If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(CNN)   Half of American adults were hacked last year, the other 50% immediately promise to change their pa55word   (money.cnn.com) divider line 40
    More: Scary, security question, cyber, half  
•       •       •

838 clicks; posted to Geek » on 29 May 2014 at 4:40 PM (12 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



40 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2014-05-29 03:20:26 PM
For those of you concerned about having to come up with a complex password for every site, let me give you a tip.  Come up with one password you use everywhere, but include in it part of the name of the page you're accessing.

For example, if your password for TF was something like FarkThis42!, which gives you upper and lower case letters as well as a numbers and a special character.  You could then add part of the TotalFark name, the last two and first two characters, for instance, giving you this: FarkThis42!rkTo.

You could use the same "base" password on other sites, but changing the last part will keep each password different.  You don't have to have the characters at the end, of course, you could put them anywhere.  FarkThisrkTo42! or rkFarkThisTo42! are other ways it can work.

The point is, you really only have to remember one password and then whatever "rule" you come up with to apply to specific sites.
 
2014-05-29 04:42:14 PM
Hacking is down at least 75% since Shaq retired.
 
2014-05-29 04:43:42 PM
Hacked or forgot to log out of Facebook and someone else posted some crap?
 
2014-05-29 04:45:13 PM
No. 47% of Americans had their personal information exposed to hackers due to security breaches at major corporations and websites. They and their personal computers were not all hacked.
 
2014-05-29 04:45:45 PM
Why doesn't this surprise me?
 
2014-05-29 04:49:33 PM
That's what I changed all my passwords to "hunter3"
 
2014-05-29 04:51:24 PM
Hacked and drone are now words that mean whatever the headline writer wants them to mean.
 
2014-05-29 04:51:40 PM
All right, 12346 it is.
 
2014-05-29 04:53:41 PM
That massive number, tallied for CNNMoney by Ponemon Institute Researchers...


cdn.bulbagarden.net
What a Ponemon reseracher might look like
 
2014-05-29 04:54:11 PM

cgraves67: No. 47% of Americans had their personal information exposed to hackers due to security breaches at major corporations and websites. They and their personal computers were not all hacked.


Are you saying that the headline is misleading?

On my fark?
 
2014-05-29 04:58:53 PM

Big Beef Burrito: Hacking is down at least 75% since Shaq retired.


Shaqqing is also way down.
 
2014-05-29 04:59:42 PM
87654321 is kinda hard to remember, though.
 
2014-05-29 05:01:14 PM
imgs.xkcd.com

Required. Granted I've heard this comic isn't quite accurate, but for a password thread, someone's gonna post it. Might as well be me.
 
2014-05-29 05:05:50 PM
shiat!  how did you know my eBay password, subby?
 
2014-05-29 05:10:53 PM
So if they "hack" my amazon account will they buy me all the stuff on my wishlist?
 
2014-05-29 05:17:53 PM
The password for the e-mail at work is "password". We run IE6. God dammit so much.
 
2014-05-29 05:18:44 PM
hunter2
 
2014-05-29 05:22:25 PM
"Password1...that'll have em all fooled!"
 
2014-05-29 05:25:17 PM
It's a good thing my password is 123457.

No one's ever cracked it.
 
2014-05-29 06:02:17 PM
your password is incorrect...
 
2014-05-29 06:02:41 PM
www.spkaa.com
 
2014-05-29 06:08:35 PM

taurusowner: [imgs.xkcd.com image 740x601]

Required. Granted I've heard this comic isn't quite accurate, but for a password thread, someone's gonna post it. Might as well be me.


It gets worse. Password crackers are getting scary good at phrases, too. If your password is a phrase from a well-known book, it isn't safe. Correct Horse Battery Staple isn't safe. Even "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" isn't safe.
 
2014-05-29 06:14:25 PM
Article is, as per usual from CNN, almost entirely worthless. It starts out by pointing out that the major breaches occur at corporations, lists two "reasons" (lots of people go online and hackers are getting better) that have nothing to do with corporate cybersecurity, then points out that people still use Windows XP and IE, neither of which have any effect on corporate security practices.
 
