1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice
  3. Greetings Guest, Having Login Issues? Check this thread!
    Dismiss Notice
  4. Hail Guest!,
    Please take a moment to read this post reminding you all of the importance of Account Security.
    Dismiss Notice

Account Security Reminder

Discussion in 'Announcements' started by Nexus, Nov 2, 2017.

  1. Nexus

    Nexus Site Support
    Administrator Moderator Professional Stratics Veteran Wiki Moderator Stratics Legend

    Joined:
    Oct 1, 2006
    Messages:
    6,237
    Likes Received:
    2,910
    There have been some rumors floating around about UO accounts hacked, and at least one person recently has suggested his Stratics Account was taken over by someone else. While there is no evidence that anything malicious has happened to Stratics Server, it seems like common sense to make this post.

    As many of you may know it came out last month that 3 Billion (yes BILLION) Yahoo! email addresses and passwords were obtained when Yahoo!'s servers were breached in 2013. While I doubt the people who preformed this nefarious deed were looking to gain access to your Stratics account, as time goes on this data will propagate across the shadier corners of the internet and become easier to obtain by individuals who may desire to exploit or take advantage or the information. This may have been one of the most memorable and serious breaches of personal data, it however is not an isolated occurrence, Google, Microsoft, Mail.ru, and other email providers have all faced hackings in which smaller quantities of data were taken in the past, and new data breaches are occurring all the time.

    Malware, and virus' are also a major concern. These if so designed may act as keystroke loggers and transmit your data to hackers, there is no excuse in this day for not having decent anti-virus/malware scans occurring on your hardware regularly. Quality free solutions are available for use, and while they may not offer real time protection as most paid versions do, preforming/having daily or weekly scans scheduled for while you are sleeping at least gives you more protection than nothing. Most importantly convince yourself that, "No Operating System is Safe", this includes products from Apple (ask Charlie Miller). various Linux distributions, Android, and other desktop and mobile OS'. Any computer system, regardless of the operating system is only as safe as the person using it.

    So what can you do?
    • Stay aware, news of data breaches such as this always covered by the media.
    • Regularly change your passwords
    • Don't use common passwords.
    • Create Unique Passwords (don't share between accounts/sites)
    • User separate Emails for different accounts
    • Regularly scan your PC for virus' and malware.
    • If at all possible avoid public Wi-Fi
    • Be extremely wary of unsolicited emails
    • Be cautions about links in emails
    • Use anti-virus AND anti-malware tools to check your equipment
    If you suspect your Stratics Account is hacked, please email [email protected] we'll review your information and ask the relevant questions to attempt verify the proper ownership of the account.
     
    Omnicron, Noekie, Taylor and 6 others like this.
  2. petemage

    petemage Slightly Crazed
    Stratics Veteran

    Joined:
    Oct 6, 2013
    Messages:
    1,386
    Likes Received:
    1,147
    Good advice. I like to recommend KeePass Password Safe every once in a while. It's stores all passwords and is even better at generating long and random passwords than those bloody orcs. If you need a password its simply copy&paste from there or you just let the browser remember it.
     
    Noekie likes this.
  3. Vixell

    Vixell Visitor

    Joined:
    Jun 20, 2018
    Messages:
    3
    Likes Received:
    0
    I would like to delete a post I made recently On UO Atlantic Trading. No one has responded and I may do a better post with pictures in a few days....or not. Please tell me how to delete my useless post. Thanks
     
  4. Captn Norrington

    Captn Norrington Stratics Forum Moderator
    Moderator Professional Stratics Veteran Campaign Supporter The Valorian Knights

    Joined:
    Nov 4, 2012
    Messages:
    11,806
    Likes Received:
    11,416
    I deleted it for you. Posters are unable to delete their own posts/threads, a moderator has to do it.
     
