1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Always change your passwords when you see this.

Discussion in 'BlackHat Lounge' started by bmminc, Jun 19, 2015.

  1. bmminc

    bmminc Regular Member

    Joined:
    Nov 29, 2014
    Messages:
    391
    Likes Received:
    287
    It really makes me cringe when I see this..for a number of reasons.

    Have you ever registered for a site, and you get that nice confirmation e-mail...only to be nice they include your username...and PASSWORD in the email?

    If they can display your password like that, then there is a good chance it was never encrypted. This also means the owner of that site has free access to all the juicy e-mails and passwords they want.

    Plus, if your e-mail ever gets compromised, they have access to that e-mail, and other e-mails with different variants of your passwords.


    Keypoint: If you get an e-mail from a website that contains your password written out, never use that password again for anything else.
     
    • Thanks Thanks x 9
  2. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,642
    Likes Received:
    11,355
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    Or one can get out of the digital stone age and use a password manager with auto-generated passwords as a matter of process intead. ;)
     
    • Thanks Thanks x 1
  3. HelloInsomnia

    HelloInsomnia Jr. Executive VIP Jr. VIP

    Joined:
    Mar 1, 2009
    Messages:
    1,828
    Likes Received:
    2,939
    As jazzc said use a password manager. This way you can use different passwords for every website.

    I use keepass.info

    Backup the database (which is encrypted) to Dropbox.

    I know my dropbox password. It is a very long phrase (see video below)

    I can access my passwords from anywhere by first getting access to my dropbox (long phrase #1) then opening keepass (long phrase #2).

     
    • Thanks Thanks x 4
    Last edited by a moderator: May 18, 2016
  4. WizGizmo

    WizGizmo Super Moderator Staff Member Moderator Jr. VIP Premium Member

    Joined:
    Mar 28, 2008
    Messages:
    4,186
    Likes Received:
    55,951
    Agreed . . . I have been using Roboform for the last seven years.

    Couldn't live without it. :)
     
    • Thanks Thanks x 1
  5. bmminc

    bmminc Regular Member

    Joined:
    Nov 29, 2014
    Messages:
    391
    Likes Received:
    287
    That is a good idea :)

    I was talking more about personal stuff that you have to login to daily or from your phone. Random message boards and things. If you can swing a password manager then that is best :D
     
  6. johnsampson

    johnsampson Newbie

    Joined:
    Jun 19, 2015
    Messages:
    20
    Likes Received:
    1
    Good tip. I only learned how bad of a way that is to run a site when I was learning Rails last year and went through implementing authorization.
     
  7. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,502
    Likes Received:
    8,427
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    i don't use any magic tricks with pws, no tools, no nothing, only keyscrambler
    i use maybe 5 different passwords, which are shorter or longer variations of each other with upper case, lower case, numbers, special characters, plus a few really strong passwords for email accs and such
    worst case scenario, i need to type in 5 passwords until i finally guess the good one, but most sites let you to try 10 different pws before they lock you out (not BHW though lol), i'm not sure if any of the pw tools would be more secure than your head :)
     
    • Thanks Thanks x 1
  8. ddlmachine

    ddlmachine Junior Member

    Joined:
    Dec 2, 2010
    Messages:
    109
    Likes Received:
    42
    Gender:
    Male
  9. HelloInsomnia

    HelloInsomnia Jr. Executive VIP Jr. VIP

    Joined:
    Mar 1, 2009
    Messages:
    1,828
    Likes Received:
    2,939
    Keepass has been ported to just about everything so you can also use it on your phone: http://keepass.info/download.html
     
    • Thanks Thanks x 1
  10. Not Ste Hughes

    Not Ste Hughes BANNED BANNED

    Joined:
    Jun 11, 2015
    Messages:
    243
    Likes Received:
    581
    Any good website will not let you type in your password, lets test it:

    *******************

    EDIT: BHW has it on lock down, good job boys.
     
    • Thanks Thanks x 2
  11. HelloInsomnia

    HelloInsomnia Jr. Executive VIP Jr. VIP

    Joined:
    Mar 1, 2009
    Messages:
    1,828
    Likes Received:
    2,939
    hunter2
    doesnt look like stars to me
     
  12. netmoney1

    netmoney1 Executive VIP Jr. VIP

    Joined:
    Feb 21, 2012
    Messages:
    3,617
    Likes Received:
    11,013
    16inchHammer69er$!

    Edit: Hey, doesn't work for me...
     
  13. t0mmy

    t0mmy Executive VIP Jr. VIP

    Joined:
    Jun 5, 2011
    Messages:
    6,726
    Likes Received:
    14,424
    Gender:
    Male
    Location:
    Spain
    Home Page:
    Oh fuck yes! I know you're Not Ste Hughes.. but seeing Ste Hughes makes me really happy.. if you know him tell him HAI
     
  14. T0NYS

    T0NYS Supreme Member

    Joined:
    Jun 21, 2014
    Messages:
    1,341
    Likes Received:
    1,033
    Gender:
    Male
    Location:
    #Alb-IT
    lmao , honestly I am one of those who sets an unique pass for each site and never faces a problem with that ( well maybe sometime I can try 2-3 times but heck I will manage to login :D ) as about pass managers I would never trust any of those pieces of software //
     
  15. Not Ste Hughes

    Not Ste Hughes BANNED BANNED

    Joined:
    Jun 11, 2015
    Messages:
    243
    Likes Received:
    581

    I don't know who he is.
     
    • Thanks Thanks x 1
  16. techn1k

    techn1k Junior Member

    Joined:
    Mar 4, 2013
    Messages:
    116
    Likes Received:
    33
    It makes me cringe as well and literally curse the website when I see such things... Sending passes through email should be illegal.
     
  17. BlacKOcean

    BlacKOcean Newbie

    Joined:
    Mar 14, 2015
    Messages:
    32
    Likes Received:
    15
    I never use my email password for as a password for any other sites. I use different passwords for my important stuff (Paypal, Ebay, Facebook, etc.). For other sites, I use the same password.
     
  18. Aluminium

    Aluminium Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 5, 2013
    Messages:
    1,774
    Likes Received:
    935
    Gender:
    Male
    Occupation:
    High-Quality Content Provider
    Location:
    Canada
    Home Page:
    My passwords are always kind of similar, but when it's stuff that I actually care about (BHW, online banking) I just have one randomly generated every month or so.

    I have a little .txt file where I keep them.. Maybe it's time to upgrade in that aspect lol.
     
    • Thanks Thanks x 1
  19. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,502
    Likes Received:
    8,427
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    but you are sure about that you aren't him, just to see clear

    >honeybird is busy hacking into Aluminium's machine, searching for passwords.txt lol
     
  20. MakavelliD

    MakavelliD Regular Member

    Joined:
    Dec 4, 2014
    Messages:
    204
    Likes Received:
    35
    That's an interesting point....