Family blog‎ > ‎

Regarding Secure Passwords

posted Aug 1, 2014, 10:30 AM by Sameer S Kulkarni
Recently (on the 26th July) I received an email stating that a new email
address and a new credit card was added to my paypal account. The only
reason to do this could be to use this information to gain access to
other financial postal information that is present in that account. And
this also means that the password that I used as a generic password has
been mined and collected by at least one group of hackers (and not the
good kind)
There is another person who explained the exact set of things that
happened to him (https://medium.com/p/24eb09e026dd ), and after reading
it we realized that loosing your password is more about scamming and
social engineering than a lone nerd hacking away at some obscure
computer screen :):).

This was alarming enough to give me motivation enough to move to a
password manager to start generating and saving/syncing passwords
instead of using one password and using my brain to remember the
different permutations and combinations for each of the accounts.

I have started using KeePass (free app on ALL platforms
(windows/linux/mac and ios/android) ) and following are the points that
one should know about it:
1. It can generate and store all the passwords that are stored in an
encrypted file/database.
2. One password used to encrypt this database, and the only password
that you would need to remember.
3. This encrypted file/database can be stored in your dropbox folder or
any other file syncing service, and can be accessed by all your other
devices (through the file syncing service).

There are several other password management services that one can choose
from (http://lifehacker.com/5042616/five-best-password-managers), in
case you would like to see the other options available.

I would suggest that we all start using that and not wait for some one
to hack into our account before we get around to doing it like I did .


Regards,
Sameer


p.s. The hack that is mentioned in the link provided was widely
investigated, and generated a lot of interest in the media. Providing
the links to the same here:
1.
http://techcrunch.com/2014/01/29/why-hasnt-twitter-just-given-n-his-name-back/
2.
https://www.paypal-community.com/t5/PayPal-Forward/PayPal-Takes-Your-Security-Seriously/ba-p/779303
3.
http://techcrunch.com/2014/01/29/godaddy-admits-hackers-social-engineering-led-it-to-divulge-info-in-n-twitter-account-hack/

Comments