| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
On 1/16/2012 09:22 PM, Dale wrote: |
| 5 |
> Howdy, |
| 6 |
> |
| 7 |
> It was on the news that some company got hacked into that was |
| 8 |
> related to Amazon. They said Amazon users should change their |
| 9 |
> password just as a precaution. I have a questions tho. I use some |
| 10 |
> pretty good passwords for the things that matter, sites such as my |
| 11 |
> bank, credit card, ebay, paypal, newegg and others that may store |
| 12 |
> things such as my credit card numbers. Here is a example but not a |
| 13 |
> close match to a typical password: |
| 14 |
> |
| 15 |
<snip> |
| 16 |
> My question. If I have a really good password and someone gets |
| 17 |
> hacked, should I change the password if the passwords are still |
| 18 |
> safe? In other words, they got some data such as email addys but the |
| 19 |
> passwords and credit cards are still secure. Should a person change |
| 20 |
> it anyway? |
| 21 |
> |
| 22 |
> One reason I ask this. I remember my passwords well. If I go to |
| 23 |
> changing them every time someone gets hacked, I'll never be able to |
| 24 |
> keep up with them again. I use Lastpass to remember them but it |
| 25 |
> could stop working because of a upgrade or something. Then again, I |
| 26 |
> could use its autogenerate thing and just HOPE for the best on |
| 27 |
> upgrades. |
| 28 |
> |
| 29 |
> Thoughts? What do you guys, and our gal, do in situations like |
| 30 |
> this? |
| 31 |
> |
| 32 |
> Dale |
| 33 |
|
| 34 |
My idea on changing your passwords is that you should change your passwords |
| 35 |
every 6 months, at least since you can never know if someone has stolen the |
| 36 |
other site's user/password files (or your own). Even with password |
| 37 |
encryption/hashing, it is only a matter of time before an attacker will crack |
| 38 |
your password (even assuming a brute-force attack). Also, when you hear that a |
| 39 |
site you do personal business with, such as your bank, shopping sites, etc. has |
| 40 |
been hacked, it is a *very* good idea to change your password for that site, |
| 41 |
and related sites - for example, if you change your password for Amazon, you |
| 42 |
probably should change it for Paypal if you ever use it to pay for your purchases. |
| 43 |
|
| 44 |
It is a matter of protection (both the 6 month policy and the hacked site |
| 45 |
policy). It means that, even if a hacker got your username and (encrypted) |
| 46 |
password, and managed to brute force your password, it would not be able to be |
| 47 |
used to log in as you. Oh, and I do practice a policy that most advise against |
| 48 |
- I write down my passwords for sites, until I memorize them, and keep those |
| 49 |
papers safe. I do this because, if someone were to break into my home, all |
| 50 |
thoughts of computer security would go out the window. |
| 51 |
|
| 52 |
Chris |
| 53 |
-----BEGIN PGP SIGNATURE----- |
| 54 |
|
| 55 |
iEYEAREKAAYFAk8VEfEACgkQUx1jS/ORyCtIegCgjlAPcNMBTiA4fqKaFnT8bdf3 |
| 56 |
TpQAnj1hYst3EFNiIAoAHsfPG2LfXG0R |
| 57 |
=83kF |
| 58 |
-----END PGP SIGNATURE----- |
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
--- |
| 63 |
avast! Antivirus: Outbound message clean. |
| 64 |
Virus Database (VPS): 120116-1, 01/16/2012 |
| 65 |
Tested on: 1/17/2012 1:15:15 AM |
| 66 |
avast! - copyright (c) 1988-2012 AVAST Software. |
| 67 |
http://www.avast.com |
Archives