Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[MedO]

We had a case of account hijacking today. No harm was done (the victims only had their profiles edited), but I think it deserves to be talked about to raise some basic security awareness, because this was not a security problem of the forum software.

So, due to the current events, here is an important rule: Don't use the same password for different services. This rule is so important that it's the first one on Google's password security tips, even above using a long or complex password. If you use the same password for everything, it only takes one insecure or malicious service to compromise all your accounts.

In particular, if you are using the same password that you used for Colton's FLS account system anywhere else, best change it. He says he deleted the passwords now, but as the slogan of Uplink goes, "trust is a weakness."

[Teekytots [PC][OG]]

wow what a day

[trog]

Wait what happened?

[Saniblues]

He used the fls account system to get into peoples' accounts via entering passwords and seeing if they'd actually work. He didn't mean to scare anyone, though. He was just messing around. Didn't mean to scare y'all or anything.

Moral of the story is that you should alternate online passwords.

[trog]

err what is fls

[Nukleus]

Colton's game

[trog]

oh

[pandaturds]

 

[billymaze]

Reminds me of my account named "USB" where someone guessed my password and deleted it.

The other moral of this story is don't have a password called "password1"

[Jowly]

Guessed? More like bruteforced.

[billymaze]

Yeah, OK, sure. If that was the case, this account would be gone too.

[Jowly]

I doubt that anybody would go the the trouble of guessing the password for an account possibly hundreds of times just to deal with a certain pasty forum-goer. In that case, it would probably be brute-forced or gotten by some other means. Just go ask the person who did it yourself.

[Lemonade]

I have at least four different passwords for different types of service and sites (not counting the important ones like Steam on which I use combinations of multiple passwords), so I don't really feel concerned. I hope nothing bad happens to those who use a single password.

[Z3r05t4r]

Well, he took care of my account. No harm done, I am not angry. Keeping the avatar for now.

[a/d]

google's password advice is stupid.

taking the time to remember 1337speak jargoned passwords is a waste of valuable brain space: it still takes longer to bruteforce shutyourdickholeandgivemeaccess than it does to bruteforce n1ggl3$n0ggl3, because the assumption is that special characters will be used as long as they are available.

it's much easier to commit a phrase like the first one to memory than a word like the second, the only real issue is if the website has short character limits on passwords, in which case good luck.