Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

TLD



687 posts

Ultimate Geek
+1 received by user: 152


Topic # 161987 26-Jan-2015 11:16
One person supports this post
Send private message

Had an email from the Photoshop Gurus forum last night, telling me someone had tried to access my account three times with the wrong PW, and had been locked out for 15 minutes.  It wasn't me.  As it happens, I don't tend to use that forum nowadays as it was very clique — not welcoming to all comers like GZ :-).  It is still worrying that someone tried to hack the account though.

You'll probably remember that just about all of Adobe's accounts information was hacked a year or so back.  Apparently that ran to millions!  We were all forced to change our PWs, so I did that across all of the forums etc. I use.  It's a bad old world out there, so just a heads up.




Trevor Dennis
Rapaura (near Blenheim)

Create new topic
Mad Scientist
19012 posts

Uber Geek
+1 received by user: 2469

Trusted
Lifetime subscriber

  Reply # 1222310 26-Jan-2015 11:42
Send private message

The world is not as it used to be. Very complicated and overpopulated.

11894 posts

Uber Geek
+1 received by user: 3856

Trusted
Lifetime subscriber

  Reply # 1222821 26-Jan-2015 22:04
Send private message

There seems to be no shortage of people at this. My mother in the UK recently had all kinds of issues because her details were hacked from her telecoms supplier.

She's about 73 and already convinced the sky will fall on her head any time now, so this did not help!





TLD



687 posts

Ultimate Geek
+1 received by user: 152


  Reply # 1222844 26-Jan-2015 22:30
Send private message

What I can't understand is why anyone would want to do it.  I'm talking specifically about pretending to be me on Photoshop Guru, a forum I have not used in a while.  Come to think of it, the email I was sent had the hackers IP address

The person trying to log into your account had the following IP address: 192.111.146.156

 

I'm not flash at this sort of thing, but it appears to be some sort of robot web crawler thingie.  What does surprise me — if I am understanding the whois info correctly — is that 192.111.146.156 appears to be based in the USA!  Perhaps it looks for successful log ons, and then tries the PW on various online banking sites with the same username.  It only has to get the odd one right if it tries enough.  I will admit to using similar PWs for forums, but only a crazy person would use the same PW with both forums and banking.

So how do the PW vault apps work?  Surely you still need a PW to access all your other PWs, which seems kind of flakey to me.  I'd welcome information to the contrary, or any tips on a really effective PW management system.




Trevor Dennis
Rapaura (near Blenheim)

Webhead
2110 posts

Uber Geek
+1 received by user: 685

Moderator
Trusted
Lifetime subscriber

  Reply # 1222849 26-Jan-2015 22:38
Send private message

TLD: What I can't understand is why anyone would want to do it.  I'm talking specifically about pretending to be me on Photoshop Guru, a forum I have not used in a while.  Come to think of it, the email I was sent had the hackers IP address

The person trying to log into your account had the following IP address: 192.111.146.156


Here is the whois information for that ip: http://whois.domaintools.com/192.111.146.156

Looks like a typical VPS (virtual server) hosting company. So could be one of their customers have been hacked and the server is being used to do brute force attacks here and there.

Probably just looking for easy accounts to hack to spam the forums, or if there is any valuable information there (like creditcard info) - to steal that.


I will admit to using similar PWs for forums, but only a crazy person would use the same PW with both forums and banking.


Do yourself a favour and stop reusing passwords. At the same time, get something like 1Password or Lastpass - and you will be able to have long, hard to guess, passwords on every single service you use - and never have to remember a single one of them.

1Password syncs between your tablet, computer and smartphone so you will have access to your login wherever you are.

So how do the PW vault apps work?  Surely you still need a PW to access all your other PWs, which seems kind of flakey to me.  I'd welcome information to the contrary, or any tips on a really effective PW management system.


The sync of 1Password is encrypted and someone getting access to your password file would not be able to use it, unless you have a really simple password.




11894 posts

Uber Geek
+1 received by user: 3856

Trusted
Lifetime subscriber

  Reply # 1222852 26-Jan-2015 22:45
Send private message

+1 for One Password.

My password is an entire long sentence with punctuation and spaces from an obscure book so I wish them well in trying to guess it.





