Go Back  PPRuNe Forums > PPRuNe Social > Jet Blast
Reload this Page >

Threatening emails with our passwords displayed

Jet Blast Topics that don't fit the other forums. Rules of Engagement apply.

Threatening emails with our passwords displayed

Old 30th Jul 2018, 00:25
  #21 (permalink)  
 
Join Date: Mar 2002
Location: Florida
Posts: 5,076
I sneakily let my password out for PPRuNe so I can claim it wan't me that posted a stoopid post after a night on the bottle
lomapaseo is offline  
Old 30th Jul 2018, 07:43
  #22 (permalink)  
I don't own this space under my name. I should have leased it while I still could
 
Join Date: Dec 2002
Location: Lincolnshire
Age: 76
Posts: 16,569
One password problem is the sheer number of commercial sites that insist you create and account an protect it with a password often just for a one-off transaction. They also insist on the caps, lower case, number, 6 characters etc. How many people use Qwerty123456?

I would rate BBC and ITV as bad too especially when you need to keep 're-entering passwords.

Would the sky fall in if your Pprun password was hacked?

Last edited by Pontius Navigator; 30th Jul 2018 at 08:26.
Pontius Navigator is offline  
Old 30th Jul 2018, 08:00
  #23 (permalink)  
 
Join Date: Nov 2003
Location: Surrey
Posts: 155
The ones that get my goat are those that insist on a ‘memorable word’. I may not contact them for another 5 years: they ask for my ‘memorable word’. I haven’t the faintest idea: I don’t know what I was thinking of 5 years ago, I can’t even remember what I had for lunch yesterday. Why not ask me for my mother’s maiden name: or one of my 2 grandmothers maiden name? But they won’t......
Angry of Wimbledon
gruntie is offline  
Old 30th Jul 2018, 08:03
  #24 (permalink)  
Resident insomniac
 
Join Date: Aug 2005
Location: N54 58 34 W02 01 21
Age: 75
Posts: 1,859
Then there are those sites that won't allow a previously-used password to be re-used.
G-CPTN is offline  
Old 30th Jul 2018, 08:16
  #25 (permalink)  
 
Join Date: May 2006
Location: Dublin
Posts: 721
From The Irish Times;

https://www.irishtimes.com/life-and-...ejit-1.3571295

Seems the passwords may have been obtained via a LinkedIn breach some time back.

As ever, the advice is change your passwords regularly and use a different password for each site. A root and branch option can work if you belive you can't handle lots of passwords; pick a word or phrase you will remember (the longer the better) that you will use for all your sites, then either prepend and append a unique identifer for each site (again one that you can easilly remember) to this and throw in a special character (+=-?/&%) at the end for good measure.

eg,

A root pass phrass of
MyPasswordIs75%Pants

Then for PPRuNe
Prn-MyPasswordIs75%Pants!
Facebook
Fcb-MyPasswordIs75%Pants!


JAS
Just a spotter is offline  
Old 30th Jul 2018, 09:49
  #26 (permalink)  
 
Join Date: May 2009
Location: Search me - I only just got out of bed ....
Age: 74
Posts: 456
As ever, the advice is change your passwords regularly and use a different password for each site.
It's good advice, but when you start to move into the 50+ age bracket (or 70+ as I have) and have somewhere around 40+ assorted passwords or PINs to recall on demand, it becomes very difficult (in my experience impossible) to comply.

FOR
FullOppositeRudder is offline  
Old 30th Jul 2018, 10:23
  #27 (permalink)  
Resident insomniac
 
Join Date: Aug 2005
Location: N54 58 34 W02 01 21
Age: 75
Posts: 1,859
Originally Posted by FullOppositeRudder View Post
It's good advice, but when you start to move into the 70+ age bracket and have somewhere around 40+ assorted passwords or PINs to recall on demand, it becomes very difficult (in my experience impossible) to comply.
Same here.

The above advice regarding a 'core' password with prefixes according to particular applications seems sensible - then you have to change one, so you have to remember which version until you have changed all.
G-CPTN is offline  
Old 30th Jul 2018, 11:46
  #28 (permalink)  
 
Join Date: Jul 2007
Location: Australia
Posts: 148
Too many passwords so I use an app on my phone which stores them all. I have always wondered how secure it is?
Bull at a Gate is online now  
Old 30th Jul 2018, 12:30
  #29 (permalink)  
 
Join Date: Oct 2017
Location: UK
Posts: 3,350
Probably not.

All I do is write them on a piece of paper which I keep in the study.

