How easy is it to hack your online passwords?

[thai tech]

How easy is it to hack your online passwords?

If you think that safeguarding yourself from being hacked online is as easy as changing a few passwords and installing the latest anti virus software or app then you’re going to be in for a shock.

Anyone who uses a computer, smartphone or tablet connected to the internet is a potential target for hackers.

According to research carried out by internet security firm Symantec in 2013, 65% of all internet users worldwide have been a victim of cybercrime in one form or another.

The threat from being hacked is very real and if you’ve read the story about hacking victim Matt Homan, you’ll see how easily and quickly someone can hack your online passwords.

Read more: http://tech.thaivisa.com/easy-hack-online-passwords/

-- Tech News by Thaivisa 2014-12-03

[Chicog]

Something I've done for years is now apparently in vogue: Most of my accounts on things like TV or other boards in which I have an interest have a simple to remember, probably quite hackable if you spend time, password.

This is done on the basis that someone taking control of them can do little damage. That way I don't have to remember a massive swathe of complex passwords, or keep them stored anywhere.

I have probably half a dozen sites that could do me damage - banks, work accounts, etc., and each one of those has an extremely strong password, but because I only have to remember half a dozen I don't need to write them down and can remember them fairly easily.

But even strong passwords are now considered hackable, because so many people use exactly the same methods to secure them. Substituted "@" for "a", for example, adding on numbers at the end of a passphrase, and so on.

It's a grim old business.

The trick, if you can do it, is to use two-factor authentication wherever you can to protect important accounts .

We're actually looking at Biometrics at the moment, and I found the lovely device below that does face recognition with fingerprints. I commented at lunch how it would be hard to defeat this without chopping off someone's head and their hands, to which some wag replied "Well ISIS will be able to get then".

[MRYANG]

No matter how long password you use, there are 2 VERY dangerous password steals:

1. Hidden key-log trackers.

This is a small software in the computer, installed in the Internet-cafe, in your buddies notebook or something you have installed by mistake when you tried to download the latest XYZ magazine. The software basically sends ALL keyboard commands, and that's why anyone not using a GHOST / IMAGER on a regular basis will ALWAYS be exposed to an attack. If you log in using another computer you don't know about (Don't do it!) then use cut and paste or virtual keyboards during login.

2. Phishing Email pretending to be something else

This is VERY easy to fall for. A friend of yours sends a document and ask you to look at it. Clicking it goes to a login for google document, hotmail or whatever and you login... BUT... it's not google, it's not hotmail just a phishing site to get your login.

HEED the above mentioned and you will be a little more safe.

[ukrules]

Nobody's ever going to guess one of my secure passwords, not in this lifetime anyway.

The non secure ones could be broken by brute force in minutes or hours depending on what hardware they're using and the key derivation function / simple hash used.

[yankee99]

I use this https://howsecureismypassword.net

heres one of my results

"it would take a desktop PC about

2 quadrillion years

to crack your password"

[Tweet Result]

not sure how long quadrillion is but seems ill be ok in my life

[happynthailand]

it will take 344 thousand years to crack my thaivisa password

don't think i'll be around to see it hacked

ok just changed my thaivisa password, new one will take 63 million years to crack

I'll really don't think I'll see that one hacked

oh yea am using "random Password Generater" free program

Edited December 3, 2014 by happynthailand

[katana]

I use this https://howsecureismypassword.net

heres one of my results

"it would take a desktop PC about

2 quadrillion years

to crack your password"

[Tweet Result]

not sure how long quadrillion is but seems ill be ok in my life

So you revealed you password by typing it into some anonymous site....

[yankee99]

I use this https://howsecureismypassword.net

heres one of my results

"it would take a desktop PC about

2 quadrillion years

to crack your password"

[Tweet Result]

not sure how long quadrillion is but seems ill be ok in my life

So you revealed you password by typing it into some anonymous site....

The short answer "NO"

[NeverSure]

The article highly recommends a program called LastPass. The name comes from the idea that it's the last password you'll ever have to remember.

I use it and love it. The first time I enter a site after I have installed it, it asks me if I want it to remember the site. If I say yes, it picks up my user/pass, encrypts them and stores them. Then it asks me if I want it to auto-login which would be for sites I don't care about security. If I say no, then the next time I go to the site I have to do a couple of things to bring it up, and then enter that "last pass," and only then will my computer unencrypt the info and log me in.

I don't have a twitter or facebook or google account which uses my real name or information. I have dummy accounts only so I can read something on there once in a while. I don't put personal info on the internet on purpose.

After lastpass encrypts my passwords, it stores them in the cloud. Then if I get a new computer or absolutely have to use a different computer, I can install lastpass, enter my user/pass, and use it from anywhere. The only danger I have is that someone manages to unencrypt and then brute force my passwords. That's if they can find them. That's three steps and I don't think it can be done in my lifetime.

The other danger of course is if I stupidly enter my info into a dummy site. Always look at the address bar and look for https/ to be sure it's the real site. LastPass would know if its fake because it only works on the original exact url.

I can have as many complex passwords for as many sites and I want because I don't have to remember them.

Give it a try. It's free.

[ukrules]

The article highly recommends a program called LastPass. The name comes from the idea that it's the last password you'll ever have to remember.

I use it and love it. The first time I enter a site after I have installed it, it asks me if I want it to remember the site. If I say yes, it picks up my user/pass, encrypts them and stores them. Then it asks me if I want it to auto-login which would be for sites I don't care about security. If I say no, then the next time I go to the site I have to do a couple of things to bring it up, and then enter that "last pass," and only then will my computer unencrypt the info and log me in.

I don't have a twitter or facebook or google account which uses my real name or information. I have dummy accounts only so I can read something on there once in a while. I don't put personal info on the internet on purpose.