TLD



687 posts

Ultimate Geek
+1 received by user: 152


  Reply # 1222858 26-Jan-2015 23:00
Send private message

OK, thanks for the heads up re 1Password.  I've just looked at the site and video, but AFAICT you still need a master PW to access 1Password.  I'm assuming you will need to use that master PW every time you want to manage your other PWs, but can choose not to for normal forum use.  I also wonder about loosing your smart phone etc. but I guess all that will be addressed in the AgileBits knowledgebase.    Bugger.  I hate having to read instructions :-(  LOL

I'll pop a couple of harden-up pills, and get to it in the morning.  thanks again for the info




Trevor Dennis
Rapaura (near Blenheim)

2436 posts

Uber Geek
+1 received by user: 832

Trusted
Lifetime subscriber

  Reply # 1222859 26-Jan-2015 23:02
Send private message

I'm quite partial to Keepass. You can store your password file anyway you like including dropbox or similar cloud storage locations. You just have a single file you need to worry about. Then a master unlock strong password and you're away.

Works on all manner of platforms including android where they have a custom keyboard so it doesn't even need to go into your clipboard plus all desktop operating systems and browsers.

Then just use the random password generator each time you visit a new site and you are done.





Webhead
2110 posts

Uber Geek
+1 received by user: 685

Moderator
Trusted
Lifetime subscriber

  Reply # 1222863 26-Jan-2015 23:06
Send private message

TLD: OK, thanks for the heads up re 1Password.  I've just looked at the site and video, but AFAICT you still need a master PW to access 1Password.  I'm assuming you will need to use that master PW every time you want to manage your other PWs, but can choose not to for normal forum use.  I also wonder about loosing your smart phone etc. but I guess all that will be addressed in the AgileBits knowledgebase.    Bugger.  I hate having to read instructions :-(  LOL

I'll pop a couple of harden-up pills, and get to it in the morning.  thanks again for the info


For iPhone 5S and newer it allows you to use your fingerprint to open to password manager (except for first time after a reboot).

On Mac/PC you don't have to type in your master password every time you log onto a site. 

You can choose to lock the passwords when the machine sleeps, when screen saver is turned on, when you do user switching, or after the computer has been idle for a certain time. There is a lot of flexibility, and how strickts you want it will depend on how easy/hard it is to get to your computer by someone you don't trust.

1Password will also allow you to set a time for how long your clipboard keeps passwords you have copied into the clipboard.






Webhead
2110 posts

Uber Geek
+1 received by user: 685

Moderator
Trusted
Lifetime subscriber

  Reply # 1222864 26-Jan-2015 23:08
Send private message

BarTender: I'm quite partial to Keepass. You can store your password file anyway you like including dropbox or similar cloud storage locations. You just have a single file you need to worry about. Then a master unlock strong password and you're away.

Works on all manner of platforms including android where they have a custom keyboard so it doesn't even need to go into your clipboard plus all desktop operating systems and browsers.

Then just use the random password generator each time you visit a new site and you are done.


I think the usability is better on 1Password. And it also allows you to sync via Dropbox, and are available on Android, iOS, Windows Phone, OS-X and Windows. (Not on Linux, where I am guessing Keepass is available?)




2436 posts

Uber Geek
+1 received by user: 832

Trusted
Lifetime subscriber

  Reply # 1222869 26-Jan-2015 23:19
Send private message

jarledb: I think the usability is better on 1Password. And it also allows you to sync via Dropbox, and are available on Android, iOS, Windows 3mso2plasmaa4g8xPhone, OS-X and Windows. (Not on Linux, where I am guessing Keepass is available?)


No doubt. 1password is a paid product that you need to purchase a licence for. But have no access to their source code so if they go belly up for whatever reason who knows if you could still access your data file.

Keepass is open source so the only payment you should make is a donation to the developer. The code is open source, widely peer reviewed and you can build your own copy from source if that floats your boat.





Webhead
2110 posts

Uber Geek
+1 received by user: 685

Moderator
Trusted
Lifetime subscriber

  Reply # 1222881 26-Jan-2015 23:44
Send private message

Actually, if you are afraid that 1Password won't be around, you can export it using 1Passwords interchange format, CSV (comma separated), tab-delimited formats. If you do that and make sure you have the file encrypted and secure somewhere - so you don't have to worry about wether they are going to be around or not. Its a popular piece of software, so I am pretty sure most any of their competitors will be sure to be able to import the password files from 1Password should something happen.




Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.