2014-05-13, 14:52 | Link #183 | |
He Without a Title
Join Date: Feb 2008
Location: The land of tempura
|
Quote:
LastPass/1Password are cloud services/applications that store an encrypted list of passwords. You unlock that list with a master password and the service part keeps the store synchronized between devices. The service providers themselves shouldn't really have access to your keys or the master key that unlocks them so it's far safer than even using your browsers saved password features (that, on most systems and by default, stores the passwords in clear text on the hard drive).
__________________
|
|
2014-05-13, 14:58 | Link #184 | |
Where are the good animes
Join Date: Dec 2003
|
Quote:
|
|
2014-05-13, 15:00 | Link #185 | |
ゴリゴリ!
Graphic Designer
Join Date: Jan 2009
Location: Vancouver, British Columbia
Age: 32
|
Quote:
If you're comfortable with it, keeping a piece of paper with the passwords is undoubtedly the safest way. For me, I personally have a workspace that would eat up a single piece of paper like that between personal notes, tax forms, business letters, prints, not to mention the myriad of electronics equipment stuffing up my remaining space. Even with constant cleaning and organization, it's not a place I can keep one important thing like that; I'll lose it eventually and that'll be it. You could try and counter that by keeping them also documented in a mobile phone or a document on your hard drive, but I'd trust that less than LastPass myself.
__________________
|
|
2014-05-13, 15:05 | Link #186 |
Junior Member
Join Date: Oct 2011
|
I'm not trying to scare people but it's a good idea to check with your bank that everything is okay with your bank accounts. My bank "luckily" blocked my card 8/5 because of other people trying to use my card and I did not put any other information here other than my e-mail. I can't be 100% sure that this is the cause but chances are that it is.
The sad part is that I don't remember which password I used on this site - so it's impossible for me to know which I need to change. |
2014-05-13, 15:06 | Link #187 | |
失礼、噛みました
Join Date: Jul 2013
|
Quote:
Moral of the story: Learn to create passwords.
__________________
|
|
2014-05-13, 15:11 | Link #188 | |
He Without a Title
Join Date: Feb 2008
Location: The land of tempura
|
Quote:
Keepass is a little different from Lastpass and 1Password in that it's not a service but an open source application. Basically it stores your passwords in an encrypted binary that you can then sync in the best way you see fit (I personally use Dropbox to sync it but you could use something like BTSync to avoid any servers at all). The downside to Keepass is that the latest version (and safest) is written in .NET (Mono) so that makes it a bit harder to run in something other than windows. However there are open source clients for other devices. MacPass for OS-X, Keepassdroid and Keepass2Android for Android, 7Pass for Windows Phone and KeeFox to integrate into Firefox. These are just the ones I've personally used but I'm sure there are others out there. Of course LastPass is an awful lot easier to setup and maintain and they still encrypt everything in your machine and NOT their servers so there's less risk of having a compromised server leaking your passwords.
__________________
|
|
2014-05-13, 15:12 | Link #189 | |
Member
Join Date: Nov 2008
Location: Mexico City
|
Quote:
Even so, a piece of paper seems a lot less secure to me, I mean, c'mon, unless you write in your own personal invented code, anybody can read it. |
|
2014-05-13, 15:31 | Link #191 | |
ゴリゴリ!
Graphic Designer
Join Date: Jan 2009
Location: Vancouver, British Columbia
Age: 32
|
Quote:
P.S. "Laziness" is no longer an appropriately usable term in today's technological workflow. We have the ability to complete basic tasks much more efficiently and effectively, so we take on more as a result. We simply don't have the time to burn doing everything manually when a computer can achieve similar results for you in a fraction of the time. It's not being lazy, it's being efficient and saving the time for other tasks.
__________________
|
|
2014-05-13, 15:37 | Link #193 |
Junior Member
Join Date: Oct 2013
Location: Austria
|
I am more of a forum reader, than an active poster.
Received your warning mail, so I visited the forum to learn more about the topic. You know what. I despise these criminals that hack websites/forums/... to gain access to the user database and steal information. my important accounts (mail/...) have other passwords. That is exactly why we cannot have nice things.
