Jump to content

I'm Back


Burgerwars
 Share

Recommended Posts

I've been gone since December. What happened is I was a victim of a hacking. A couple accounts of mine were gotten into, but fortunately nothing was taken. There is, though, a good probability that this might continue, but can't go into details here. I've gotten some unnerving calls and texts from hackers/scammers, but I'm starting to get used to it. In resetting some passwords I reset the password to Creditboards, but forgot what I set it to in the rush to change passwords. I tried the password recovery options, but eventually found out the email address I signed up for Creditboards I no longer have access to. It was Road Runner email, that no longer exists. I finally got back in through some back and forth emails with the Creditboards administrators.

 

I didn't perish. At least not yet. :)

 

Link to comment
Share on other sites


I've been hacked also. I have a relatively simple way of remembering complicated passwords. Here is the convention I use:

 

Step 1 - Choose a compound word you will never forget and always associate with your passwords - for example ' "DowagerPrincess"

Step 2 - Universal changes: In all instances where the following letters exist, change "a" to "@", I and L to "1", "e" to "3", "s" to "$", "o" to "0" (the number, not the Upper case letter).

Step 3 - The first letter of each word in the compound word is always Capitalized, and if it would be changed under Step 2 it is left as a Capital letter.

Step 4 - If I need to change the password, I simply add "43v3r" (which would start as 4ever) to the end. The next time, I add "&3v3r" (which would start as &ever) (remembered easily because one of my favorite musical pieces is Handel's Hallelujah Chorus, and half of that piece is singing "for ever and ever"). The password gets longer and longer with each change, and therefore easier to remember and harder to hack. Eventually I would change it back to the simple compound word, just using a different compound word.

 

In this example, "DowagerPrincess" would be "D0w@g3rPr1nc3$$"  I have  client who is a computer IT security manager for a large corporation and he is amazed at the simplicity of remembering this and at the same time the difficulty of hacking it.

 

Obviously, DowagerPrincess is NOT one of my compound words, but you should get the idea.

Link to comment
Share on other sites

Fwiw, in order to have a unique pw for each login, I incorporate the

first 3 consonants of the url.

If someone were to "break" the scheme for one login, it does expose the others, but the base password is an anagram of an obscure word; it has yet to be breached and the scheme isn't readily apparent, even if you uncover the pw for a single website.

 

In this manner. I don't even technically require a password manager.

Link to comment
Share on other sites

4 hours ago, Burgerwars said:

I've been gone since December. What happened is I was a victim of a hacking. A couple accounts of mine were gotten into, but fortunately nothing was taken.

Hey Burgers, nice to see you, and welcome back! :wave:

 

Yeah, I have had this constant hacker threat a few times a week alongside those they called "Smishing" on phone messaging, plus email scams that are easy to identify as scammers by masking to be legitimate banks and corporations. 

 

I mainly accuse organizations that sell consumer information to other businesses of being cavalierly careless and allowing personal information to end up in a dangerous domain, allowing the bad guys to get their hands on your information to commit fraud.

 

Additionally, sometimes companies neglect to protect and update their systems to keep their customers' information safe and prevent hackers from penetrating their systems. However, there is no absolute security, and everyone is susceptible to scams.

Link to comment
Share on other sites

10 hours ago, hdporter said:

Fwiw, in order to have a unique pw for each login, I incorporate the

first 3 consonants of the url.

If someone were to "break" the scheme for one login, it does expose the others, but the base password is an anagram of an obscure word; it has yet to be breached and the scheme isn't readily apparent, even if you uncover the pw for a single website.

 

In this manner. I don't even technically require a password manager.

 

I have a similar system using parts of the company's name to make things unique, but not so consistent that it can be guessed.

 

2FA is extremely important, but the thing with forgotten passwords is it may only take a text message to reset it. That's one factor. Multiple factors should also be used for that. Authenticator apps can be a pain, but we may get to the point that texting and emailing codes just isn't secure. 

 

I have called up my cellphone provider and enabled enhanced security (a personal pin required for everything plus they noted my concerns). Hopefully this lessens the chance of SIM swapping, but cellphone company employees can also be fooled by scammers and hackers. 

Edited by Burgerwars
Link to comment
Share on other sites

On 2/12/2024 at 5:43 AM, Burgerwars said:

 

I have a similar system using parts of the company's name to make things unique, but not so consistent that it can be guessed.

