a side note, you'll find in here - https://www.privacytools.io/ - a great list of apps and addons that you can use to increase your privacy in almost every spectrum of a computer use (programs, OS, Internet ...).
[1] https://bitwarden.com/help/article/install-on-premise/Okay in all seriousness, I like the idea behind bitwarden, and I want to use it, but the reviews on it thus far are shaky. ssss. And I don't know if I trust windows to keep my files safe. Heckin hell this is. |
|
|
|
Igebotz
Staff
Legendary
Offline
Activity: 1386
Merit: 1653
The Naija & BSFL Sherrif 📛
|
|
April 10, 2021, 01:27:23 PM |
|
This. But far more importantly — don't re-use passwords on multiple websites, and make sure your password is long (probably 40 characters or more) and complex enough for it to be difficult to bruteforce.
This is risky I've never seen any site recommend you set your password to 40 letters and above this is something very strange. How do you manage to use such long password and still remember them? Password should be within 8 letters. I don't fancy or trust any third party when it comes to my password, what if there is data breach? You are likely going to lose everything. |
|
|
|
mk4
Legendary
Offline
Activity: 2758
Merit: 3830
Paldo.io 🤖
|
|
April 10, 2021, 02:13:38 PM |
|
This is risky I've never seen any site recommend you set your password to 40 letters and above this is something very strange. How do you manage to use such long password and still remember them? Password should be within 8 letters.
Jeebus that's probably the worst advice I've read concerning account security in my whole life. Probably worse than saving passwords on a .txt file. There's a reason why a lot of sites don't allow password as short as 8 characters anymore, as it's easy as hell to bruteforce if you have a good-enough hardware. I don't fancy or trust any third party when it comes to my password, what if there is data breach? You are likely going to lose everything.
Password manager data being encrypted aside, you don't need to trust them if you don't want to. Hence why I also mentioned self-hosting in one of my previous replies in this thread. |
|
|
|
Timelord2067
Legendary
Offline
Activity: 3668
Merit: 2217
💲🏎️💨🚓
|
 |
April 10, 2021, 02:53:27 PM |
|
They've got these things called "pen and paper", perhaps you've heard of them? They can be securely stored off line and need little, or no maintenance and work in an off-line environment without the need even for an external power source (not to mention they can be stored "air gaped" one on top of another without information loss or data transfer). Hackers have to physically come into contact with the "pen and paper" risking exposure to virus and toxins that my have been planted on the relevant surfaces with the added layer of security they have to be able to discern the location of you, then the location of the "pen and paper" which may or may not be in the same physical location as yourself.  |
|
|
|
|
ChuckBuck
|
|
April 10, 2021, 03:12:51 PM |
|
I wonder if changing password is needed when we can stake address in this forum? Most people stake their address on this forum to be safe even if their account is stolen. While it may take a few to get your account back, but surely no one can steal it unless you no longer own the address. Furthermore, is this forum account really easy to be stolen? In most cases, the hacked accounts are usually accounts that have been inactive for a long time. I haven't changed my password for a long time, nothing happened, maybe I am lucky?
|
|
|
|
skarais (OP)
Legendary
Offline
Activity: 2478
Merit: 2096
|
|
April 10, 2021, 04:04:34 PM |
|
OK, I am grateful to anyone who has answered my question and I will probably not quote you one by one.
I got the answer here and maybe I will put it into practice in the future if I am paranoid enough about the security of my account. So far, I haven't had any issues with the password I use. I'm sure it's a pretty strong password with a good combination.
