Posted on 06/09/2021 6:47:55 AM PDT by ken in texas
Mine long gone, I’m afraid...................
No-one can figure that one out. It’s too easy.
hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text
Correct best-practice is not to store the password at all, but to store a "salted hash" of the password. That's why a correctly designed site will let you update your password, but can't tell you what your current password is -- they don't have it.
If you have to store a password -- you shouldn't, but if you did -- then it needs to be stored encrypted. Ditto for high-security data like SSNs, etc.
If there's a 99% cause of hacking, it's people running stuff they get as email attachments. For awhile, M$ Outlook even ran such stuff automatically! Talk about a security hole!
For years I had “qwerty” but I realized that that was too easy.
I better break out my BeOS cd.
I did not know your name was John Podesta!
😉
We had trouble getting into the Vanguard site this morning.
We have one computer strictly for all things financial — investments, banking, ordering, etc., and we don’t even access email on that computer. (We’d heard that many compromises and hacks are via email.) The PC where we web surf and get email never sees a credit card number or financial info.
All of the scheduled reports run under my userID. When my Oracle password expires, I discover it because all the reports stop working. There is no warning. I finally found “select * from USER_USERS;” which gives the expiration date
I assure you - NO hacker in the world will EVER get my Facebook password!
Great password but some places now require a non-alphabetic character or a number. I use p@ssword. It’s basically uncrackable.
I am changing some today.
Unfortunately is is unclear which sites using those accounts are compromised (but I have my guesses based on which were and which were not).
ebay, facebook, et al should be required to make a public statement when their users’ data is compromised in a such a manner.
Same with the credit card companies and banks
I’ve been think of doing just that for some time now. I’m going to order a small Chromebook today.
One caveat, I won’t use it for online ordering. I’ve had a credit card hacked twice that way. No money lost of course, but a PIA nevertheless.
“If there’s a 99% cause of hacking, it’s people running stuff they get as email attachments.”
Maybe so. I’m not an expert. You’d think it would be possible at the administrative level to prohibit running any non-authorized program. I know that would be an inconvenience.
“I would get no work done if I had to wait for a second person to sign in for everything I did.”
There’s a serious problem with bad guys gaining access to passwords so we need some sort of solution, or are we going to leave our giant systems vulnerable to hackers?
Obviously there’s not an easy solution that won’t be inconvenient or crippling to the way things are now done.
It looks like my email addresses and those of my wife are not in this compromise.
I completely agree with that. Instead, they prefer to keep it quiet.
Ouch. One nice feature of my credit card is the ability to generate a virtual number that can be used one-time. I use that when ordering something online, particularly with a vendor I've never dealt with before.
2-factor authentication... you login... they text your cell phone a temporary key that’s good for like 10 minutes... you complete the login. Practically mandatory for online banking these days.
You must be joking right? A GOOGLE Chromebook? Google, the most data hungry company in the world. That google? LOL
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.