Stamporama Website Hacked

Definitely true.

But using the same password on multiple sites is a bad idea.

I had my Gawker password hacked (and it was a nice long good password) and then within hours someone was in my Google and Amazon accounts.

Plugging your machine into a network cable makes you vulnerable to attack. Ultimate security requires you to be an island.

It's up to us to decide what we're going to use. I like using a password manager, because I got burned. Others may choose a different route.

What do you recommend as best practices?

I use an algorithm based on the site's domain name. It's easy to remember the procedure to build the password in my head and I can figure out the password in seconds. It's always at least 15 characters and hits "strong" on every site that has a meter.

That's pretty slick. A have a friend who's doing that now. Of course if someone figures out your algorithm, you're in trouble, but that's pretty unlikely, unless they did a targeted attack again a dozen or so websites you visit.

One thing we both agree on is, don't use the same password om multiple sites. No need to hand a hacker the keys to the kingdom because of someone else's weak security.

My "password manager" is a notebook concealed within my house. Yes, if the place burns down, I would lose access to sites except my financial site passwords that are memorized. But a notebook can't get hacked.

I use Google Chrome to manage passwords. I think that google has a less chance of being hacked than anything I could setup.

I went to the SOR site to change my password when I got the email just in case it was a phishing email.

Climber Steve and I share a very secure password manager system.

• Malicious software is ALWAYS at least one step ahead of your security software, so make sure yours is as current as possible!
• The only computer which is 100% hack-proof is the one with its power source removed. (Then thrown into the ocean )
• To reiterate, your best protection is to NEVER use the same password anywhere. I also advise not even using the same LOGON whenever possible.
• Always use the maximum size password allowed and include as many character types as possible.
• Change your passwords regularly.
• Do not store passwords on any computer. <facepalm emoji>
• Be aware that cloud services are attacked DAILY and are not as secure as you think. Ask Kate Upton about iCloud...
• The best data hacks are the ones you NEVER hear about.

I never understood why people think this is a required security practice. If you use a unique password on every site, there is no need to change your password unless it is compromised.

Required? Of course not - BUT - as an IT Security Professional, I am 100% behind this as a "best practice" policy!
Strong, unique passwords are required. (IMLTHO )



umm... by the time one finds out about a compromise, it is too late. Sorta like "Closing the barn door after the horse has bolted."


As to making changes, please note that I say "regularly" without any sort of time frame. I have passwords which I have never changed because there is no sensitive personal data behind them. There are passwords which I change on a monthly or quarterly schedule.

I dunno. Password changes are about as effective as antivirus software these days. Just like AV software being completely unable to stop zero day exploits (cause they're zero day, no one knows about them!), when a password leaks online, it's used pretty fast, because they know people will change them.

The bigger danger in my opinion is letting people have your credit card and watch them walk away with it. I've had my credit card tagged twice this way.

Chipped credit cards are finally coming to the US, but we're not doing chip and pin, like the rest of the world. We're doing chip and SIGN. Stupid on so many levels...

I'm with kollectorkurt… The only secure computer is powered off, sitting in a lead safe, with armed guards around it. Security requires the three 'P's; Product, People, and Procedures. You can't implement one or two of them and expect to be really secure, it takes attention to all three.

'Products' include things like a good firewall, an AV application, and staying current on OS and browser updates. 'People" is the human aspects; this means that you don't do things like select easy passwords such as 123 or your birthday date. And 'Procedures' means that you follow good security practices like regularly changing passwords and not doing things like posting your email address anywhere online. (Note: to check to see if your email address is posted anywhere online simply Google your address with quotes around it like "joe@anywhere.com".)
Don

Needless to say, one of the guards will figure out how to steal it. :)

If you use strong passwords changing them is pointless. A hacker trying to hack your password couldn't possibly care less if you changed your password yesterday, last week, or every day since the beginning of the internet. All he cares about is what it is right now and how many times or when you changed it last doesn't make his job any easier or harder.

I am not sure I completely agree with this… My opinion is that periodically changing passwords is a good idea, especially if I have been traveling and have used several public networks. And while I don't often change my passwords for a site like SCF I do change those which contain my financial info. And I would certainly recommend that any person who is likely to be a target of hacking (i.e Hilary Clinton or Beyonce) to change passwords periodically.

The justification is that it can potentially limit the amount of time another person might have access to your account. Not all hackers make themselves known right away, they may lurk for several months waiting until you have more money in your account or until you post those naked pictures of yourself!
Don