Spammers vs Clueless

[Donoroto]

That's exactly what happened- the premium member tried to log in and his password was changed. I looked into it, and his account had all sorts of nasty sexual links in "my brewing" and we locked down the account and changed the password.

All of you make sure your password is secure! We don't want you to lose access to your accounts over something like this!

Thanks for that update.

Does anyone actually use the SAME password on more than one site? If you do, and someone gets your password, they have the keys to your kingdom.

In my former life I was a training instructional designer, and one of my best eLearnings was on Passwords Without Pain. Let me know if you are interested in a simple yet highly secure password system you can use. Different passwords for each site, yet trivial to remember each one.

(Geez, I hope I have a copy somewhere...)

 

[BarbarianBrewer]

Hey "password123" has worked fine all these years. I don't see any reason to change now!

Actually I started using NordPass last year. One password for all sites wasn't safe and using different password but with an easy to guess pattern was not a good alternative either. And creating a strong password (uppercase, lowercase, numbers, special characters) meant I had to write it down. Yet another no-no.

Edited to add "not" before "a good alternative"

 

[Minbari]

I use keepass. Different password for every site. Hell of you want you can have it generate passwords for you. 128 character nonsense. No one would guess it.

Protected by 4096 bit twofish cypher that uses 3 factor auth.

 

[Donoroto]

I use keepass. Different password for every site. Hell of you want you can have it generate passwords for you. 128 character nonsense. No one would guess it.

Protected by 4096 bit twofish cypher that uses 3 factor auth.

KeePass is an excellent alternative. Just remember to back up the data file. I know a guy who didn't... and the Hard Disk crashed...

 

[Minbari]

KeePass is an excellent alternative. Just remember to back up the data file. I know a guy who didn't... and the Hard Disk crashed...

The file is on 4 disk raid 10 backed up to a single usb drive and backed up to dropbox.

 

[GFHomebrew]

I think I've gotta lift my game!

I'll take this as a friendly reminder of what could happen with being complacent...

 

[Zambi]

I think I've gotta lift my game!

I'll take this as a friendly reminder of what could happen with being complacent...

Me too, Ben
I think I better start changing some passwords.....

 

[Sandy Feet]

What about the Spaceballs briefcase password LOL.

 

[Minbari]

What about the Spaceballs briefcase password LOL.

1-1...2-2...3-3...4-4...5-5...

So the code is 1.2.3.4.5! I have the same code on my luggage

 

[Donoroto]

Remember, "12345" is NOT a secure password. Use at LEAST six characters, like 123456. Now that's secure!

 

[Minbari]

Have I Been Pwned is a reliable and effective way for users to take control of their account security. The site collects information from public data breaches and stores the details in a searchable database.

No it isn't. Letting a website control your security is the first step in losing all security

 

[Donoroto]

No it isn't. Letting a website control your security is the first step in losing all security

Sure, but it depends on what the site does. Online password repository? O. M. G. That would be bad. Searching for your email address? Maybe not so bad, but could be. Checking your firewall like (old version) zonealarm used to do, low risk and high reward. (Not anymore. Their free tools don't seem to be around anymore)

nonetheless: caveat emptor. Tanstaafl. And everyone is out to get you.

 

[Josh Hughes]

Have I Been Pwned is a reliable and effective way for users to take control of their account security. The site collects information from public data breaches and stores the details in a searchable database.

First post is a link about password safety? Reporting this

 

[NorthCoastBrewer]

First post is a link about password safety?

Yes, that reply is highly suspect.

"Have I Been Pwned" is run by Troy Hunt (Australian web security consultant). From the "about" page at "troy hunt dot com":

Have I Been Pwned
One of the key projects I'm involved in today is Have I Been Pwned (HIBP), a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web. As well as being a useful service for the community, HIBP has given me an avenue to ship code that runs at scale on Microsoft's Azure cloud platform, one of the best ways we have of standing up services on the web today.​

 

[Blackmuse]

Passwords Without Pain. Let me know if you are interested in a simple yet highly secure password system you can use. Different passwords for each site, yet trivial to remember each one.

I'd be interested in this!

 

[Blackmuse]

Goals: To promulgate the Roger Waters theory that humans eventually amuse themselves to death.

Excellent album!

 

[Sandy Feet]

Excellent album!

Sure is.

 

[Hawkbox]

Bitwarden is quite good for password management and integrates with all the modern browsers.

 

[Donoroto]

So has anyone else noticed the relative lack of spammers lately? I speculate the recent forum software update included some better tools to address it.

I do see (as a moderator) that some posts are put in hold before they become visible due to their containing suspicious content, like non-beer-related urls and the like.

 

[Zambi]

Seems a lot better.
But just looked like there may be one on the dinner thread. Just not sure yet.

And I do miss Mia