FORUM NOTICE Password Warning -- Guys, Get Smart, Use Unique Passwords Here

[Forum Boss]

In the last two weeks, two active member accounts were hacked by scammers. As best we can determine, Forum passwords were stolen from hacked cellphones (both on AT&T). One guy was using a third party iPhone password manager. The other guy was using a very common word as a password -- the name of his truck brand.

Folks, that's nuts. You have to be careful.
We saw another example today. A new user whose password was simply the name of the town where he lived.
That's asking for trouble. In 2022 you need a unique, complex password.

I would like to see users update their passwords.
Make them complex, at least 10 characters. Something such as !Kn6zod@H27#

IMPORTANT: NEVER, EVER use the same password on multiple Forums.
Repeat -- never use the same password on multiple Forums.

Do NOT put your passwords in general files that can be accessed on your cellphones.
Be aware that when using cellphones in restaurants and public places you may be monitored.

Two-Step Verification -- I recommend that all members who buy and sell in the classifieds, use the Two-Step Verification. This is a bit of an inconvenience, but it is very effective in preventing hackers from getting into your account.

 

[Forum Boss]

Oh, and I must remind people.

Before you change your password, get a pen and paper. Write down the new password a couple times.

These complex passwords are hard to remember. That's why writing down the password is essential.

 

[Kittitas George]

Oh, and I must remind people.

Before you change your password, get a pen and paper. Write down the new password a couple times.

These complex passwords are hard to remember. That's why writing down the password is essential.

I use a small 'address book' for my pass words. Each site in alphabetical order, pass word and date and room for change.

 

[Forum Boss]

In most of the situations where a password has been stolen, we've seen that the password has been unchanged for YEARs, and has been used on other gun Forums.

If your password for this Forum is that same that you are using on 24 Hour Campfire, LRH, Sniper's Hide, change it today.

If you share a common password, the breach of any other site becomes a breach of multiple sites.

The same goes for Social media sites -- don't use a Password you are using for Facebook or Twitter.

 

[Bocephus]

Thanks for the reminder Boss. Easy to get slack and careless.
Sometimes those paper notes have a way of wandering off. I just did a “screenshot” of my changes. Maybe I can retrieve it...

 

[MikeT124]

I don't know about other browsers but Firefox has a password generator and also saves the password in an accessible file and has a menu option to allow you to access and change any password as you please. I honestly don't know if the smart phone Firefox app does this also as I only use my phone to make phone calls and use my computer to do this kind of stuff. BTW: the passwords that Firefox generates are complex and each one is individual, but you can copy and print the file so that you have a record of your passwords.

Mike

 

[Forum Boss]

The problem with browser storage of passwords, is that if your machine or tablet or phone is hacked, those passwords can be grabbed in bulk.

I think the key thing is to change passwords regularly, use complex passwords, and never share passwords on different sites.

Here is a chart from Hive Systems that show how hard a password is to generate.

Based on this chart, a 12-character password such as !Kn6zod@H27# would take 3000 years to find via "brute force" attack using current technology..

 

[mac86951]

Whaaaa?!? Thanks Boss; now I've got to change my password! 12345 it is!

 

[joshb]

Thanks Boss. I just changed mine. Thanks for the chart! I’m good for 12000 years!

 

[karrarararararar]

Whaaaa?!? Thanks Boss; now I've got to change my password! 12345 it is!

That's amazing, that's the same combination I have on my luggage!

 

[Forum Boss]

One thing to keep in mind about that chart. That assumes the hackers are starting from random letters and numbers. But let’s say you use your first name, or street name followed by number. That would be a lot easier to hack. Example: Robert1962##.

That is 12 characters but it would be very easy to hack if that is someone’s first name or middle name or brother’s name and if the year pertained to a graduation or birthdate.

Use random characters and have no connection to any personal information that might be in a database.

 

[Forum Boss]

I also want to really hammer the point home — members need to protect themselves.

I am now spending up to two hours a day, every day of the month, just on security background checks, warning threads like this, scam busting, and security communications.

That translates to potentially 700+ manhours a year, with no direct compensation.

That is not sustainable. It’s the equivalent of 17.5 forty-hour weeks — that’s 33% of a full year of forty-hour weeks. All without pay.

 

[gambleone]

Just changed mine.

 

[Franko]

Here are a few easy ways to protect yourself:

1. Use MFA (two factor authentication) on your sensitive stuff like banking
2. Use different passwords for every website - the most common way people get compromised is they use the same password across a whole mess of websites and one gets compromised and then the attackers can use the userid and password to break into every other account that person has
3. Longer is stronger. Something like G5509%Arli isn't bad but it's hard to remember. Something like AccurateShooteristhebest1! is much much stronger and easier to remember.
4. Patch your devices, don't ignore that little reminder to update your phone or device
5. Encrypt your devices and protect them with a good password. Loosing or having a weakly protected device stolen means you have to rearrange your entire digital life. It's a huge pain.

 

[memilanuk]

2FA or MFA is always good... but a simple (and secure) way of password manager that works across platforms (PC, Mac, Android, iOS, and most common web browsers) is Bitwarden.

It takes care of generating complex passwords, usernames, etc. Yes, Firefox and Chrome (and I presume Edge and Safari do as well) offer this... but Bitwarden is truly *cross platform*. Use Firefox on your phone? It just works. Use Chrome on your Chromebook, or Safari on you iPad? It just works... Absolutely zero excuse for weak passwords once you start using something like this. And for the truly paranoid out there, you can self-host an instance if you're tech-saavy enough. All you have to remember is one reasonably complex password - and that opens up your stored logins. I use a modified version of an old address, with the obligatory caps, numbers, special symbols, etc. added in. Super simple for *me* to remember, functionally impossible for anyone to guess without throwing a fair bit of computer time at it.