Announcement PSA: Passwords, Security, and Hackers... OH MY!!!!!

Pics

Nifty-Chicken

Administrator
BYC Staff
18 Years
Dec 26, 2006
45,361
52,461
1,832
California - SF East Bay
My Coop
My Coop
PUBLIC SERVICE ANNOUNCEMENT:

Over the last month, hundreds of websites have seen user accounts accessed by people other than the person that owns the accounts.

... even people's Paypal accounts have been breached, as mentioned here:
https://cybersecuritynews.com/paypal-data-breach/

As stated in that article:

"Since many users use the same password and username/email repeatedly, submitting those sets of stolen credentials to dozens or hundreds of other websites can enable an attacker to compromise those accounts as well. This can happen when those credentials are exposed (by a data breach or phishing attack)."

Hacking Black Hat GIF

Even on BYC we've seen cases where these hackers / spammers have used login-credentials that they stole (from sites outside of our family of websites) and were able to access accounts here and then started posting spam. Our AMAZING community quickly reported and our PHENOMENAL moderators make quick-work of removing the spam and blocking the accounts / forcing a password reset.

The suggestions on the site mentioned earlier are perfect!

Protect Yourself
  • Maintain a close watch on your accounts and be on the lookout for any unusual activity.
  • If you currently have another account with the same username and password as your PayPal account, you should change them.
  • Enable “2-step verification” in your Account Settings to increase the security of your PayPal account.
  • If you are unsure of the URL or website’s destination, do not click on the link.
Personally, I use 2-factor authentication on EVERY site that I feel like I wouldn't want someone to access... including enabling it here on BYC.

While you may not want to bother with 2-factor authentication here, I STRONGLY suggest you at least do the following (here and everywhere):
  1. Do NOT use the same password on multiple sites
  2. Use passwords that are unique and complex
  3. Change your passwords from time to time
The hackers (and the software / robots they use) are getting better all the time. It's relatively easy to do a few simple things to make it almost impossible for them to get access to your accounts.

Please do your best to help yourself (and others) by following good password best-practices!
 
Last edited:
Simple isn't always the best choice especially when it comes to security on the internet.
Great point!

I have 3 tiers:
  1. For sites I don't care about getting "hacked" and do NOT have any sensitive data, I use a simple method, like: 4 same characters and then the first 6 letters of the domain name.
  2. For mid-tier websites, I'll use Google Chrome's random password generator. From what I've read, of all the password managers, it's one that has NOT been breached and is very secure.
  3. For high-risk sites (bank accounts, etc.) I use a combo of Chrome's random pass generator AND 2-factor authentication.
You'll notice that in ALL the cases above, I NEVER EVER use the same password more than once!!!!
 
Great point!

I have 3 tiers:
  1. For sites I don't care about getting "hacked" and do NOT have any sensitive data, I use a simple method, like: 4 same characters and then the first 6 letters of the domain name.
  2. For mid-tier websites, I'll use Google Chrome's random password generator. From what I've read, of all the password managers, it's one that has NOT been breached and is very secure.
  3. For high-risk sites (bank accounts, etc.) I use a combo of Chrome's random pass generator AND 2-factor authentication.
You'll notice that in ALL the cases above, I NEVER EVER use the same password more than once!!!!
I do this as well. Great post, great reminder. I have gone so far as to make unique, 20 digit randomly generated passwords from device-end sources and 2FA for accounts I particularly did not wish to have stolen. :lol:
 
What Nifty said. I would add that using a password manager like lastpass/keepass/etc... which can integrate with your browser for ease of use is a great way to manage all those pesky passwords so you don't necessarily have to memorize them all. ideally you should have a unique password for each site you use.
 

New posts New threads Active threads

Back
Top Bottom