 

2FA is extremely important, but the thing with forgotten passwords is it may only take a text message to reset it. That's one factor. Multiple factors should also be used for that. Authenticator apps can be a pain, but we may get to the point that texting and emailing codes just isn't secure. 

 

I have called up my cellphone provider and enabled enhanced security (a personal pin required for everything plus they noted my concerns). Hopefully this lessens the chance of SIM swapping, but cellphone company employees can also be fooled by scammers and hackers. 

Don't trust the Cellular provider. I was hacked and my phone was cloned. Yes it was a modern up to date I phone. I was told that this is incredibly rare and the equipment for the scammers to do this is very expensive. Personally I think it was their own employees!! I discovered this when the Cellular Provider shut my service down. I called to report my phone wasn't working and was treated like a criminal.  I was told there were two phones on the network with same credentials and their fraud detection protocol shut down both phones. I was directed to the nearest cellular brick/mortar location with two government issued forms of identification.  Once I was verified they gave me a completely new phone and urged me to change my number. Interesting part is I am located in West and the duplicate phone they said was in East. I now have verbal passwords on all financial accounts, use 2FA and if possible an authentication app. I use the longest password permitted. I use the words to songs and change every 1st, 2nd, 3rd or 4th letter to a special character. I change my passwords every 30 days.

Link to comment
Share on other sites

On 2/11/2024 at 5:34 PM, Flyingifr said:

I've been hacked also. I have a relatively simple way of remembering complicated passwords. Here is the convention I use:

 

Step 1 - Choose a compound word you will never forget and always associate with your passwords - for example ' "DowagerPrincess"

Step 2 - Universal changes: In all instances where the following letters exist, change "a" to "@", I and L to "1", "e" to "3", "s" to "$", "o" to "0" (the number, not the Upper case letter).

Step 3 - The first letter of each word in the compound word is always Capitalized, and if it would be changed under Step 2 it is left as a Capital letter.

Step 4 - If I need to change the password, I simply add "43v3r" (which would start as 4ever) to the end. The next time, I add "&3v3r" (which would start as &ever) (remembered easily because one of my favorite musical pieces is Handel's Hallelujah Chorus, and half of that piece is singing "for ever and ever"). The password gets longer and longer with each change, and therefore easier to remember and harder to hack. Eventually I would change it back to the simple compound word, just using a different compound word.

 

In this example, "DowagerPrincess" would be "D0w@g3rPr1nc3$$"  I have  client who is a computer IT security manager for a large corporation and he is amazed at the simplicity of remembering this and at the same time the difficulty of hacking it.

 

Obviously, DowagerPrincess is NOT one of my compound words, but you should get the idea.

*sigh*

Dammit, no.  That's not how it works.  And your client should know better.

https://xkcd.com/936/

 

Link to comment
Share on other sites

  • 2 weeks later...
On 2/29/2024 at 4:35 PM, greendeh said:

I have been researching for cards with unique features/perks.
Found this and thought of you. (Hard not to since it has your name on it.)

 

cred.ai unicorn card

 

spacer.png

 

Thanks. Maybe "I need" a new card, but I do have my credit reports frozen as a precaution.

I'm still not out of the woods. I still get many calls trying to sneak me into providing verification codes. I got an email from PayPal, that was legit, saying my account was locked because of something suspicious they wouldn't tell me about. I did have to change my password, and they unlocked it. Of course, I have 2FA on the account.

 

Link to comment
Share on other sites

On 2/14/2024 at 3:54 PM, brainchasm said:

*sigh*

Dammit, no.  That's not how it works.  And your client should know better.

https://xkcd.com/936/

 

 

Correctbatteryhorsestable is very hard to guess.  But if you use it for all sites, it's about as secure as "mypw".  One breach and security's blown.

 

You need an "easy" algorithm that assigns a unique pw to each login, but one for which the algorithm isn't disclosed once you know the password assigned to a single website.

 

Further, the obliqueness of that algorithm may not even be a security factor in most cases.  Once a pw from a breach is found to be unsuccessful with that login on other sites, it's VERY unlikely the potential grifter will give any consideration to variations on that password; they'll just move onto the next in their list of thousands of logins.

 

 

Edited by hdporter
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share




  • Member Statistics

    • Total Members
      188490
    • Most Online
      2046

    Newest Member
    G00dv1b35
    Joined
×
×
  • Create New...

Important Information

Guidelines