Account security PSA

bowman · Feb 13, 2024

Our member accounts are being scanned, and we've had at least one instance where a member's credentials were used maliciously. Please check your password strength, and a best practice is to change it to one that is not used on any other web site. Upper & lowercase letters, numbers, and symbols are recommended. See the chart to see how the password length and complexity deter password cracking attempts. This does not take into account if your email address/password is captured as part of a data breach that occurs frequently.

To change your password, go to your avatar on the menu bar at the top of the page, then select Password and Security. You will need your current password in order to change to a new password. If you are unable to change it, you can contact me for assistance.

tvrgeek · Feb 13, 2024

If you don't believe accounts get taken, look on Facebook for my login. It was stolen by some Chinese kid and Facebook won't do anything about it.

Leviblue · Feb 13, 2024

tvrgeek said:
If you don't believe accounts get taken, look on Facebook for my login. It was stolen by some Chinese kid and Facebook won't do anything about it.

FB security and to have anyone help there has not been a good experience for me either. I often as myself why even keep it.

Craptastic · Feb 13, 2024

And just remember that Neal's chart above? The times only get shorter the higher computing power gets. The corporation I work for enforces passwords of 14 character length and they are considering increasing that and making a type of "random" rule on them too.

And somedays I wonder why I can't log into the servers.

Darl Bundren · Feb 13, 2024

If y'all want to check the security of your passwords, this page at security.org can show you the calculations. One of my old standbys was laughably crackable. The site is secure and will not store your info.

How Secure Is My Password? | Password Strength Checker

Data breaches and identity theft are on the rise, and the cause is often compromised passwords. After stealing credentials, cybercriminals can use passwords to

www.security.org

tri4sale · Feb 13, 2024

Not sure if this is coincidence or not, or if someone got into my account, but tonight my password stopped working, so I reset it and definitely made it more difficult to crack.

NCGrimbo · Feb 15, 2024

My current one for this site will take 3 octillion years to crack according to the site listed above. And it's a simple phrase for me to remember consisting of 22 mixed characters, numbers, and symbols.

mighty_fine_sawdust · Mar 13, 2024

For all of my life I kept the same password that was a the first letter of each word in a short phrase that everyone would know. I added a number and a couple of special characters. never had a problem. During all those years, my wife's info has been stolen more times than I honestly can count. Then my credit card info got stolen last year. I use nordpass and it generates random passwords. I was hesitant to make the change because i thought I'd forget. But with the app that comes with nord you don't have to remember anything. Not advertising for nord and honestly think they could do a better job in the app. But the point is the plunge into more secure passwords was actually easier than I thought.

Hmerkle · Mar 13, 2024

Thanks all - just got this response to a master password change
I should be dead long before that work is complete...

ChemE75 · Mar 14, 2024

FWIW, I use strongbox (think they still got a free option) on my iPhone and sync with keepass on my PCs. Strongbox shows you strength of passwords so it’s easy to tweak weak passwords and see how strong it is. I think KeePassium for iPhone is free and has a basic bar graph below the password that shows strength but not as specific as strongbox. The nice thing is you can use one password for the app and save all passwords and categorize them for organization and the database is then encrypted so you could if desired store it on a cloud service to sync with all devices. I have at least a desktop, 2 laptops, a tablet, a phone as well as several “smart” devices - over 200 passwords and I have yet to have any issues. Plus with some of these apps you can sync locally on your own wifi or email the database to yourself - lots of options depending on the app. I avoid apps that require a subscription or cost a lot or only use their own cloud stg.

JNCarr · Mar 14, 2024

When you do the math, it's the length that really matters and this chart bears that out. The special characters, numbers, etc. incrementally add to the complexity of cracking the code.
Make them long!

ChemE75 · Mar 14, 2024

JNCarr said:
When you do the math, it's the length that really matters and this chart bears that out. The special characters, numbers, etc. incrementally add to the complexity of cracking the code.
Make them long!

