1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
On 1/16/2012 09:22 PM, Dale wrote: |
5 |
> Howdy, |
6 |
> |
7 |
> It was on the news that some company got hacked into that was |
8 |
> related to Amazon. They said Amazon users should change their |
9 |
> password just as a precaution. I have a questions tho. I use some |
10 |
> pretty good passwords for the things that matter, sites such as my |
11 |
> bank, credit card, ebay, paypal, newegg and others that may store |
12 |
> things such as my credit card numbers. Here is a example but not a |
13 |
> close match to a typical password: |
14 |
> |
15 |
<snip> |
16 |
> My question. If I have a really good password and someone gets |
17 |
> hacked, should I change the password if the passwords are still |
18 |
> safe? In other words, they got some data such as email addys but the |
19 |
> passwords and credit cards are still secure. Should a person change |
20 |
> it anyway? |
21 |
> |
22 |
> One reason I ask this. I remember my passwords well. If I go to |
23 |
> changing them every time someone gets hacked, I'll never be able to |
24 |
> keep up with them again. I use Lastpass to remember them but it |
25 |
> could stop working because of a upgrade or something. Then again, I |
26 |
> could use its autogenerate thing and just HOPE for the best on |
27 |
> upgrades. |
28 |
> |
29 |
> Thoughts? What do you guys, and our gal, do in situations like |
30 |
> this? |
31 |
> |
32 |
> Dale |
33 |
|
34 |
My idea on changing your passwords is that you should change your passwords |
35 |
every 6 months, at least since you can never know if someone has stolen the |
36 |
other site's user/password files (or your own). Even with password |
37 |
encryption/hashing, it is only a matter of time before an attacker will crack |
38 |
your password (even assuming a brute-force attack). Also, when you hear that a |
39 |
site you do personal business with, such as your bank, shopping sites, etc. has |
40 |
been hacked, it is a *very* good idea to change your password for that site, |
41 |
and related sites - for example, if you change your password for Amazon, you |
42 |
probably should change it for Paypal if you ever use it to pay for your purchases. |
43 |
|
44 |
It is a matter of protection (both the 6 month policy and the hacked site |
45 |
policy). It means that, even if a hacker got your username and (encrypted) |
46 |
password, and managed to brute force your password, it would not be able to be |
47 |
used to log in as you. Oh, and I do practice a policy that most advise against |
48 |
- I write down my passwords for sites, until I memorize them, and keep those |
49 |
papers safe. I do this because, if someone were to break into my home, all |
50 |
thoughts of computer security would go out the window. |
51 |
|
52 |
Chris |
53 |
-----BEGIN PGP SIGNATURE----- |
54 |
|
55 |
iEYEAREKAAYFAk8VEfEACgkQUx1jS/ORyCtIegCgjlAPcNMBTiA4fqKaFnT8bdf3 |
56 |
TpQAnj1hYst3EFNiIAoAHsfPG2LfXG0R |
57 |
=83kF |
58 |
-----END PGP SIGNATURE----- |
59 |
|
60 |
|
61 |
|
62 |
--- |
63 |
avast! Antivirus: Outbound message clean. |
64 |
Virus Database (VPS): 120116-1, 01/16/2012 |
65 |
Tested on: 1/17/2012 1:15:15 AM |
66 |
avast! - copyright (c) 1988-2012 AVAST Software. |
67 |
http://www.avast.com |