How Hackers Protect Themselves From Getting Hacked (Linux, email, server)

[Dude111]

http://www.huffingtonpost.com/2012/1...n_2333527.html from www.linuxsecurity.com/content/view/158476

Quote:

"When Adrian Lamo goes online, he leaves nothing to chance..." [more]

[thecoalman]

Quote:

One tech writer who was hacked this year proclaimed that passwords are now obsolete.

I would disagree to some extent.

A)Use a password generator and locker like Keepass. This will allow you to generate complex passwords and not have to remember them. You only have to remember one password.

B)Use a unique password for every account you have. This is very important because if someone is able to find out the password for one account they know the rest if they aren't different. The big concern here is you sign up for an account at site X. If hacker is to gain access to the database the worse case scenario is these passwords are not encrypted. Typically passwords are stored on a server using a one way encryption where the password itself is the key however it may be a low level encryption easily cracked.

Once they have your password from site X they also have an email account associated with that password and will attempt to gain access to your email. If you're using the same password for your email account they are in. Once there it's off to the races because now they can find out what bank or other financial services you are using.

C)Since you should be using a password generator and locker password hints shouldn't be required and I I really wish site would not require them. It's a security risk in itself. If you are required to use a hint for password use something other than the real answer.

[TechGromit]

Personally I have what I consider low level and high level accounts. Low level accounts are online forums and such and generally have the same password for all of them. If someone were to gain access to them, it's of little concern to me. Now things like logging on to work computers, bank accounts, 401k accounts are high level accounts and do have unique passwords for all of them. I also use KeePass to keep track of my passwords, but do not use the password generator they provide, it's a nightmare of mixed up characters, numbers and special characters, impossible to remember. If you have to write it down somewhere to remember it, it's not a good password. What I use is a word, special characters and some numbers. That's pretty secure in my opinion.

[thecoalman]

Quote:

Originally Posted by TechGromit

I also use KeePass to keep track of my passwords, but do not use the password generator they provide, it's a nightmare of mixed up characters, numbers and special characters, impossible to remember. If you have to write it down somewhere to remember it, it's not a good password. What I use is a word, special characters and some numbers. That's pretty secure in my opinion.

You can run keepass from a USB stick.