![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Password stolen..
Sep. 28th, 2012 08:44 amI've been using the same password on my yahoo email account for about 14 years. And as far as secure passwords.. it's a pretty secure one.. Up until Monday morning. The password was stolen. And I knew about it within 5 minutes, because a friend logged in and sent me a message. His message was.. "I just got spam email from you at my work email account. change your password."
I logged into yahoo email servers and it took me to a page that said. "we have noticed some unusual activity on your account. Please consider changing your password. " Below that message, it showed me a list of places I logged in from. Sure enough.. about the 2nd or third entry was flagged as unusual. The login came from Mexico. Clearly, that is unusual since I logged in from Ohio only an hour before, and I didn't have any time to travel there!
The hacker, or other person.. used my password, logged into my yahoo account and sent a spam email to my entire contact list.
After changing my yahoo password, I pondered what to do. I read an article recently about how easy it is for hacker/crackers to get passwords.(here).
There's the possibility of using a program like lastpass, which stores all of your passwords and can generate 'secure passwords' for you. Until that system potentially gets hacked and the computer hacker via your master password gets all of your passwords, not just one.
The purpose of a password is to help the owners of the servers/systems (facebook, yahoo, google) identify who you are so they can present the information you need back to you. We are entrusting the IT people to securely safeguard our passwords. We don't know how they do it, we don't know if the site is using a salted password or not, we don't control if they are using inferior encryption methods to store our passwords. Basically some sites might not be as secure as others..
What I decided to do after changing my password... was to enable 2 factor authentication on sites where that was available (yahoo, facebook and google). Basically, I sign in with my password, and then the system sends a text message to my phone with a code that I have to enter into the system. Here's Google's explanation of how 2 factor authentication works.
Not all websites I use have this functionality.. Dreamwidth/Livejournal don't. Dreamwidth has a suggestion box ( (dw-suggestions.dreamwidth.org/1383224.html ) that I put my idea in as a suggestion.
To me, the information I store on livejournal or dreamwidth is personal.. more personal than what I might post to facebook or twitter. As such, I would hope that sites like livejournal or dreamwidth would provide options to ensure that it's actually me accessing my journal.. and not some hacker who's some how managed to crack/hack/obtain my password.
I logged into yahoo email servers and it took me to a page that said. "we have noticed some unusual activity on your account. Please consider changing your password. " Below that message, it showed me a list of places I logged in from. Sure enough.. about the 2nd or third entry was flagged as unusual. The login came from Mexico. Clearly, that is unusual since I logged in from Ohio only an hour before, and I didn't have any time to travel there!
The hacker, or other person.. used my password, logged into my yahoo account and sent a spam email to my entire contact list.
After changing my yahoo password, I pondered what to do. I read an article recently about how easy it is for hacker/crackers to get passwords.(here).
There's the possibility of using a program like lastpass, which stores all of your passwords and can generate 'secure passwords' for you. Until that system potentially gets hacked and the computer hacker via your master password gets all of your passwords, not just one.
The purpose of a password is to help the owners of the servers/systems (facebook, yahoo, google) identify who you are so they can present the information you need back to you. We are entrusting the IT people to securely safeguard our passwords. We don't know how they do it, we don't know if the site is using a salted password or not, we don't control if they are using inferior encryption methods to store our passwords. Basically some sites might not be as secure as others..
What I decided to do after changing my password... was to enable 2 factor authentication on sites where that was available (yahoo, facebook and google). Basically, I sign in with my password, and then the system sends a text message to my phone with a code that I have to enter into the system. Here's Google's explanation of how 2 factor authentication works.
Not all websites I use have this functionality.. Dreamwidth/Livejournal don't. Dreamwidth has a suggestion box ( (dw-suggestions.dreamwidth.org/1383224.html ) that I put my idea in as a suggestion.
To me, the information I store on livejournal or dreamwidth is personal.. more personal than what I might post to facebook or twitter. As such, I would hope that sites like livejournal or dreamwidth would provide options to ensure that it's actually me accessing my journal.. and not some hacker who's some how managed to crack/hack/obtain my password.
