Bitcoin Forum
November 09, 2024, 04:21:06 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Better protect yourself from having your account/accounts compromised  (Read 1776 times)
pekv2 (OP)
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 10, 2012, 04:22:31 AM
Last edit: July 15, 2012, 03:39:16 AM by pekv2
 #1

I am making this thread for ones to protect themselves from being compromised. You may add this to your sig to spread the knowledge for ones to protect themselves from being compromised.

============================================================================================

Note: A) Lastpass is freeware, but for some stuff you can pay, but the general use of lastpass is freeware.
Note: B) Keepass is freeware.
Note: C) Password Safe is freeware & opensource. (Courtesy of traderjoe)

A) https://lastpass.com/
B) http://keepass.info/
C) http://passwordsafe.sourceforge.net/

============================================================================================

Create an account with lastpass, use a strong master password. Don't ever forget your master password, as you are the only one that has it.

You may download Lastpass as an Application or as a browser addon for, Firefox, Chrome, IE, etc.

Lastpass application. Download, install, input email that you used to register with lastpass and the master password you created. Get familiar with the program.

Lastpass addons. Install the Lastpass addon that is appropriate for your browser. Once done, you see a Lastpass icon somewhere in one of your toolbars of your browser, input the email you used to register with Lastpass, into the Email section of the login area then following by your master password that you created.


============================================================================================

Keepass, is all saved encrypted with one master password on your pc. No cloud servers or nothing. If you use keepass, backup your file in a truecrypt container file on a cloud server like dropbox or as wuala encrypts data on your pc before it gets sent to wuala servers.

Here is a How-to for Keepass. http://keepass.info/help/base/firststeps.html

============================================================================================

Quote

(Courtesy of traderjoe) About Password Safe & Yubikey(s)

Something kind of cool about Password Safe is:  you can lock it with OTP using Yubikey(s), instructions on the yubikey website.  The web page says its two factor authentication but I haven't had a chance to test that it can be configured to actually require both the Yubikey OTP and a static password.


============================================================================================

I recommend to use a strong Master Password and never use the same password for 2 or more accounts. Never give out your master password. Never use words from a dictionary.

Lastpass encrypts all your data on your pc or mobile device before lastpast sends off it off to their servers and you only hold the key "master password" to all your saved passwords, notes and etc. I find this addon - application the best imo.

Quote
(Courtesy of RandmomQ)
Do not use a Password Generator that is hosted Online unless it uses SSL this may be OK for a normal user.
Do not repeat chars IE "AAA" "BBB" "111"
Use a Special Char if allowed "!@#$%%$^^*&()"
Never use the same password twice
Change password regularly

============================================================================================

Quote
(Courtesy of RandomQ)

lastpass also supports google auth so you even if you master password is stolen via keylogger, they most likely won't  get all your passwords because google auth codes are only good for ~30 secs.
Lastpass Introduced Support for Google Authenticator for Mobile Devices

Quote
Courtesy of (John (johnthedong))

LastPass itself is worthless if you use only the Master Password as that's easily leaked.


Setting Up LastPass with Google Authenticator

Grid Multifactor Authentication

============================================================================================

Quote
Note: KeyScrambler is not freeware.
Note: Anti-Keylogger is trial-freeware and pay for.

KeyScrambler
Anti-Keylogger

Courtesy of (John (johnthedong))

Use an Anti-Keylogger like Keyscrambler.


============================================================================================

These are technique everyone should exercise.

============================================================================================

Here are a few examples why one should use these techniques.

https://bitcointalk.org/index.php?topic=92471.msg1020087#msg1020087
https://bitcointalk.org/index.php?topic=91701.msg1009976#msg1009976

============================================================================================

As always, comments and suggestions are always welcomed to better these techniques as I will do my best to fill them.

If you have enough character count in your signature please represent this in your signature.
It may be readjusted or reconfigured, if someone has a better/shorter title, post it up.
Code:
[url=https://bitcointalk.org/index.php?topic=92492.msg1020289#msg1020289][size=8pt]Techniques should be exercised in protecting your accounts[/size][/url]

============================================================================================
RandomQ
Hero Member
*****
Offline Offline

Activity: 826
Merit: 500



View Profile
July 10, 2012, 04:34:32 AM
 #2

lastpass also supports google auth so you even if you master password is stolen via keylogger, they most likely won't  get all your passwords because google auth codes are only good for ~30 secs.
pekv2 (OP)
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 10, 2012, 04:42:47 AM
 #3

lastpass also supports google auth so you even if you master password is stolen via keylogger, they most likely won't  get all your passwords because google auth codes are only good for ~30 secs.

Added to OP with source. Thanks!
pekv2 (OP)
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 14, 2012, 10:17:56 PM
 #4

Updated, OP.
RandomQ
Hero Member
*****
Offline Offline

Activity: 826
Merit: 500



View Profile
July 14, 2012, 11:39:02 PM
 #5

I think the process of password creation might have to go a few steps more let me give an example.

Lets say i want a secure password

Say I use the password "2JZ-GTE" this password would not be in a normal dictionary.
This password looks secure except for its small length.
But this password is a code word for a car engine.
I'm sure this password has been used 1000s of times on a bunch of websites.
When these website get cracked sometimes they get the list of passwords that are HASHED.
a Hash could look like this "fsdf897g89df7845sgdfgdFG"
They use this lists of Hashes to make better and better list of password users are using.

Anything that means anything to you, could mean sometime to someone else and could of be used by someone else as a password.

Do not use a Password Generator that is hosted Online unless it uses SSL this may be OK for a normal user.
Do not repeat chars IE "AAA" "BBB" "111"
Use a Special Char if allowed "!@#$%%$^^*&()"
Never use the same password twice
Change password regularly

I'm sure I missed something else
pekv2 (OP)
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 15, 2012, 03:38:31 AM
 #6

Updated.
pekv2 (OP)
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
July 15, 2012, 09:13:37 PM
 #7

Would anyone like to take over this work? It's for personal reasons that I cannot maintain it any longer atm.

If not, for this thread here, I will lock it and let it sink.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!