Rev Customer Databased Hacked?

Keith Clarke keith.clarke at clarkeandclarke.co.uk
Tue Jul 12 14:21:05 EDT 2011


Whilst we're sharing tips, I've been using 1Password from http://agilebits.com/ across my Macs and iPhone devices for a few years, recently adding their PC version for my Parallels virtual PCs (no Linux, except web servers). 

All my passwords are unique - I use 1Password's inbuilt generator and these are always the longest, most random alpha + numeric + symbol combinations that each service allows. I use 1Password's tagging capabilities to remember what all the services and passwords are for. 

My encrypted 1Password data file lives in DropBox and so is synchronised across platforms and accessible anywhere. I then have 1 very hard password for 1 Password alone - and I am extremely careful with this.

Oh, and I always remember that "There are only two people who can keep a secret - and one of them is dead!" ;-)
Best,
Keith.. 

On 12 Jul 2011, at 18:58, Bob Sneidar wrote:

> For the record, I have a password philosophy that has served me well. I have one set of credentials I use for local logons, like computer accounts and file servers. I have a second set for anything that accesses the internet, but does not contain information that can hurt me. I have a third set that I use for internet accounts where I can be hurt. I NEVER use one set in another environment. 
> 
> I take that back. I DID use a game account in what I thot was a trusted forum on a server I thot was owned by one of the guys in game that I knew for years. Turns out it was a hosted forum, and my game account got hacked within two weeks. Live and learn. 
> 
> Bob
> 
> 
> On Jul 11, 2011, at 1:37 PM, Pierre Sahores wrote:
> 
>> I changed all mine, even if they went in theory full safe. It's realy best for all of us to verify that our passwords are at least trusted as 100% safe by the cPanel AJAX tester. Any mix of letters, numbers and itemdels are always more trusty than only letters + numbers ;-)
>> 
>> Best, Pierre
>> 
>> Début du message réexpédié :
>> 
>>> The advice to change password was *not* because of any success by any hacker
>>> at accessing your (our) password information.
>>> 
>>> BUT because the hacker now has username and on-rev domain name, *if* you
>>> have a weak password it would be wise to change it to one that may be harder
>>> to try and attack by dictionary/brute force, should the hacker try in the
>>> future to use the list of usernames to find a weak nut to crack.





More information about the use-livecode mailing list