Alert Using a Password app to manage passwords

[Joe Hogan]

Recently I switched the App I use to manage passwords to a more robust App, 1Password, to help me remember the 100s if not thousands of credentials I use on the internet.

Recently I received a Spam email threatening dastardly actions if I didn't pay thousands of dollars. Needless to say this got my attention. The email did contain a Password I have used in the past.

Apparently one of the sites I have visited, appears it was a Used Car website, has been hacked and the hackers, I later found out, had posted the credentials on some Dark Net board for hackers.

Soon my inbox was filled with threatening emails claiming they had hacked my computer, installed keyboard loggers, etc. and got this password.

Luckily for me, I recognized it as a password I use for generic non essential sites. Luckily for me it was seldom repeated so damage was limited.

That said, it prompted me to systematically replace any duplicated general purpose passwords I employ repeatedly.

Now all my passwords are unique, so if a site is hacked, all they get is what ever personal data is stored, in the worse case.

Any internet sites that accept 2 factor authorizations, I use. All of my financial and medical websites are 2 factor. Yes, it Is more cumbersome.

But if you get an unexpected 2 factor request, that is an early warning sign someone is attempting to access your data.

Had this hack been one that was more serious, or had they got lucky and got a commonly reused password, it could have been very damaging.....

BTW, do not ever respond to an email like this. The act responding can provide lots data to a good hacker. Do not click Links, as we all know, they can contain all sorts of malware. QR codes, bar codes, all those types of links can contain malware.

It is such a shame that many talented folks focus on stealing and damage rather than to be productive members of society...

Luckily no damage

 

[redbaron]

I use KeePass, and synchronize it between all my devices. Keepass is free, open source, and works on all devices.

1password is the best commercial product I have seen.

No matter what product you use, use something.
No password should be duplicated between sites.
No username should be duplicated between sites.

Also...make sure your attorney, life partner, child, or best friend has a copy and access to this file in case you become incapacitated and loved ones need access.

 

[CaptainGizmo]

1Password is insanely imperative for living. I've signed up for my whole Family.
And, I have many friends who've told me they just can't imagine living without it, now.
It is without a DOUBT, the best utility I've paid for, and one of the most important things I've done to keep over 400 logins separate and secure.

 

[RKins]

Sounds like a ton of work, changing passwords on all the sites you frequent or have frequented. I understand the intent but I have hundreds and hundreds ....

 

[tetranz]

Bitwarden is very good too and is open source.

 

[redbaron]

Sounds like a ton of work, changing passwords on all the sites you frequent or have frequented. I understand the intent but I have hundreds and hundreds ....

For most sites, you should do it as you use them, not as a specific task. Change all financial and medical as a specific task

 

[RKins]

Do you let your OS memorize the new password? Or do you enter the 20 character p/w manually. Do these pw minders auto enter when they see the same site that is in the db?

Edit: I never let my OS remember anything important like banking, SSA, retirement accounts credentials.

Edit: I do see on KeePass you can click the URL at the bottom and "auto type" and it will fill in everything for you once at the site. Nice.
Another question, on KeePass do you just copy the db from the master location to another device. Can you copy it to a thumbdrive and install KeePass on a laptop and have the laptop look for the USB drive?

 

[Joe Hogan]

The App used , 1Password, suggests a random set of 20 characters, a combination of alpha, both Cap and small case, numbers and special characters.
If you accept, it is entered in both fields, Password field and Confirmation field on most websites.
Some websites are not as advanced and you have to fiddle around some. Typically, if there is an issue, copy the password the App is suggesting, then paste into the Confirmation field manually, You get reasonably quick at this after a few iterations.
Then you should indicate to App to save the credentials in the App, if you so choose.

The process is painless after a few passwords.

 

[CaptainGizmo]

Sounds like a ton of work, changing passwords on all the sites you frequent or have frequented. I understand the intent but I have hundreds and hundreds ....

If you think having unique and secure password is a lot of work, then you’ve probably not had any of your sites, data, or identity hacked.

Point being, it’s just like routine maintenance on your cars and RV. Neglect to do it, and you WILL pay the price.

Last week, I spent hours and hours helping an old friend unscrew his entire online life from being hacked because of one stupid move. He got sucked into a Phish, gave out his password…which was “only one”, and his whole house of cards came tumbling down. Social media, bank accounts, email, even phone numbers all had to be changed.

So, if you do ANYTHING online, I could sell 1Password to anyone, doesn’t matter who. I have over 400 logins. Just changed one last night and let 1Password do all the work. It didn’t take a single minute to do.

Think about it. And trust those who have paid the price; realizing that the consequences are an unreal amount of stress, time, and work to get your online life back to normal…if at all.

 

[RKins]

You're right, I haven't been hacked.