2014-05-29 06:16:24 PM
Ha! Mine is P@ssw0rd. It's got upper, lower, number and symbol in there. I'm never getting hacked.
 
2014-05-29 06:31:12 PM
I remember back when everyone started doing business online, how we were assured this would never happen.

Kind of like when the government said that social security numbers would never be used for personal identification....
 
2014-05-29 06:33:06 PM
pa$$word, subby.
 
2014-05-29 06:40:42 PM

cgraves67: No. 47% of Americans had their personal information exposed to hackers due to security breaches at major corporations and websites. They and their personal computers were not all hacked.


Are they including the people who had their email hacked with that thingy that sent spam to their entire email list, with their name on it? Because I know a lot of people who got hit with that, myself included. I know because I got a lot of spam emails "from" them. Including my ex-lawyer. Almost had a heart attack when I saw an email from her.

groppet: So if they "hack" my amazon account will they buy me all the stuff on my wishlist?


No, but someone hacked my Fannie Mae account and paid off my entire student loan. Apparently they weren't very smart hackers.
 
2014-05-29 06:59:07 PM
my password is horse battery staple correct
 
2014-05-29 07:00:26 PM

SpdrJay: I remember back when everyone started doing business online, how we were assured this would never happen.

Kind of like when the government said that social security numbers would never be used for personal identification....


That's a disaster and half. The military is a huge culprit in this. My full SSN is probably on a good 1000+ documents at this point, most of which are probably just sitting in an unlocked cabinet, on someone's desk, or just thrown away. I got a mass email from a training NCO in my old company about an upcoming drill a few years. It had the entire company's personal information in it. A good 130 SSNs, homes of record, birthdates, etc, including mine. This email was sent to everyone in the unit. So I know there are at least 100+ people out there who have my entire personal information who have no business knowing it all because the Army uses that for basic record keeping. God knows who ended up saving the spreadsheet or printed it out and threw it away.
 
2014-05-29 07:16:31 PM

taurusowner: [imgs.xkcd.com image 740x601]

Required. Granted I've heard this comic isn't quite accurate, but for a password thread, someone's gonna post it. Might as well be me.


The bit that is wrong is stating that the average user shouldn't worry about cracking a stolen hash. Unless you have a reason to be specifically targeted the mass hacking of passwords is the main worry for most users. Sony, eBay and the other large password hacks have allowed a mass amount of passwords to be un-hashed via rainbow tables, connected to email addresses and used on a variety of services from which you can be defrauded.

Password strength isn't the main flaw of regular users, it is password re-use. Using a unique password for each site is much more important for security.
 
2014-05-29 07:20:50 PM
Ive had my email hacked before. My IT friend was able to track the hacker back to somewhere in Mexico. Whoever it was, they were using my email to spam diet pill ads. Someone also tried to get into my facebook account and fortunately failed.
 
2014-05-29 08:57:18 PM
In other news half of the people using computers are running Windows.
 
2014-05-29 09:09:25 PM

Faddy: taurusowner: [imgs.xkcd.com image 740x601]

Required. Granted I've heard this comic isn't quite accurate, but for a password thread, someone's gonna post it. Might as well be me.

The bit that is wrong is stating that the average user shouldn't worry about cracking a stolen hash. Unless you have a reason to be specifically targeted the mass hacking of passwords is the main worry for most users. Sony, eBay and the other large password hacks have allowed a mass amount of passwords to be un-hashed via rainbow tables, connected to email addresses and used on a variety of services from which you can be defrauded.

Password strength isn't the main flaw of regular users, it is password re-use. Using a unique password for each site is much more important for security.


This. It doesn't matter how strong your password is if the site/system is storing them in the clear, using poor hashes, and/or not SSL-wrapping the login page. I always tell people that if the system can tell them what their password is, it's not secure (the opposite doesn't mean that it is, of course, but a "your password is X" recovery email is a clear indicator that it's not).