__________________
|
2014-05-13, 15:39 | Link #194 | |
I disagree with you all.
Join Date: Dec 2005
|
Quote:
- If your "shitass long passwords" are existing words with common l33t alterations... well, if everyone starts adopting that strategy, "not-so-brute force" approaches will start taking that into account, and you'll realize the strength for that isn't that big. (Fortunately, many people still use "password".) I mean, how many words does the average user knows? A few thousands in English, maybe a few thousands more in another language. |
|
2014-05-13, 15:47 | Link #195 |
Unspecified
Scanlator
Join Date: May 2010
Location: Unspecified
|
Well we certain appreciated staff effort of dealing this. But it clearly the entire animesuki staff is heavily understaffed.
I mean both GHD and nightwish is hardly regular right now and other stuff this day is busy with irl stuff. This mean this forum is lacking staff to watch the technical side of the forum regularly. So how do you guys deal with this. Hire more staff or promote some mod into staff? Note I am not talking about mod as I think we have enough of that for now.
__________________
|
2014-05-13, 15:49 | Link #196 |
Member
Join Date: Dec 2009
Location: Suburb of Athens - Greece
|
Great just fucking great....The last time i was in this forum it was almost 2 years ago or maybe more and now i find out that this place has been hacked and my password and personal info are in the hands of hackers (who in the right mind would hack a anime fan forum is beyond me) fortunately my other accounts around the net have different passwords and my email password is different too
__________________
|
2014-05-13, 15:49 | Link #197 | |
Senior Member
Join Date: Feb 2009
|
Quote:
Stronger hashes for storing passwords still are not standard, hence the poor availability of it for popular forum software like this one. Yes MD5 is largely useless these days, but it's still the basic default protection. Https by default isn't standard either hence why even popular sites like MyAnimeList, or Gamefaqs don't have it enabled by default. https would likely have been meaningless in this case anyways, as the dormant mod account was more likely compromised by older incidents such as MyAnimeList being hacked several months back. At no point does the hack seem to have relied on traffic between you and the site being sniffed, which is what https primarily protects against. Having a signed certificate would have been meaningless as the certificate would have still been saying everything is fine. The bottom line is that only one flaw responsible for this incident is easy to fix, that of leaving inactive accounts with elevated privileges. Everything else requires investigating and evaluating options for forum software, such as whether more secure upgrades are available, whether those upgrades can be used without sacrificing existing functionality, whether it's worth sacrificing existing functionality for greater security, whether alternative forum software is required to improve security, whether the alternatives provide comparable functionality and the existing content converted and imported. That's not something that happens in a day. Furthermore, it should be mentioned that better hashing algorithms being used would not automatically make your password safe. The problem is that the website was compromised, and the password database stolen. Which greatly increases the ease at which it can be attacked, and weak passwords are weak passwords regardless of the hashing method used. If you want a better understanding of the issue of cracking password, I recommend you read this article. |
|
2014-05-13, 16:05 | Link #199 |
Junior Member
Join Date: Jun 2008
|
Users are responsible for creating safe passwords different from accounts they create elsewhere, but this is really disappointing to hear.
When websites and servers are compromised so often today, and internet security is such a hot topic and has been for a while now, I would expect AnimeSuki to keep their security measures more up to date. Obviously you guys have been around for a while and are still active for a reason, so I hope there are new plans in place to prevent this from happening again. Even if you don't update security every other patch, there should at least be some sort of bi-annual update. MD5 is far too archaic and there are people who run this site that are well aware of that fact. Although, very thankful for updating the users so well! |
2014-05-13, 16:06 | Link #200 |
Senior Member
Join Date: Nov 2013
Age: 29
|
Well, damn!! I use the same password almost everywhere, good that I already change it.
The hacker can also mess with the computer itself, I mean with a virus or something like that because my laptop started to lock sometimes but, I don't know if is because of this or something else.
__________________
|
Thread Tools | |
|
|