Security

[Charlie G]

I've had a couple hits of people trying to access my accounts lately.
Both IPs (one Russian, one Chinese) have been logged spamming forums.
Anyone else see something similar? Trying to track down where they got my email address.

 

[cleverwise]

The NSA.

 

[samwichse]

My public facing SSH server gets 20-30k login attempts/day, mostly from Russian and South American IPs. It's the internet, just make sure you have a strong password .

 

[cleverwise]

Not sure what SSH has to do with his forum account but I agree a lot of bots attempt brute force attacks on all kinds of services. That is why I have a static IP for my Internet service so I can whitelist it on firewalls and lock down all kinds of things.

 

[2.ooohhh]

My public facing SSH server gets 20-30k login attempts/day, mostly from Russian and South American IPs. It's the internet, just make sure you have a strong password .

^this I've switched up to very long but very secure passwords and 2 factor auth.(where available) on all my accounts a few years back. Can't recommend a password manager such as Lastpass or the like enough, they make stout security much less cumbersome.

Be aware of the quality of your passwords using Steve Gibson's free tool.
https://www.grc.com/haystack.htm

 

[Charlie G]

I use KeePass and have secure passwords for anything important, I was just trying to see if anyone else on this forum had similar attempts made as this was relatively out of the blue and elioowners.com is the latest thing I could remember registering for.

 

[cleverwise]

^this I've switched up to very long but very secure passwords and 2 factor auth.(where available) on all my accounts a few years back. Can't recommend a password manager such as Lastpass or the like enough, they make stout security much less cumbersome.

Be aware of the quality of your passwords using Steve Gibson's free tool.
https://www.grc.com/haystack.htm

I agree on two factor auth. I wish more services used some two factor method but sadly few offer such a choice. Password managers do help with having to remember long passwords that are more secure. Well really you want a mixture of upper and lower alphas, numbers, and symbols. The longer the better.

The disadvantage of LastPass is it can and has been hacked before. What we need is a service like Tux backup for passwords where the service doesn't know your decryption key because every user generates their own. This, however, is more complex to support because it requires more knowledge from the client and thus many companies want the easier less customer service method. I personally am not a fan of storing passwords in the cloud (Internet) but I understand its appeal.

 

[Charlie G]

I agree on two factor auth. I wish more services used some two factor method but sadly few offer such a choice. Password managers do help with having to remember long passwords that are more secure. Well really you want a mixture of upper and lower alphas, numbers, and symbols. The longer the better.

The disadvantage of LastPass is it can and has been hacked before. What we need is a service like Tux backup for passwords where the service doesn't know your decryption key because every user generates their own. This, however, is more complex to support because it requires more knowledge from the client and thus many companies want the easier less customer service method. I personally am not a fan of storing passwords in the cloud (Internet) but I understand its appeal.

Keepass stores passwords in a database file which is encrypted with a 'master' key set by the user upon creation.
I store this encrypted file in Dropbox (which is also encrypted) so that I can view and sync my passwords on multiple devices.

 

[cleverwise]

Keepass stores passwords in a database file which is encrypted with a 'master' key set by the user upon creation.
I store this encrypted file in Dropbox (which is also encrypted) so that I can view and sync my passwords on multiple devices.

Yeah several local password storage systems do, but I have yet to see any cloud solutions that have that ability. I personally prefer Keepass over Lastpass, although you lose the ability to easily login with multiple devices. Security is often a trade off between convenience and safety.

 

[2.ooohhh]

I agree on two factor auth. I wish more services used some two factor method but sadly few offer such a choice. Password managers do help with having to remember long passwords that are more secure. Well really you want a mixture of upper and lower alphas, numbers, and symbols. The longer the better.

The disadvantage of LastPass is it can and has been hacked before. What we need is a service like Tux backup for passwords where the service doesn't know your decryption key because every user generates their own. This, however, is more complex to support because it requires more knowledge from the client and thus many companies want the easier less customer service method. I personally am not a fan of storing passwords in the cloud (Internet) but I understand its appeal.

Lastpass is no less secure than a Keepass DB stored via dropbox. Properly implemented with 2 factor auth both are only a very small step down from a locally stored Keepass DB. Keepass on a usb key is great IF you have the ability to mount USB drives on all the machines you log in on.(I unfortunately don't always have that luxury with my work environment)

Lastpass also only stores an encrypted DB of the users passwords that is encrypted/decrypted client side upon login/logout. They never have the decryption key, nor is it transmitted to them so they can't leak it.