Finnish forum hacked, passwords revealed

Lincoln Russell 15 Oct, 2007 at 11:06am ET Article published in Tech

Now may be a good time to review your passwords’ strength and in how many places you use each one.

Comments

15 Oct 2007 ~ 11:11am Linc Personally, I compartmentalize my use of passwords by area to prevent a major compromise: Sites with poor security (like if I think they'll send my actual clear-text password to my email if I forget it - booo!), forums I participate on, instant messengers, sites with personal info about me, and sites that have access to my bank card all have different sets of passwords. Icrontic... well I have more passwords for Icrontic than everything else combined

You might be able to dictionary attack my FoxMarks login. That's about it.

Just remember: Sites like Icrontic use good security, our platform is always up-to-date, and vBulletin uses extraordinary measures to double-hash your passwords... but you still shouldn't use the same password for your online banking. Most importantly, this is not a secure connection, so your password could be intercepted between your browser and our site, especially over wireless (regardless of whether the connection is secure). Same goes for Gmail, etc.
15 Oct 2007 ~ 11:15am CB For security, I use three password levels. I have one password, that I never change, which I only use for services which cannot compromise me, like forums, and online gaming sites, and other benign services. A second password is for any service that I pay for, like mmorpgs, and their ilk. I change that one once/year or so. My top level password is for very sensitive things, like banking sites. I change it frequently.

This is my solution because I have a very bad memory, and I'm signed up for lots of services at that bottom tier. If I had a different password for every service, then I would have to right them all down, which is even less secure.
15 Oct 2007 ~ 11:18am Linc This brings up a good app: KeePass, which I just re-upped as Download of the Day
15 Oct 2007 ~ 12:30pm Leonardo I'll be looking into this. Between work and leisure, I have close to 75 password logons. It drives me crazy. At work, it takes me so long to get around to some of my accounts that when I try to access them the passwords have already expired. Then it's re-application for new password, re-open account, consult the sysadmin.... Oh, Key Pass, yes that's the topic!
15 Oct 2007 ~ 1:09pm GooD OMG thankx a lot !

Man i was in need of an application like that (Keypass) for so long, but i was too lazy to program it myself

I have like 40 different passwords and this little application will save me a lots of headaches ! I only hope that this is as secure as it can be cuz if someone can read this my KeyPass file i'll be in for a hard ride :P
15 Oct 2007 ~ 1:32pm Linc According to public info on Wikipedia, there are no known exploits for KeePass. It uses encryption algorithms that are considered far more secure than MD5, it's open source, and even the passwords stored in active memory are still encrytped.

I'll look at working up a full review soon