Yes agree, long is good, each character adds bits and the more the bits, the tougher to crack. But complexity adds more difficulty, at least according to my app. Long passwords that are simply common words strung together are not nearly as difficult as people think. I’ve seen simple 25 character passwords that take less than a few hrs while 15 character complex passwords can take many centuries or longer if goofy enough.

mighty_fine_sawdust · Mar 15, 2024

One of my collateral jobs in the Navy was being responsible for the communications networks for a strike group staff and that included internet access and password security. As the first post above shows, we proved that if the password is in the dictionary, we could crack it in less than a second.

Warped Woodwerks · Mar 15, 2024

Password1

JK... but yes... we live in an age where people not only find enjoyment in hacking, but also get paid to hack. My mother (70's) was hacked\compromised, and they tried to empty out her retirement. They were extremely close in doing so.
I spent a good 3+ hours helping, but I am not sure that will put an end to the attempts or make her account\s safe.

Authenticators\MFA, etc.. are good, but nothing these days are 100% rock solid.
If you click a link in your email, etc., you are almost 100% guaranteed that you are compromised, or will be.

As stated above, do NOT use the same password for everything and use upper\lower alphanumeric with special characters and do your best to have a 20P@$$w0Rd24 over 12 characters.

Best of luck and be safe.

tarheelz · Mar 15, 2024

"1111111111111111111111111" = Can be cracked in 7 million years per the linked site.

bowman · Mar 15, 2024

tarheelz said:
"1111111111111111111111111" = Can be cracked in 7 million years per the linked site.

As long as you can remember how many 1s you have entered as your password.

tri4sale · Mar 15, 2024

Hmerkle said:
Thanks all - just got this response to a master password change
I should be dead long before that work is complete...
View attachment 227143

problem is, someone will come out with a new formula for cracking PW and it'll go from 34,000 years to 5 mins.

bowman · Mar 15, 2024

With all of the data breaches occurring, it is just a matter of time before your email address and password associated with that particular site is obtained. Don't make it easy on the hackers to get your personal information from the breached site. If you use the same password for different sites, say Google, Apple, and Facebook, then you are really asking for trouble.

Use strong passwords, and use different passwords. Password managers that have been listed above are good. If you don't trust a password manager. go old school and keep up with them in a notebook that you can store securely (put in a fireproof box when not using it).

ChemE75 · Mar 16, 2024

This is why I starting using keepass - a reputable open source password app, free/donate as desired, actively maintained by open source community, multiplatform, no reliance on cloud services, if you do use a cloud service then it can use that as well, not embedded in a particular browser, simply copy and paste user/pw/text from notes/etc, can backup to your desired backup device (I use my own NAS and a cloud service), compatible mobile apps, high degree of database encryption possible with many options to chose type and degree of difficulty, can set rules for password generation and always chose your own with visual difficulty indicator, can add URLs, a section for notes, can keep a history in case you need to go back to previous pw, easy to create categories like banking, credit cards, medical, gov’t, home, etc and view in a tree format like a familiar file manager format, just lots of benefits.

I’m not trying to sell anyone on a particular solution just trying to point out the various benefits of most password managers - the primary reason besides security, it takes the burden off trying to remember 200+ passwords! (I’ve been using the internet a long time.) Remember one password then every other can be as long and as complex as needed for the site/app with no need to remember them.

Using 2FA or MFA is a good option when offered, both Microsoft authenticator and the Google one seem reliable, some sites/apps only send codes via text or email though.

jamie · Mar 16, 2024

While I also have the 2fa set up, I did try the calculator. I think I'm good

Account security PSA

bowman

Board of Directors, Webmaster

tvrgeek

Leviblue

Craptastic

Darl Bundren

How Secure Is My Password? | Password Strength Checker

tri4sale

NCGrimbo

mighty_fine_sawdust

Hmerkle

Board of Directors, Development Director

ChemE75

JNCarr

ChemE75

mighty_fine_sawdust

Warped Woodwerks

tarheelz

bowman

Board of Directors, Webmaster

tri4sale

bowman

Board of Directors, Webmaster

ChemE75

jamie

Premier Sponsor

Our Sponsors

LATEST FOR SALE LISTINGS