1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Reminder: Change Your Passwords (Now and Often)

Discussion in 'Black Hat SEO' started by s0ap, Jul 14, 2012.

  1. s0ap

    s0ap Executive VIP Jr. VIP Premium Member

    Joined:
    Sep 23, 2008
    Messages:
    230
    Likes Received:
    814
    Occupation:
    :] guess
    Location:
    Congo/DRC
    In light of recent events, I want to take a second to advise all our members to change their passwords. While we should all be doing this frequently anyway, complacency can and does cause us to do things that may otherwise be common sense. I would also recommend changing any shared passwords that you may have used for BHW and other sites/services.

    Here are a few tools if you need help coming up with a new password:
    http://www.pctools.com/guides/password/
    http://keepass.info/

    As we continue to sort out the extent of the damage and the attack vector used, I remind you that due diligence is your responsibility alone. If you receive any email or other correspondence from staff members or administrators that you consider suspect, please bring it to our attention before proceeding. The BHW IRC server is an excellent resource for this as there is almost always two or more staff members online at a given time.
     
    • Thanks Thanks x 12
  2. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    902
    Likes Received:
    484
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    I got a reminder email from BHW, had realised I hadn't changed my pwd for a VERY long time! For any web application that involves user interaction, NEVER forget to add salts to every password a user registers with - and encrypt them using SHA1 or SHA2 encryption. Also for forms make sure forms have some kind of token to help mitigate CSRF and XSS attacks. For any of my work that includes serverside interaction - be it php, ruby or asp, I always make sure this is done before rollout.

    I know that most people would already know this, but just some friendly words of advice to noob web developers :).
     
  3. ezines

    ezines Power Member

    Joined:
    Jan 3, 2011
    Messages:
    712
    Likes Received:
    216
    Occupation:
    Online/Offline
    Location:
    Somewhere On Earth
    I using lastpass for my password management, and it's free.
    Code:
    https://lastpass.com/
     
  4. SnowWar

    SnowWar Power Member

    Joined:
    Mar 3, 2012
    Messages:
    595
    Likes Received:
    48
    Occupation:
    Pure student :p
    Security is a very sesitive matter. If your important information get hacked you will be in great trouble. So follow the advice.
     
  5. bz

    bz Hammerzeit Staff Member Premium Member

    Joined:
    Jun 10, 2010
    Messages:
    519
    Likes Received:
    3,100
    Occupation:
    Fixing everyone elses problems.
    Home Page:
    This can't be said enough: Use different passwords for every account you have, everywhere. Change those passwords at least once every 30 days. Use the most sophisticated passwords the system will allow, including special characters, alternating caps, and spaces where available.

    I personally use keepass, with the browser plugins for automating credential input. I disable the browser storage of logins, and run all portable apps inside a sandbox, stored within a truecrypt container. Using a password manager allows you to use ridiculously complex passwords without having to remember them, and helps prevent you from falling into the habit of using the same credentials for multiple sites. It's also damn handy when it comes to rerolling passwords on a regular basis.
     
    • Thanks Thanks x 5
  6. williamk

    williamk BANNED BANNED

    Joined:
    Oct 29, 2009
    Messages:
    1,030
    Likes Received:
    184
    Thanks for the advice Soap. I usually change them each month. But better safe then sorry guys.
     
  7. redclover

    redclover BANNED BANNED

    Joined:
    May 21, 2012
    Messages:
    465
    Likes Received:
    250
    Good Information bz. I am going to give this a try as well.
    And thank you sOap for the good insight!

    RedClover
     
  8. vagranttrees

    vagranttrees Newbie

    Joined:
    Jul 22, 2012
    Messages:
    12
    Likes Received:
    0
    how secure is lastpass?
     
  9. sh0rn

    sh0rn Newbie

    Joined:
    Dec 13, 2011
    Messages:
    36
    Likes Received:
    6
    I had to format my laptop yesterday because of all the dodgy stuff going around at the moment!
     
  10. black.mamba

    black.mamba Newbie

    Joined:
    Dec 5, 2011
    Messages:
    9
    Likes Received:
    0
    Occupation:
    Logo, WEB & Grapich Designer
    Location:
    @my Laptop
    thank's for information ;)
     
  11. IamBlackhatter

    IamBlackhatter Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 26, 2011
    Messages:
    2,538
    Likes Received:
    1,458
    Gender:
    Male
    Occupation:
    Software Developer
    Location:
    india
    ty for the reminder will do that from now..
     
  12. The Web Designer

    The Web Designer Regular Member

    Joined:
    Jul 22, 2012
    Messages:
    350
    Likes Received:
    320
    Location:
    Borneo
    Very, very useful advice. As for me, I store every password offline in a notebook with encrypted writings. If I have to change them, then I just stroke the old ones. I keep those notebook around my desk but so far no one bothers to look at it (I know because I will notice if someone has touched it). Any time I need to need to come up with a new password, just use creativity with a little bit of paranoia and come up with the most ridiculous password.
     
  13. PepeLePew

    PepeLePew Junior Member

    Joined:
    Aug 19, 2009
    Messages:
    103
    Likes Received:
    11
    Occupation:
    Wizard
    Location:
    Alternate Universe
    Very good point. Will be changing password ASAP.
     
  14. inamon

    inamon Regular Member

    Joined:
    Aug 10, 2010
    Messages:
    238
    Likes Received:
    158
    Occupation:
    Social Media Marketing
    Home Page:
    I already need to maintain a spreadsheet to keep track of my passwords. :p
    nice post.
     
  15. calewells

    calewells Newbie

    Joined:
    Jul 21, 2012
    Messages:
    26
    Likes Received:
    1
    thanks for the heads up
     
  16. SnowWar

    SnowWar Power Member

    Joined:
    Mar 3, 2012
    Messages:
    595
    Likes Received:
    48
    Occupation:
    Pure student :p
    Security is one of the major concerns of todays world. So to be secure you need to change your password very often or you should use any complex password that contains alpha,numeric and symbols.
     
  17. raza01

    raza01 Regular Member

    Joined:
    Aug 5, 2012
    Messages:
    247
    Likes Received:
    25
    thanks
     
  18. markhenry121

    markhenry121 Elite Member

    Joined:
    Oct 14, 2011
    Messages:
    2,148
    Likes Received:
    239
    Thanks for thread this information.
     
  19. karthiglister

    karthiglister Newbie

    Joined:
    Mar 25, 2012
    Messages:
    10
    Likes Received:
    1
    Yes, it is absolutely true and its our response to keep our accounts safe rather than blaming developers.
     
  20. Butazi

    Butazi Newbie

    Joined:
    Mar 10, 2012
    Messages:
    13
    Likes Received:
    0
    Well this explains why I had to enter a new password when I logged on for the first time in a few months.