To use one of those automated email + password programs that gives you very strong and scrambled details for logging into forums.
http://www.theregister.co.uk/2012/06/26/techradar_data_breach/
:slap:
:sigh:
I don't think strong passwords would help, Ben. The hack was most likely a SQL injection, so they simply got access to the entire user database. The article said that encryption was not an obstacle. The only solution is for forum techs to proof the code against SQL injection. SQL injection can exploit forum search features, not just login boxes.
Quote from: armadillo on Jun 26, 2012, 12:00:44
I don't think strong passwords would help, Ben. The hack was most likely a SQL injection, so they simply got access to the entire user database. The article said that encryption was not an obstacle.
The encryption of those passwords is still a vital obstacle to actually cracking the passwords themselves - crucial if you use the same password in lots of places (in which case it really needs to be a strong password).
Quote from: armadillo on Jun 26, 2012, 12:00:44
I don't think strong passwords would help, Ben. The hack was most likely a SQL injection, so they simply got access to the entire user database. The article said that encryption was not an obstacle. The only solution is for forum techs to proof the code against SQL injection. SQL injection can exploit forum search features, not just login boxes.
Oh, true, I just mean as in site specific and automatically managed. As managing it by head, and having hundreds of different forum logins is a pain...
Quote from: gizmo71 on Jun 26, 2012, 12:16:29
The encryption of those passwords is still a vital obstacle to actually cracking the passwords themselves - crucial if you use the same password in lots of places (in which case it really needs to be a strong password).
Yes, certainly. I do make sure passwords and logins are unique. But that does mean they all have to be written down since I have at least 50 of them. The silliest one I ever had was allocated by a vendor I bought some software from. The password to download from their site was about 500 characters long and contained punctuations, upper and lower case letters and numbers. I doubt anyone could have memorised it :)
500 chars? Usually some of it is the actual login page address, but 500 chars? Or was it a 256bit key? :laugh:
Or use Firefox plugin "password hasher"?
Sorry Ben. I wasn't clear. It was indeed 500 charas but it was the "activation key". You entered it in the activation box within the software to activate your licence! Perhaps their £10 measly software had been pirated one too many times. I forget now even what software it was. All I remember about it was its impossible activation key.