Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do you handle accounts / passwords, especially after infiltration?


  • Please log in to reply
7 replies to this topic

#1 Punkrulz

Punkrulz

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 11 July 2013 - 07:57 PM

Hey guys,

 

Recently I've come victim to a compromise which affected my EA account and associated games. I don't believe that this was a direct infiltration on my computer, but rather when Ubisoft was compromised and whomever hacked them got usernames, emails, passwords, etc. Because of the compromise on my EA account I no longer can play Battlefield 3, and potentially Battlefield 4 if they use the same unique identifier called a GUID. I'm unable to ascertain information regarding whether BF4 will utilize the same GUID.

 

So now I'm in the pickle of trying to figure out anywhere else that may have the same login credentials that were once used by Ubisoft. This would mostly be anything associated with my email address instead of a username. I received an email from another gaming organization (Blizzard), and for once this email looks legit via the link. However I'm not going to investigate that until I need to, so I'm not worried.

 

Yes, realistically it's recommended that users utilize absolutely different credentials for everything and no two would be the same. But on all of the websites people subscribe to like myself, that becomes darn near impossible. So my question is this: How do you guys manage your passwords and such? Do you use an application to store them all? Do you write them down on a hard copy and adjust if need be? Excel spreadsheets?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:55 AM

Posted 11 July 2013 - 08:45 PM

I use Password Safe.

In fact, I use the portable version here so I can carry it on a flash drive.

Since your accounts have been compromised you may want to read: I have been hacked...What should I do?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:55 AM

Posted 11 July 2013 - 10:09 PM

It took a few hours to build the database and physically change all my passwords to unique ones for everything. But I experienced the same realization when Evernote was compromised.

I use http://keepass.info/ I wish I had heeded the advice years earlier than just this last winter. I would not have had nearly the database to build. But once it's built just keep a back up offline and you only have to do it once. Just make sure you update it when you make changes on your machine.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:55 AM

Posted 12 July 2013 - 04:44 AM

I started to use KeePass PW Safe once. It's a good program and I found it to be very similar to Password Safe.

The problem was that Password Safe was released several years earlier and by the time KeePass PW Safe arrived on the scene my database was so large I didn't have the time or inclination to start over.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 12 July 2013 - 03:52 PM

I use different credentials for each site, and use Keepass to generate random passwords and manage the credentials.

And there are also sites for which I use a different e-mail address.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Punkrulz

Punkrulz
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 22 July 2013 - 05:36 PM

If that's the case, what do you guys do if you have to login to a site from another computer? Mobile device? Do any of these recommendations have a mobile app associated with your account so that you can maintain the credentials anywhere? That would be my biggest fear is losing that. Right now I use Lastpass which is good for my desktop and laptop, but sometimes depending on the site or if there are applications I can't use lastpass to login to those things...



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:55 PM

Posted 22 July 2013 - 07:01 PM

If that's the case, what do you guys do if you have to login to a site from another computer? Mobile device? Do any of these recommendations have a mobile app associated with your account so that you can maintain the credentials anywhere? That would be my biggest fear is losing that. Right now I use Lastpass which is good for my desktop and laptop, but sometimes depending on the site or if there are applications I can't use lastpass to login to those things...

If any of the above programs are not suitable in any way, then a Hard Copy is your next option.

I use 10 to 15 character passwords generally, and I often need to refer back to a Notepad to Copy / Paste if I forget, plus I have printed several of them (mainly the 15 character) ones and laminated to Credit Card size so I can carry them -



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:55 AM

Posted 23 July 2013 - 08:16 AM

You can also create a word document or spreadsheet with the info you want to keep, then follow these instructions:
Encrypt and Password protect an Office Document, Workbook
How to Password Protect and Encrypt Microsoft Office 2010 Documents
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users