Let's talk about passwords

[Cyndalie]

I've been half watching the nats debacle unfold and some thoughts about passwords came to mind. Let's play "what if" and "who's to blame"...

What if a major board had a database hack and the usernames, passwords, and email addresses all got leaked. Now, what if you use that same username and password for everything from other boards, to your ebay account, your epassporte account, your bank account, etc. What if because of the information leak someone just guessed to try those user/passes in places other than the point of origin, and they worked, and your shit gets messed up, you lose money, etc.
Who's to blame? The board that got hacked for bad security? The hacker? The person who leaked the information? Or your dumb ass for using the same username and password for everything you do online?

With that in mind, how many username and password variations do you use on a daily basis?

[Mr. Plow]

My Paypal account got hacked, probably because I was a dumb-ass and used the same password for almost everything and then one of the less secure sites got hacked. Ultimately no harm was done, but after the experience I figure that everyone's responsible for themselves, for being careful with their own info. I now have different passwords for everything and change them about once a month (which may be excessive, but I figure better safe than sorry:P)

[Mr. Plow]

Speak of the devil: I just saw online that Too Much Media had a security breach and a ton of email addresses of people who had signed up for adult sites were stolen, apparently for spam purposes. No credit card information stolen, apparently, but it's still pretty scary and could make it harder to sell adult content. Yeesh!
Link

[Panky]

All of my sponsors, I have different user/pass combinations for. My banking info, ePass, PayPal, and the likes, all those login details are completely unique. Nothing important matches anything else. Email and FTP passwords are all different as well. Nothing is stored on my computer or external drives either.

It's our own responsibility. We have no control over the places we enter user/pass combinations, enter credit card details, banking info, use debit cards, and the likes. Both in the offline world and the online world. We can only limit our liability should something happen where security is breached and personal information is accessed. We accept that their is some level of risk when we live in a society catering to convenience as well as when we chose to work online, bank online, and purchase items online. People have to take measures to protect themselves first.

The hackers and the sites and/or companies they hack into aren't free from blame either, but it is as much our fault as theirs if we failed to do our part to minimize the damage first.

[Relentless]

Excellent post.

Also, on the paysite owner side, why don't paysites all allow punctuation in passwords? The vast majority of brute force scripts use letters and numerals only. Adding a semicolon or tilde or exclamation point to your password makes it exponentially harder to crack.... yet many paysites don't allow punctuation in usernames and passwords.

[Platinum Chris]

I believe today, that if something like that were to occur, blame has to be placed both on the users as well as teh databaser owner.

I use different passwords for many different things. Generally on forums, it generally is fairly simple.

When it comes to bank sites, paypal, etc, really, anything to do with money, its very complex.
Basically, I have a string I use, and I code in 2-3 items differently for each site. It keeps it easy for me to remember, and if one of them gets hacked, they can't get into the others.

[Cyndalie]

Let's say Xnations got hacked andyour user/pass here was compromised. I think Xnations liability ends at protecting your account at this site though, not if you use the same user/pass at ebay, paypal, etc and those accounts get compromised too. See what I'm saying?

[Panky]

Quote:

Originally Posted by Cyndalie

Let's say Xnations got hacked andyour user/pass here was compromised. I think Xnations liability ends at protecting your account at this site though, not if you use the same user/pass at ebay, paypal, etc and those accounts get compromised too. See what I'm saying?

Yes. The liability ends at the site that got hacked. It becomes the users fault if they used that same user/pass for other sites and it happened to be discovered and those accounts got accessed as well.

For example, if XNations got hacked and the database became compromised, XNations isn't responsible for if people got their Medium Pimpin' account accessed, their GFY account, or their Netpond account. XNations is only responsible for it's own security, what they can control. They aren't responsible for sites they have no control over. It becomes the users fault for using the same user/pass for multiple accounts.

[Mr. Plow]

That's very true, but I think to a large extent the question of liability is mute. My Paypal account got hacked, probably because another site I signed up for using the same user/pass got hacked. It's pretty easy to check all the major sites as well as logical others as mentioned above (if you're in one adult chat forum, it's a good guess you're in a couple others). After that experience, the lack of help I received afterwards and most of all the fact that I'll probably never know what other site was hacked to begin with, I err on the side of caution and figure I'm on my own for security. Phew, that was a long sentence!