Facebook puts my account on ice

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Specop 007

Specop 007

Diamond Member
Jan 31, 2005
9,454
0
0
This is why I used a tiered password structure. I use a pretty simple password for forums and games, an average password for social networking and such and a good password for anything involving online transactions (Amazon, bank account etc).
 
Muse

Muse

Lifer
Jul 11, 2001
41,001
10,270
136
flvinny521 said:
I use LastPass.
Click to expand...

I did a search on free password apps a couple days ago and at first blush LastPass looked like a probable best one. Got highest ratings and I took a brief look at it. I may go to it real real real soon. No rumblings yet, but I figure my PW is out there somehow and the low lifes that would dick with my password are apt to leak it to other low lifes and who knows what could happen. None of my mission critical sites use the stolen password, but I don't want things to get further out of hand. o_O
 
F

flvinny521

Member
Jul 29, 2011
111
0
0
Up until relatively recently, I was a huge offender of password security. I was using one password for everything: email, bank/financial sites, forums, even MMORPGs. I got smart about 8-10 months ago and it has been a long process going to every site I've registered for and changing the password.
 
SP33Demon

SP33Demon

Lifer
Jun 22, 2001
27,928
143
106
password_strength.png
 
DrPizza

DrPizza

Administrator Elite Member Goat Whisperer
Mar 5, 2001
49,601
167
111
www.slatebrookfarm.com
DO NOT USE THE SAME PASSWORD IN MULTIPLE PLACES!!

Once your password is compromised in one place, people can attempt to use it all over the place. I'll keep it simple. On a lot of websites, the administrators have access to your password. Now, imagine that there's an evil administrator, or that one of the sites you go to was hacked. And, there are also websites out there that specialize in linking your real name to your online aliases. You've been here since 2001; I think that the majority of members who have been here that long can be tracked down to an address and real name.

Now, having your password, let's say here, I can *automatically* attempt your name here (Muse), or your real name all over the internet - 1000's upon 1000's of sites looking for other accounts, etc. That's why it's a really big deal when someone hacks some corporate website and obtains a list of users and their passwords. It's not because the hackers are going to do more at that website - it's because the hackers are going to scour sites like bank of america to see if you have an account with you name and the same password.

One thing you can do is use *almost* the same password everywhere.
facebook's password would be gpassword
yahoo's password would be zpassword
gmail's password would be hpassword
anandech's password would be bpassword

Can you spot what I did? I took the first letter of each site and went up one letter sequentially and tacked it on to the beginning of password. If someone got your gmail password of hpassword, they're going to hope that hpassword works for accounts in your name elsewhere.
 
Newbian

Newbian

Lifer
Aug 24, 2008
24,779
882
126
DrPizza said:
One thing you can do is use *almost* the same password everywhere.
facebook's password would be gpassword
yahoo's password would be zpassword
gmail's password would be hpassword
anandech's password would be bpassword
Click to expand...

*Rushes off to use Pizza's passwords*
 
Evadman

Evadman

Administrator Emeritus<br>Elite Member
Feb 18, 2001
30,990
5
81
DrPizza said:
One thing you can do is use *almost* the same password everywhere.
facebook's password would be gpassword
yahoo's password would be zpassword
gmail's password would be hpassword
anandech's password would be bpassword
Click to expand...

Newbian said:
*Rushes off to use Pizza's passwords*
Click to expand...

You would have to know what DrPizza's base password is first. So if you were, say, an administrator on one of those sites and could pull it, then you are golden.
 
Ichinisan

Ichinisan

Lifer
Oct 9, 2002
28,298
1,235
136
DrPizza said:
DO NOT USE THE SAME PASSWORD IN MULTIPLE PLACES!!

Once your password is compromised in one place, people can attempt to use it all over the place. I'll keep it simple. On a lot of websites, the administrators have access to your password. Now, imagine that there's an evil administrator, or that one of the sites you go to was hacked. And, there are also websites out there that specialize in linking your real name to your online aliases. You've been here since 2001; I think that the majority of members who have been here that long can be tracked down to an address and real name.

Now, having your password, let's say here, I can *automatically* attempt your name here (Muse), or your real name all over the internet - 1000's upon 1000's of sites looking for other accounts, etc. That's why it's a really big deal when someone hacks some corporate website and obtains a list of users and their passwords. It's not because the hackers are going to do more at that website - it's because the hackers are going to scour sites like bank of america to see if you have an account with you name and the same password.

One thing you can do is use *almost* the same password everywhere.
facebook's password would be gpassword
yahoo's password would be zpassword
gmail's password would be hpassword
anandech's password would be bpassword

Can you spot what I did? I took the first letter of each site and went up one letter sequentially and tacked it on to the beginning of password. If someone got your gmail password of hpassword, they're going to hope that hpassword works for accounts in your name elsewhere.
Click to expand...

I do something like that, but I even obfuscate the fact that there's a prefix and a suffix.

I pick two letters related to the site that I'm accessing, swap the order of those letters, then tack one on the beginning of my usual password and the other goes on the end. Because the regular password looks like gibberish, it would be very hard for someone with one of my passwords to figure out that there's a context-sensitive prefix and suffix.

Now I need to figure out how to disassociate this post with my online identity. :hmm:
 
irishScott

irishScott

Lifer
Oct 10, 2006
21,562
3
0
Specop 007 said:
This is why I used a tiered password structure. I use a pretty simple password for forums and games, an average password for social networking and such and a good password for anything involving online transactions (Amazon, bank account etc).
Click to expand...

This. The password just to access my personal documents is well over 25 characters including upper case, lower case, numbers and symbols. I almost wish someone would steal my hard-drive, would produce years of lulz while I went and got my off-site backups. :)
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom