Protect Your Login Information From Cyber Criminals

[cleverwise]

Hello Community,

How many usernames and passwords do you deal with on a daily, weekly, and yearly basis? I am sure it is quite a few. Life in the modern world means using the Internet and that means interacting with websites, which in turn means lots of accounts. Every site, like this one, wants you to sign up for an account.

Now comes the nightmare of keeping up with and tracking all these logins. So what do you do? Use the same password or a small group of passwords over and over? Have you stopped to think about what happens when that account gets compromised? You have heard of endless amounts of data breaches haven't you? From Twitter to Home Depot to Target to eBay to Adobe.

For best security and protection of your accounts, like online banking, you should use a different password for every account (site) - Ouch! Keeping up with all that information is a lot of work. Luckily, there are ways to make the process painless.

The good news is there is now an easy to follow, step-by-step online video training course offered by me (Jeremy O'Connell). It is available on the Udemy system and it's totally 100% free! That's right. No cost. Zip. Zero. Nadda.

So why don't you do yourself a favor and check it out before YOUR information is stolen in the next multi-million account data breach. And you should tell your friends and family so they can protect themselves too.

(Yes, you'll need to signup for a Udemy account)

https://www.udemy.com/not-another-password/

If you want to leave feedback on either this forum or even on Udemy's, which would be very helpful, I would appreciate it. Again this is totally free and with all the data breaches going on you really should protect yourself!

[Flocke]

sounds like a great video course
hope you don't mind I've just read your description and checked the topics and didn't set up an account - yeah call me lame I'd have to imagine just another password...

in my view there are the following main causes for password breaches:

• the always no1: dumb passwords that can be easily looked up in any password dictionary say common words or combinations, sentences, names, etc
  the big problem here is that even when a site locks after some failed attempts, many only locks for a little time and bound to your ip, but for a bot net nowerdays it's easy to switch ip, mac or any other system info that might be blocked and they try to hack any number of accounts and attempt as often they want and there's not just one bot net in the web
  if an account would get locked completely for any access every time some bot tries to pass through, it might happen well you're soon completely locked out of any important account. we don't know how many attacks there are, the companies won't tell us and we feel safe and even if it was hacked we might never get to know unless we get harmed
  so always make it a strong password when it shall be any worth
• wrong trust and naivity specially regarding phishing mails but also on any other connection or contact
  it often looks so official you can't distinguish anymore if it's real and even on your trustful friends you never know how well protected they keep it
  so be cautious with your trust.
  I myself got a paypal phishing mail just yesterday and it looked official with correct mail and all, just the web address for login was wrong
  but even web addresses sometimes look pretty official so never ever trust your mails and specially never click a link
  don't forget often enough browsers, flash and other plugins have known critical security holes not yet fixed
  if you click it anyway expect a virus to get installed automatically, not that it's probable but it's not so improbable either
  and don't feel so safe by your virus protection. no matter what you pay for it, they can't protect from viruses that abuse not yet known holes
  it's great to have a good virus protection, specially great when you also disable scripts and adds on sites by default
  but it's even much better to additionally act with mind and not just visit any site and download any file or open attachments cause it's there
• outdated mobile devices with no protecture
  yeah any outdated software is a possible security risk but the mobile devices nowerdays are specially worse cause often enough they never get updated and already come far outdated on the market
  that sadly is a special problem to all the android devices
  when you have such a mobile device, at least check to install some security suite
• unencrypted insecure connections or locations that get observed, specially the wifi connections but also mobile or network connections
  hard to imagine how many insecure connections there still are...
• companies or systems get hacked and user data with passwords stolen. as we all should have learned by now, no site is completely safe from this, it might even happen with intent by a staff member and even with passwords hashed and encrypted when the algorithm is known a simple password dictionary and some try and error is enough to break it - yeah this also counts for afc just as for any other site
  bad enough but even worse when you reuse passwords on important sites like online banking so don't do it, just don't do it!
  funnily enough I recently read an article on how many companies still give full ftp access to the web in hope noone would guess thier ip

[cleverwise]

Nice write up Flocke.

I agree with your points. The course teaches people how to use proper password managers like LastPass and/or KeePass so one only has to remember a single password and can easily manage hundreds of accounts with different passwords. Both software allow for logging into a service without having type anything which defeats keyloggers too.

[Flocke]

password managers are really helpful yes but once your main password is breached all your passwords are compromised and having a central password means I'd type it far more often or it's saved on the disk
and the more often a software is used the more likely it is worms, viruses and key loggers adapt
for myself I'm not so trustful on these password managers but that's everyone's own estimate
it's always a tradeoff

[cleverwise]

Well a good password manager will encrypt your data and I agree nothing is 100% safe. However storing passwords in a word processing document or spreadsheet is never a good idea. LastPass and KeePass have been well vetted by many IT security experts and used by many IT security professionals too. They are about the safest way to protect your data. You can always keep changing your password to them which redoes your encryption key too.

[Flocke]

of course it's safed encrypted but these password managers wouldn't work if they keep it so on use
plus the lazy user tends to save it's password, again encrypted, but again decrypted on use else it wouldn't work
still I agree a password manager usually is better than to safe it in plain text somewhere on the disk, specially when named my_passwords.txt, at least until it got so common viruses adapt to specifically search for password managers
in the end, you always will have to do some tradeoff on security, and it's better to be aware of

[KrazeeXXL]

friggin passwords. I've got over 250 lying around here. All over 15 chars and different of course. Such a pita nowadays. I thought about using a password container but gave up this thought again about storing passwords on my PC although the container would be encrypted.

I guess all of you know this little site by now:

https://howsecureismypassword.net/


But let me tell you this. If anyone wants to crack your passwords and got the ressources. They get it done anyway. So the best way to avoid this would be to look too boring and unimportant imo ^^

I like that you give a course about this, cleverwise. From my opinion, talking to (normal) people about password protection is like talking against a wall. Most of them just don't give a damn. Sure, it's tedious to store xy different passwords from xyz accounts/sites/whatever. But I see it as a good game of memory: where have I written up this account's password? Since it takes a couple of minutes to find it sometimes. ^^

[cleverwise]

That site is in my course.

Yeah I made the course to help train people on how to improve their password's security. What is great about the managers I talk about (LastPass and KeePass) is you can have nice long passwords like 32 characters+, assuming a site supports such a length, and the program will type it in for you. This defeats keyloggers and you can log in with someone watching you because you don't type in the password. All this is stored with AES 256-bit encryption.

Foolproof? No as nothing is unbreakable but AES has so far stood the test of time assuming the encryption key is long enough. However writing passwords down or storing them in a word processing document isn't secure at all. Plus if an account is stolen in a multi-million information data breach changing it for one site is no big deal.

So the course serves as a way to train people although not every one will do it or care and that is up to them. Some people still leave their keys in their car when they park it. So be it.

[KrazeeXXL]

Privacy and Security are big topics over here. Call me old fashioned. But I'm writing the pws down here in a little book on some pages. You americans would have to send one of your agents over here to break into my apartment to get the information, though ^^

If I'd live together with another person, I'd change this behaviour and use a container for sure.

Multi-million dollar corporations have other standards of course. But the problem here is that even people who should really know better are getting more and more lax with security all the time.

The other thing is that in really important cases (and I don't talk about easily traceable ad-ware-junk) you won't even notice that you've been compromised. It can take months or in some extreme cases even years until some loopholes are found let alone closed.

We get more and more cases were Siemens Software for power plants is attacked nowadays. It's just a couple of cases we know of from the media, though.

When I find the time, I'm going to watch your vid.

*whoa 9 hours. You surely have something to say about this topic

[cleverwise]

I did make a pretty detailed course on using the software solutions.