As we can see theymos change the password every year (last 3 years) and I believe it is a good practice for someone like him even though it is highly unlikely that his account will be hacked and controlled by someone else for a long time. But I believe we don't need to change our email and password if it's not in urgent situation like hacking attempt and emails are full of spam message and phishing attempt.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2758
Merit: 7132
|
|
April 11, 2021, 06:56:32 AM |
|
I haven't changed my password for a long time, nothing happened, maybe I am lucky? Accounts don't get stolen that easy. Unless your device isn't vulnerable, you aren't using an easy to guess/bruteforce password, and there isn't a recent database breach, you will be fine. And unless you used the same password on another site that got leeked of course. I like how they do it at my current job. Every 3 months we are required to change the password to log in to the main platform. And they have a system in place similar to Skype's. You can't reuse an old password. It has to be a new and unique password. Maybe this is also a possible attack vector because it means that a server somewhere compares the entries (hashes) you make with the ones you used in the past. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
lovesmayfamilis
Legendary
Offline
Activity: 2086
Merit: 4284
✿♥‿♥✿
|
|
April 11, 2021, 07:32:31 AM |
|
I once created a similar theme. I was surprised by a user who so diligently changes his password from the forum every day. https://bitcointalk.org/index.php?topic=5308307.msg56064303#msg56064303Likewise, I think that if we do not use someone else's Internet, we have one device for an account, and we use the security system correctly, we should not be too paranoid about changing the password. It is important to keep copies of passwords, because, with frequent changes on one device, the user often forgets to save the new password, thereby creating problems for himself. Let's not talk about the complexity of passwords here, 8 characters is of course "hard" https://howsecureismypassword.net/And also a post as a reminder of how a hacker can get our passwords. https://www.quora.com/How-does-a-hacker-grab-a-persons-passwordAnd the dangers of stealing cookies https://securityintelligence.com/articles/guide-to-cookie-hijacking/ |
|
|
|
|
ChuckBuck
|
|
April 11, 2021, 07:49:31 AM |
|
Accounts don't get stolen that easy. Unless your device isn't vulnerable, you aren't using an easy to guess/bruteforce password, and there isn't a recent database breach, you will be fine. And unless you used the same password on another site that got leeked of course.
Oh shit  I often have a habit of using the same password for many different accounts, recently, Google announced that I have been exposed to 55 identical passwords I like how they do it at my current job. Every 3 months we are required to change the password to log in to the main platform. And they have a system in place similar to Skype's. You can't reuse an old password. It has to be a new and unique password. Maybe this is also a possible attack vector because it means that a server somewhere compares the entries (hashes) you make with the ones you used in the past.
It is difficult to change passwords frequently, changing frequently will lead to forgetting of passwords, especially passwords that cannot be the same as old passwords. Seems safe but sometimes also dangerous if you forget your password and then lose other relevant security information to recover password |
|
|
|
RickDeckard
Legendary
Offline
Activity: 1008
Merit: 3007
|
|
April 11, 2021, 12:05:31 PM |
|
*triple psst to you, ouuu.
Okay in all seriousness, I like the idea behind bitwarden, and I want to use it, but the reviews on it thus far are shaky. ssss. And I don't know if I trust windows to keep my files safe. Heckin hell this is.
I can't deal with a triple psst, you won! Regarding bitwarden, if you're still unsure if bitwarden is stable to use as self-host then I see that the only option would be a tool similar to KeePassXC but in this solution you keep your database encrypted on your PC... If you don't trust Windows to keep your files safe I don't really think you'll ever find a password manager that fills all the boxes in terms of requirements ... What about setting up bitwarden in a Linux environment? You could host it in a VM/Docker and then use the desktop version in Windows to connect to your server... This guide sums up all the important steps : https://golb.hplar.ch/2018/12/self-host-bitwarden.html . I do believe that even if the program does crash you should always have a backup of your encrypted database to prevent any loss in your passwords... After all we for sure want to continue watching a pug appear from time to time here in bitcointalk |
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3262
Merit: 4110
|
|
April 11, 2021, 02:44:00 PM |
|
Basically, if you have a strong password in the first place, and you use different passwords in different places that significantly reduces the chance of database leaks compromising you. The only issue then is if Bitcointalk was compromised, but at least the passwords are hashed, and if you have a strong password to begin with its unlikely that anyone will be able to crack it before you become aware that the site was compromised. So, generally if you follow these guidelines, you don't really need to change your passwords all that often, if at all depending on your own personal security protocols.
There are times which you might make a mistake, and aren't completely convinced that your data wasn't compromised, especially when traveling, or using insecure devices. I've definitely had these moments in the past.
However, I do recommend users do a security review from time to time even if you believe everything is fine.
|
|
|
|
|
|