  5. Lord Frodo

    Lord Frodo Grand Poobah
    Stratics Veteran Stratics Legend

    Joined:
    May 12, 2008
    Messages:
    7,321
    Likes Received:
    3,373
    How about the most basic common sense rules like do not give your friends your passwords or better yet do not give your girl/boy friend your passwords because when you break up you may be real sorry you did. Here is a good one, even though you have known someone in UO for 20 years does not make them trust worthy enough for your account info.
     
    bettyjo, petemage and DJAd like this.
  6. Blackie

    Blackie Seasoned Veteran

    Joined:
    Sep 30, 2015
    Messages:
    200
    Likes Received:
    175
    There is software out there that specifically looks for computers running KeePass. Don't store passwords on your computer at all is my advice.
     
    Lord Frodo likes this.
  7. petemage

    petemage Slightly Crazed
    Stratics Veteran

    Joined:
    Oct 6, 2013
    Messages:
    1,386
    Likes Received:
    1,147
    And what is your alternative? Noting 20 character long random passwords on a sheet of paper and typing them in by hand multiple times a day? Using the same password for 30+ different sites? Coming up with 30+ different passphrases to remember? Without a certain level of usability you will achieve no good for the average user if you just scaremonger them into impractical solutions.

    The risk of someone stealing your password container (which is also password protected!) is neglectable compared to the risk of someone bruteforcing a weak password on an internet-reachable service.
     
    Lord Frodo likes this.
  8. Blackie

    Blackie Seasoned Veteran

    Joined:
    Sep 30, 2015
    Messages:
    200
    Likes Received:
    175
    My response wasn't personal. No, I don't recommend re-using the same password twice. I don't even re-use the same email and often I'll vary my name on it a bit so if I get spam or unsolicited contact I'll know exactly where it came from, which site or service etc.

    My personal solution is mnemonic modified phrases. No more pass "words", example start with something like "butterducksplayquackly"

    Then apply mnemonic type modifications(rules) specific to you, example:

    - Wherever there is a D we double it because double d is better
    - Remove the U's because it's about me, not you!
    - Start the phrase over again, add the first letter as last
    - Upercase whatever comes after C so it's easier to See!
    - etc whatever is easier, the more of these the more unique your phrase becomes so whatever you can handle

    If butterducksplayquackly is the phrase you choose for your hockey site(ducks fan?) then it would become "btterddcKsplayquacKlyb" with the 4 rules above(go for 5-6+). I've done it for so long that I know my personal rules by heart and using mnemonic phrases helps remember the pre-rule passphrase. Mnemonic stuff works great.

    If you forget a pass, change it but apply the same rules, you can write those down safely at first but you'll memorise them in time, just don't write the phrase, ever. If they are only in your head and exist nowhere else they don't have to be short single things. Good brain exercise too.

    Whatever works, I'm not against your tool. I'm just saying that if it's not posted or printed anywhere on your computer or desk, literally nowhere but in your brain, it's safer. Phrases aren't hard to remember, I find them easier than words because you can put some context into them. Your personal modification rules aren't hard to remember, put them together and you have a strong and unique(to you) pass system.
     
    #8 Blackie, Jul 10, 2018
    Last edited: Jul 10, 2018
  9. petemage

    petemage Slightly Crazed
    Stratics Veteran

    Joined:
    Oct 6, 2013
    Messages:
    1,386
    Likes Received:
    1,147
    No offence man, but that sounds horribly impractical for the average user. A password manager is some practical middle ground: secure passwords and enough usability to not be a PITA.
     
    Caitlyn Snow likes this.
  10. Omnicron

    Omnicron Stratics Legend
    Stratics Veteran Stratics Legend

    Joined:
    Dec 14, 1999
    Messages:
    7,823
    Likes Received:
    130
    Always nice to have a friendly reminder! Thanks man!
     
  11. MalagAste

    MalagAste Belaern d'Zhaunil
    Governor Stratics Veteran Alumni Stratics Legend Campaign Supporter Royal Knight

    Joined:
    Aug 21, 2000
    Messages:
    22,226
    Likes Received:
    8,592
    Norton keeps passwords and such for you... as well there is a program called LastPass which Norton also runs and owns it's also pretty good generates and remembers passwords for you... fills out forms and all sorts of things. Rather handy. I just don't use it for super important stuff like my bank, or for things like my CC or Paypal or any of that which has money involved but for the 999999 websites and forums and such, it's really nice.