Seemples
dook is offline  
Old 30th Jul 2018, 12:39
  #30 (permalink)  
 
Join Date: Aug 2008
Location: Liverpool
Age: 44
Posts: 468
Firstly, it's a scam - ignore it and delete it. They have an old password from your email account due to some serious hacking which took place a few years ago. They will not have been able to access your account or address book - if they had, they would show you sample recipient details. You will likely have already changed your email address password as the companies involved wrote to their subscribers. To check where your account details came from, look here: https://haveibeenpwned.com/

Never use the same password for different sites. While megacompanies like Yahoo, Google etc encrypt everything and have standards to ensure employees can't access passwords, small shopping or similar companies normally don't. They also have poorer security and can be hacked. As soon as your email and password are leaked, they'll try to access your email accounts hoping the password will be the same.
clareprop is offline  
Old 30th Jul 2018, 14:12
  #31 (permalink)  
 
Join Date: Mar 2004
Location: Baltimore, MD
Posts: 233
Originally Posted by belfrybat View Post
Any responsible website stores passwords as hashes (i.e. encrypted). So the perps must have got them off some site that stored them as clear-text. If they're that incompetent it's no wonder they got hacked.
While storing passwords encrypted is a good idea, I don't think I've ever seen a case where encrypted passwords foiled the attacker. Usually if they can read where the passwords are stored they're in the system too far already. At that point they just put in something to intercept the passwords and that's that. Or they just get the encrypted password and run it through a cracker.

I have seen serious problems arise when someone used the same password all over. At that point it's the weakest link that fails.
FakePilot is offline  
Old 30th Jul 2018, 14:51
  #32 (permalink)  
I don't own this space under my name. I should have leased it while I still could
 
Join Date: Dec 2002
Location: Lincolnshire
Age: 76
Posts: 16,569
Originally Posted by Bull at a Gate View Post
Too many passwords so I use an app on my phone which stores them all. I have always wondered how secure it is?
There are two problems with that approach. The first is whether the App itself is secure. The second is whether the phone itself is secure.

On the first a password vault that encrypts passwords, credit card numbers and PINs and is itself encrypted is secure, if you trust the App vendor. If the phone itself is secure then you are OK if it is lost, except you are then screwed unless you have a backup.

I use a password generator. This is different as it simply generates good passwords that are stored locally behind a password but, in the words of the author, is not absolutely clear. I can print off the password list and in the event my computer crashes or is stolen I can recover and then change passwords.
​​​
Pontius Navigator is offline  
Old 30th Jul 2018, 14:52
  #33 (permalink)  
 
Join Date: Feb 2005
Location: UK
Age: 81
Posts: 696
Originally Posted by Bull at a Gate View Post
Too many passwords so I use an app on my phone which stores them all. I have always wondered how secure it is?
I am a great fan of Dashlane and trust it.
FF
funfly is offline  
Old 30th Jul 2018, 16:40
  #34 (permalink)  
 
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,415
Originally Posted by dook View Post
All I do is write them on a piece of paper which I keep in the study.
Yup. Of course you do have to read the small print and refrain from signing up to services where it's in the Ts&Cs that you don't write it down, but so far that's only been things like credit cards for which I don't need online access to the account for anything anyway. And there are other reasons for refusing to sign up to "verified by Visa".
Gertrude the Wombat is offline  
Old 30th Jul 2018, 16:48
  #35 (permalink)  
Resident insomniac
 
Join Date: Aug 2005
Location: N54 58 34 W02 01 21
Age: 75
Posts: 1,859
It has been suggested that the password leak might have been from Linkedin.
I am currently receiving spam from 'Linkedin' offering to reveal those companies that have recently searched Linkedin for my details - even though I am not signed-up to Linkedin.
If anyone has responded to this (phishing) scam, then they might have opened the door for further 'abuse'.
G-CPTN is offline  
Old 30th Jul 2018, 17:35
  #36 (permalink)  
 
Join Date: Jan 2003
Location: Southampton
Posts: 660
With regard to the phone, there are an awful lot of people who don't know that you should have anti-virus installed on it too.
Saintsman is offline  
Old 30th Jul 2018, 17:36
  #37 (permalink)  
 
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,415
Originally Posted by Saintsman View Post
With regard to the phone, there are an awful lot of people who don't know that you should have anti-virus installed on it too.
I don't think anti-virus is available for my phone.
Gertrude the Wombat is offline  
Old 30th Jul 2018, 17:50
  #38 (permalink)  
Gnome de PPRuNe
 
Join Date: Jan 2002
Location: Too close to Croydon for comfort
Age: 55
Posts: 5,631
Originally Posted by Gertrude the Wombat View Post
I don't think anti-virus is available for my phone.
Just give it a wipe over with some dettol now and then...
treadigraph is offline  
Old 30th Jul 2018, 18:43
  #39 (permalink)  
 
Join Date: Nov 2002
Location: Tapping the Decca, wondering why it's not working.
Age: 70
Posts: 150
Originally Posted by racedo View Post
How ? as some us may like to do it
A piece of tape works for me. As a bonus it still works even after an OS upgrade (eg this m/c yesterday) and it's obvious how to re-enable it.

'a
aerobelly is offline  
Old 30th Jul 2018, 23:09
  #40 (permalink)  
 
Join Date: Nov 2008
Location: Darkest Surrey
Posts: 5,800
Originally Posted by lomapaseo View Post
I sneakily let my password out for PPRuNe so I can claim it wan't me that posted a stoopid post after a night on the bottle
Er Which post was it as couldn't tell
racedo is offline  

Thread Tools
Search this Thread

Contact Us Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.