Announcement

Collapse
No announcement yet.

PSA - Friendly Reminder About Computer/Internet Security

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

  • PSA - Friendly Reminder About Computer/Internet Security

    I know a lot of the folks around here are pretty diligent about their computer/internet security, but being that we're part of a multiplayer community, having experienced a security mishap in my office this week, and after reading about the recent Teamviewer issues people are experiencing, I thought I'd throw out a general reminder about personal IT security to the community.

    Good security practices include, but are not limited to:
    • Being mindful of your passwords - the longer the better (see Storm's post below), change them often, use a combination of letters and numbers - lowercase and caps, use special characters when allowed, and don't make them from personal info such as birthdates or addresses
    • Don't use the same usernames and passwords on multiple sites (I know this is a hard one to resist)
    • Ensure your firewall is active and set up properly
    • If you use an anti-virus software make sure to keep your database up-to-date
    • Don't click on a link if it is not from a trusted source
    • Treat your IP as a sacred object. It is your identity/location on the internet. Don't give it out to anyone you don't trust.
    • Seriously consider and find out everything you can about a program/app before downloading it off of the internet. (This also goes back to the trusted source bullet)



    Some of these things may not seem like a big deal, and most of the time they are not, but things don't usually become a big deal until you're negatively affected by them. You could get way crazier about internet security, and some may think these helpful tips are already too much to worry about because no one cares about little ole' you on the internet, but remember; that's exactly what the bad guy is hoping you'll think.
    Last edited by -TK-; June 3, 2016, 09:40 PM.
    [img]http://www.msflights.net/pilots/phpvms/lib/signatures/MSF0558.png[/img]

  • #2
    The internet is getting more "dangerous" for the average user each day. There is no doubt in that. Also I would like to add that any website you visit can easily retrieve your IP address if they desire. Keep this in mind!

    Comment


    • #3
      Originally posted by -TK- View Post
      • Being mindful of your passwords - change them often, use a combination of letters and numbers - lowercase and caps, use special characters when allowed, and don't make them from personal info such as birthdates or addresses
      A long password with only lowercase letters is MUCH better than a short password with mixed case, digits and special characters.

      Security is directly proportional to the length of the password. A short password can be broken by brute force tries in a relatively short time, no matter what characters are used. The speed of modern computers means that password guessing programs don't need to narrow down their search space anymore to real words or even stupid lazy passwords; they can try everything.

      Every extra character in a password makes it almost 100 times harder to crack. If your password is less than 20 characters long, think again.

      Gentlemen, size does matter.

      (There are still some websites out there that insist on mixing case, adding digits, or including punctuation marks. And yet these same sites are OK with a ten character password - go figure. I'm sorry, but those websites are misguided and working from old ideas of security online.)

      Comment


      • #4
        What about password managers such as LastPass or Dashlane? This old guy wants to know.
        [COLOR="#008000"]Josh
        CW4 US Army Retired [/COLOR]:)[SIGPIC][/SIGPIC]

        Comment


        • #5
          Originally posted by Josh View Post
          What about password managers such as LastPass or Dashlane? This old guy wants to know.

          • The one I use is not as well known as others but is, to the best of my ability to research, good in the manner in which it encrypts the data.
          • Before selecting one do as much research on the web or talking with those in the know to determine it effectiveness at encrypting the data.
          • Keep the places that the password file is stored at to a minimum. Do not put in on the Cloud or transfer it through unsecure means (such as email).
          • Put a strong password on the data file to minimize the chance that it can b opened by someone who shouldn't open it.
          • If you don't want someone else seeing it, don't store it. Nothing is completely secure. That whole issue with the FBI and Apple last month was the FBI trying to make a legal point. I'm confident that they already had access to the data.

          Comment


          • #6
            Good discussion topic. I was told about the TeamViewer shenanigans just earlier today. In reading up on it, I was apprised of a site (apparently there are many) for checking the possibility that your email account has been compromised:

            HaveIBeenPwned.com

            Enter the email address you'd like to check, and the site will search its records and return a green (good) or red (bad) result with details. The site's records are built by publicly-released lists from known hacks and by listening/watching feeds of public websites where stolen information commonly gets exchanged (interestingly, one of the major sources is pastebin.com -- I've used that before, but never expected it to be a hotbed of hacker activity). If the site finds your email address in its records, it will identify the respective hack that may have involved your credentials (like the LinkedIn hack of 2012/May 2016, or the MySpace hack of 2008).

            I tried it on a few of my 'dummy' email addresses, and sure enough, it found one of mine on a very specific site that I would have used that email address for (Nexus Mods, hacked December 2015). There's no way it could have otherwise known that I used that specific email on that specific service, so I have to believe there's some legitimacy to it.

            If you're not already changing your password with some frequency, a red flag here will surely get you motivated to do so!
            Take the time, a second to soar; for soon after, beckons a second more.

            Comment


            • #7
              What kills me is like today I set a new password for GOG... well over 20 characters, completely randomly generated. I would NEVER be able to repeat it. So great, it's pretty secure. But then I need to log on to my email on my phone and a long random password sucks, so then end up shorter and less complex, and something easier remember. At least all my email accounts use different passwords that aren't reused, but the mobile world makes password security much harder. At least I don't get sucked into buying stuff from the play store since I don't know my password.

              And I refuse to use a password manager on my phone as they are too easily lost or stolen.
              - Michael
              Check out my cockpit build!

              Comment


              • #8
                Originally posted by Waterman981 View Post
                What kills me is like today I set a new password for GOG... well over 20 characters, completely randomly generated. I would NEVER be able to repeat it. So great, it's pretty secure. But then I need to log on to my email on my phone and a long random password sucks, so then end up shorter and less complex, and something easier remember. At least all my email accounts use different passwords that aren't reused, but the mobile world makes password security much harder. At least I don't get sucked into buying stuff from the play store since I don't know my password.

                And I refuse to use a password manager on my phone as they are too easily lost or stolen.
                A long nonsense password made of three or four normal words is easy to remember (as in the xkcd cartoon example). And that was the point of my suggestion. For example, the password for the msflights Twitter account (which I manage) is 34 characters long, makes no sense, yet I can remember it perfectly every time!

                Comment

                Sorry, you are not authorized to view this page
                Who has read this thread:
                Working...
                X