MASSIVE data leak; 700 million emails compromised

[Ysh]

As far as password manager is goes, I use this one. I think maybe it is less manager and more generator. Basically it will generate password based on site name and master password, so there is no password file that can be lost or stolen.

Still hackable, though.

Of course, there is no silver bullet solution.

[MagicManICT]

I find most of this to be.... moot. We're a few short years from all this effort being completely useless. Yeah, I've bought into the hype of quantum computing.

[Ysh]

I find most of this to be.... moot. We're a few short years from all this effort being completely useless. Yeah, I've bought into the hype of quantum computing.

So I should give away this access to my bank account today because in few years maybe some men will be able to steal it away from me? This do not seem prudent to me.

[MagicManICT]

Nice fallacy there. Do you frequently put words in other people's mouths?

Another point to be made: All of this security and yet people still find ways to crack it open and loot the safe. Is there truly anything you can do to secure it? No. How many of you carry more than one key ring: one for your car keys, one for you house keys, one for office keys, etc.? Anyone? Nobody? If anyone were to break into your house, they could then steal your car and break into your office (assuming you have keys for such). Asking a person to do things electronically that they don't do physically is just stupid.

I take more precautions than most because I am aware that it's much easier to intrude digitally than physically, and has much lower risk of being caught, and punishments when the intruder is caught usually aren't severe relative to a burglary. But in the 40+ years I've been using computing systems, I can count on one hand the number of computer viruses I've found on my computer or have had detectable intrusions to something personal: PC, email, or similar. There are far easier rules to remember than all this password bullshit, and most of it has to do with following simple rules, most of which has to do with rules of trust to begin with.

[Ysh]

Nice fallacy there. Do you frequently put words in other people's mouths?

You are one calling precaution today moot because of possible future threat. This is not some strawman, you actually do say it.

I find most of this to be.... moot. We're a few short years from all this effort being completely useless. Yeah, I've bought into the hype of quantum computing.

Another point to be made: All of this security and yet people still find ways to crack it open and loot the safe. Is there truly anything you can do to secure it? No. How many of you carry more than one key ring: one for your car keys, one for you house keys, one for office keys, etc.? Anyone? Nobody? If anyone were to break into your house, they could then steal your car and break into your office (assuming you have keys for such). Asking a person to do things electronically that they don't do physically is just stupid.

There is no such thing as perfect security. Having additional physical key ring will not do me any good because all of them will be in my pockets. If they are stealing one they can be stealing all of them. In digital world this is not the same thing, because these keys (passwords) are store on foreign server. Better analogy will be ''when you give car to mechanic, do you give him just key to car or entire key ring?'' I know I will always remove all other keys except key for car. Mechanic do not need these other key to do his job, why will I give them to him?

I take more precautions than most because I am aware that it's much easier to intrude digitally than physically, and has much lower risk of being caught, and punishments when the intruder is caught usually aren't severe relative to a burglary. But in the 40+ years I've been using computing systems, I can count on one hand the number of computer viruses I've found on my computer or have had detectable intrusions to something personal: PC, email, or similar. There are far easier rules to remember than all this password bullshit, and most of it has to do with following simple rules, most of which has to do with rules of trust to begin with.

You take these precautions but think them to be moot? I can not follow this logic. If you have had no issues then I am glad for you. I can also say that I have not have issue personally with this computer security, and neither has any of the men that I know personally. Many of these people do not take much precaution at all. Despite this, I am not sure how it is bad to take some precautions. I try to avoid taking good fortune for granted.

[Adder1234]

So this is why a guy from mexico tried to access my email. Good thing I changed my passwords already.

[MightySheep]

im using the same password I used since playing runescape 15 years ago

come at me hackers

[Agame]

When a bank looses tens of millions to hackers, a bank invests millions in dealing with that threat. And some of those millions are not in IT, but in old school physical removal of the threats.
That is why no hacker tries to take tens of millions from that safe. NOBODY is undetectable anymore. If the law has really soft punishments for online thieves, large corporations don't take it softly at all.

So, IT security has its limits, but one should never suppose IT is the only area secured.

Like surveillance cameras, for example. I work in a company with tens of cameras and cameras to watch cameras to prevent people from interfering with them. You can't ever scratch your head or crotch at work without being video recorded. Now, who do you think watches those cameras in real time? Nobody. They were never meant for prevention. They record and keep records for months just in case something wrong happens. And AFTER it happens, their archives are watched, wrongdoer found and punished. They are not camouflaged into something else, they are set in plain sight just so any wannabe wrongdoer sees them and gets reminded. "Whatever you do, we will find you." That is what surveillance cameras actually do. And they do it well.