After lastpass encrypts my passwords, it stores them in the cloud. Then if I get a new computer or absolutely have to use a different computer, I can install lastpass, enter my user/pass, and use it from anywhere. The only danger I have is that someone manages to unencrypt and then brute force my passwords. That's if they can find them. That's three steps and I don't think it can be done in my lifetime.

The other danger of course is if I stupidly enter my info into a dummy site. Always look at the address bar and look for https/ to be sure it's the real site. LastPass would know if its fake because it only works on the original exact url.

I can have as many complex passwords for as many sites and I want because I don't have to remember them.

Give it a try. It's free.

You'd better hope nobody steals your lastpass username and password or you'll really be in trouble.

Unless of course you have a 2 factor login enabled.

[MRYANG]

What doesn't people understand - No matter the difficulty of guessing your password STEALING it is the way to go. There are NUMEROUS ways to do so with the two mentioned earlier is considered to be the most common and easiest. But there are many other ways to do so.

People must also understand the fundamental proportions of security - they have a 64 char string password for mail login but a swipe password on their phone - Go figure the difference.

Your question must rather be - IF you get unlocked from your X account, what danger would you be in? How does your contingency look like?

Please stop talking about how difficult your password is - it's already showing what u don't know.

[Pib]

Here's a link to a Aug 14 PC Mag review of various password managers. Link

Norton Identity Safe is another free password manager for Windows, Android or iOS....works good.

Edited December 4, 2014 by Pib

[jcisco]

Use lastpass.com supports 2FA and mobile devices, and is the subject of several papers investigatiing its strength.

I usually just generate 12to 32 character passwords automatically, they are just gibberish and 32 character passwords are just impossible but surprisingly few places allow such long passwords.

[jcisco]

What doesn't people understand - No matter the difficulty of guessing your password STEALING it is the way to go. There are NUMEROUS ways to do so with the two mentioned earlier is considered to be the most common and easiest. But there are many other ways to do so.

People must also understand the fundamental proportions of security - they have a 64 char string password for mail login but a swipe password on their phone - Go figure the difference.

Your question must rather be - IF you get unlocked from your X account, what danger would you be in? How does your contingency look like?

Please stop talking about how difficult your password is - it's already showing what u don't know.

And you aren't telling people best practices for protecting you account by say, Using. Unique passwords for the application or 2FA.

Setting up dedicated and layered account recovery email addresses and the like for places where those are needed.

The previous two, key loggers, lets see, software based keyloggers, whatever, couldn't care less, hardware based devices, tricky. Attachments via email, do not do it this 2014 and people are still exposed, just stupid.

[MRYANG]

What doesn't people understand - No matter the difficulty of guessing your password STEALING it is the way to go. There are NUMEROUS ways to do so with the two mentioned earlier is considered to be the most common and easiest. But there are many other ways to do so.

People must also understand the fundamental proportions of security - they have a 64 char string password for mail login but a swipe password on their phone - Go figure the difference.

Your question must rather be - IF you get unlocked from your X account, what danger would you be in? How does your contingency look like?

Please stop talking about how difficult your password is - it's already showing what u don't know.

And you aren't telling people best practices for protecting you account by say, Using. Unique passwords for the application or 2FA.

Setting up dedicated and layered account recovery email addresses and the like for places where those are needed.

The previous two, key loggers, lets see, software based keyloggers, whatever, couldn't care less, hardware based devices, tricky. Attachments via email, do not do it this 2014 and people are still exposed, just stupid.

I already mentioned the best practice for protecting an online account:

1. Continuous GHOSTING / IMAGING protocols

2. Virtual Keyboards when using other computers you don't control

3. Use proprietary environments - For example, u can have a separate computer with ENCRYPTED drive for all sensitive work or separate BOOT environment OR a sandbox OR emulator.

Now, for the rest of you, let's have a look at what you can do to protect yourself in a serious and fairly simple way.

A - Use unique phrase-based passwords. For example, your thaivisa-password could be "iNeedathaivisa2014!". Don't bother &%/()=)#" if you think they are hard to remember - LENGTH is the "key" for a difficult password, NOT the exact character. Albeit looking fairly simple 0123456thaivisa6543210 is difficult to brute force.

BUT! A difficult password is not the MOST important here, it is how your host saves your password on it's database server. If your site sends your passwords in clear text it's NOT good because they don't encrypt or use hashing for saving sensitive data. This means that a potential hacker could steal the complete password list and read your login data in PLAIN TEXT. 1 in 5 of ALL sites has this vulnerability. CHECK THIS FIRST!

AND! Let practicality and reasonability be your number 1 priority. Don't have a 64-char password for a website that hardly no one will ever care about. For example, I use a timestamp as login for the most insignificant sites I use.

B - Get to know the principle of how a URL works.

thaivisa.techsite.com/index.php?.... is NOT a safe site because the domain is "techsite" and the SUB-domain is thaivisa. If you click this link someone might already have stolen your login information.

www.thaivisa.name/index.php?.... is NOT a safe site because the top-domain is "name" and not "com" and your login information could already been stolen.

[lostinisaan]

I use this https://howsecureismypassword.net

heres one of my results

"it would take a desktop PC about

2 quadrillion years

to crack your password"

[Tweet Result]

not sure how long quadrillion is but seems ill be ok in my life

Quadrillion may mean either of the two numbers (see long and short scales for more detail):

• 1,000,000,000,000,000 (one thousand million million; 10¹⁵; SI prefix peta-) in English speaking countries
• 1,000,000,000,000,000,000,000,000 (one million million million million; 10²⁴; SI prefix: yotta-) for all long scale countries

I think its much easier when somebody has got access to your machine. There're plenty of " password finders" available.

It's so easy to find " strong passwords" for any office files, so I assume that there're always ways around.