Containment is the best viable strategy at this point. That said, you can quickly run into an issue of having to remember 24 passwords, at least one of which needs to be changed at any given moment. Password managers are a pain, so I tend to group mine based on risk and how much I care about the site/system. My Fark password is in my "throwaway" group since I don't really care, and I keep the true one-offs for things like banking and email.
 
2014-05-29 10:02:15 PM
Easy thing to do.  Use a easy-to-remember but nonsense word that no one could associate with you, like in Drew's case: sober. Then use a combination of keyboard-layout sequence letters/numbers and a web page association to really confuse it.  For example, using zse4soberfark would be hard to guess, and the sequence can be used for other sites, like zse4soberbank or zse4soberfavoritepornsite.  Then when you feel the need to change your password, you just either change the keyboard layout or the nonsense word, or just the order of the sequence, like farkzse4sober, soberzse4fark, zse4farksober, and so on.

Just make sure you do it with every web site you have a password with, and sometimes add a second web-site related word if people guess what your nonsense/sequence word is.
 
2014-05-29 11:23:28 PM
Just do what I did over summer at a place with a fascist password policy: Mash the keyboard, write it down (In very clear, clean script that makes UPPER and lower case highly distinct), stick that bit in your wallet. Then use that as the pass for a password-wallet program to hold the rest of them. You'll memorize 52%D23vS^58hc3&Hu3pLS sooner than you might think and won't need the written down part any more. Or use two-factor authentication for login (a lot of supercomputer systems do this) - It was remarkably easy to turn on with Google, for one.

Either way requires a successful attack to involve an actual physical attack against you. If you're actually working on something that valuable, you've been briefed on security by guys with a higher clearance than "Some guy on Fark" or you seriously need to be.
 
2014-05-30 12:40:02 AM
I have a credit score of 200 and $38 in my bank account.

Do your worst.
 
2014-05-30 08:30:57 AM
Mine is assw0rd.

Notice there is no P in it.

Keep it that way.
 
2014-05-30 12:54:13 PM

timujin: For those of you concerned about having to come up with a complex password for every site, let me give you a tip.  Come up with one password you use everywhere, but include in it part of the name of the page you're accessing.

For example, if your password for TF was something like FarkThis42!, which gives you upper and lower case letters as well as a numbers and a special character.  You could then add part of the TotalFark name, the last two and first two characters, for instance, giving you this: FarkThis42!rkTo.

You could use the same "base" password on other sites, but changing the last part will keep each password different.  You don't have to have the characters at the end, of course, you could put them anywhere.  FarkThisrkTo42! or rkFarkThisTo42! are other ways it can work.

The point is, you really only have to remember one password and then whatever "rule" you come up with to apply to specific sites.


Yeah, but all it takes is one exposure like Adobe's and the pattern is known.

Sure, it is a little annoying if I get logged out of Fark when I don't have the vault handy and my memory fails me. I've been looking into one for my phone, but haven't settled on it yet.
 
2014-05-30 01:38:41 PM

wingedkat: timujin: For those of you concerned about having to come up with a complex password for every site, let me give you a tip.  Come up with one password you use everywhere, but include in it part of the name of the page you're accessing.

For example, if your password for TF was something like FarkThis42!, which gives you upper and lower case letters as well as a numbers and a special character.  You could then add part of the TotalFark name, the last two and first two characters, for instance, giving you this: FarkThis42!rkTo.

You could use the same "base" password on other sites, but changing the last part will keep each password different.  You don't have to have the characters at the end, of course, you could put them anywhere.  FarkThisrkTo42! or rkFarkThisTo42! are other ways it can work.

The point is, you really only have to remember one password and then whatever "rule" you come up with to apply to specific sites.

Yeah, but all it takes is one exposure like Adobe's and the pattern is known.

Sure, it is a little annoying if I get logged out of Fark when I don't have the vault handy and my memory fails me. I've been looking into one for my phone, but haven't settled on it yet.


It would take a human looking at your password, then realizing that there was a pattern in the first place.
 
2014-05-31 12:06:34 AM
I have a password at work that I use twice a month to balance an account. Twice a month. How do I remember it? fark IT! I just call up the drones in the accounting department when I need to use it.
 
Displayed 40 of 40 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report