I do suppose a large part of bank/corporate IT security is just like surveillance cameras. Not to prevent, but to mercilessly punish (in ways law itself disagrees with) anyone who has the guts to do damage. After, not before. Fear of reprisals works better than last generation routers. Really, why do you think EVERY ATM has a built-in Camera? To see if you smile when using it or to take a good picture of whomever access with correct data a compromised account, to be found physically later by "private investigators" and not the police?

But when all is lost is private emails (We can also call people or even video-skype them instead of emailing them, if we care about them) or game accounts, we can all give a sound laugh about it.

When my first (yahoo!) email got compromised I lost only my MC account and recovered it by writing to Mojang who owned it at the time. And got a few phone calls from people I had not been talking with in a long while, all of them making fun of Viagra and the like commercials that my hacked email sent them. In WoW I lost really nothing. They detected the connection from a different part of the world than the one I live in and asked me by SMS to change my email adress or authorise the connection. I changed the email.

So, if it's not about money, good amounts of money, why so much security? Haver a long password (that you can never remember without writing it down somewhere) to a software running on your home PC that generates passwords for all sites. OK, but this leaves me really vulnerable to:
1) I want to login to something like a game or private email while I am at work and password manager is at home on a shutdown computer.
2) My wife cleans my desk of all the useless papers I left stacked there so I loose the password to my password manager.
3) My home computer running my password manager gets a new virus and I must choose: Pay more for a better antivirus who will use even more resources while protecting me, making my computer go even slower forever, or loose 2-3 hours formatting C: and my game partition and just reinstalling everything? Of course reinstall is the way to go. OWCH, my password manager was on C:!

I'd rather:
- use a single 16 digits password on all my accounts,
- never give private data to any email or website when it asks so I can not be tracked by hackers for them to use same password on all my online accounts (Like phony name, location, whatever they need, never the same phony data on 2 different sites). This means no Facebook/Twitter/Instagram etc. for me and no Facebook is a good thing, believe me,
- variable/random allocated IP every online session so only the general location remains the same (this helps a lot when IP banned, too)
- never download or use a software that wants to know all my accounts, like a password manager or a Microsoft Wallet,
- Use a DEBIT (no credit) card kept only for online payments and who only gets money from my bank when I need to pay something with it and only as much as I need, not more
- Process every payment by hand, no automation with handling my money. I trust automated software, but not when it's about my money.

[pppp]

You can check if your email has become insecure here: https://haveibeenpwned.com/
And any passwords, particularly ones you use on multiple sites, here: https://haveibeenpwned.com/Passwords

I like how these two sites together can be used to harvest more emails and passwords.

[shubla]

Use long passwords, after certain length it does not really add any additional security, but even if site would allow you to use like 6-character passwords of a-z letters, don't do it. Preferably generate random passwords and use symbols and numbers in them if the site allows something like 16 characters will be enough for sure.

A 16 character passphrase of just a-z (all lowercase, 26 letters using the English language) is harder to brute force than an 8 character password of the entire UNICODE character set.
That's 4.3 x 10^22 vs 2^64 or 1.8 x 10^19. And a 4 word passphrase can be much easier to remember.

https://xkcd.com/936/

We need to retrain ourselves to memorizing bible passages, Shakespeare, and poetry... or whatever floats your boat. I'm not suggesting using those things, but being able to memorize such things trains the mind to memorize mnemonics for actual passphrases.

But then again, in this case they may just come up to your door and then your passwords leaking are least of your problems.
I have been playing with a thought of encoding my passwords to some images on my website, so they would be easily accessible from any device with some software, as no one would probably ever guess that my passwords are in those images.

This is actually a big thing. There are issues with it, but it's reliable and very secure when used properly.

I hate people who link that xkcd, at least I have dozens of accounts, I would never be able to remember 30 different passwords at all even if they were some poems from shakespeare. And if you are going to use password management program, you should just generate random passwords, because they are more secure, and memorize one randomly generated long password, because its more secure.
That xkcd is bad, because some people will for sure use that as a strategy for their passwords, then they get hacked by dictionary attack, because they use too easy-to-guess words or something. As I said, humans are not good at generating passwords, they should not even try.
And for the horse thing, yes its 550 years if you try every possible sequence of characters, but if you only try some words from dictionary, maybe add few numbers to end of them, (most people are going to end up using some quite common words so we don't have to try ALL Of the possible words of the english language) it will be much shorter. And 1000 guesses / second is not very realistic estimation if the passwords get leaked salted and hashed, which seems to be quite common these days Basically, one should just use password manager.