Addressing the recent user account hack scare

Discussion in 'GBAtemp & Scene News' started by Costello, Jan 12, 2017.

Thread Status:
Not open for further replies.
  1. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    24
    GBAtemp Patron
    the_randomizer is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Apr 29, 2011
    United States
    Dr. Wahwee's castle
    Last edited by the_randomizer, Jan 12, 2017
    Patxinco likes this.
  2. mathieulh

    mathieulh GBAtemp Fan

    Member
    5
    Feb 28, 2008
    France
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    That's not not what I suggest at all,

    Use something you know:
    - -A password, typically long, with lower, upper case, special characters and numbers,
    I personally achieve this using mnemotechnics to recall long sentences in Japanese with characters stowed in between

    Use something you own:
    - -A Secure Access Module or a Hardware Security Module to store secrets to cryptography challenges used during
    two factor authentications, would it be symetrical keys (OTP based) or private keys (PGP, U2F).
    This exists in the from of a smart card, a (typically compatible with Android smartphones) NFC device (Yubikey NEO, SIGILANCE...),
    a USB device (Yubikey 4, Yubikey NEO, Nitrokey...).


    Contrary to popular belief and despite convenience mitigation, a smartphone application does not constitute "something you own"
    because unlike SAM or HSM designed to be tamper proof and physically separated from your endpoint, your smartphone
    usually being the endpoint itself and connected to a network, is not, making it therefore all the more practical for an attacker
    to exploit the device and extract the keys stored within the apps, as such it becomes "something you know" compromising the
    purpose of the two factor authentication, especially if all the factors are stored/used on the same device.

    There is no such thing as good security, there is only bad security and worse security, security is only as good as its weakest link
    therefore one needs to render his assets as secure as possible, making it time and effort consumming for an attacker to target him.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQEcBAEBCAAGBQJYd9f1AAoJEKa4nBz3AlIIGbQH/35OHAPKBjoOJbOnzF5AsjXg
    aYIxaN3kGvd/69pUrV9Tm0CAnJJwmZBOWpYaI8eUCJGQIth7flOyajHh15iMnJ1s
    R4JW+yn1W15Ya63XPawcoQt4Fo+dzAdR+kKMYLnh6YtgC5Fsq3EPQt5414RGwfyp
    6dQ1U137rqJFUoqGKFquazP2w0pWyD7x9lnOAZi8t82iL7u3x0J+pWjJuEr5pBKx
    fcAjgZAHIWV3esooE1s3NB3ggMEwvCzX8Fkf2p4NSK+dI+C5CWbBR5SViAxqxoQn
    3Eb0WTkOCunm3ggsQJWB7JlGNEe2r1ZR1FANnMMW8LKy/yh/kFUaUFgum8tkoyw=
    =vBU3
    -----END PGP SIGNATURE-----
     
  3. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    24
    GBAtemp Patron
    the_randomizer is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Apr 29, 2011
    United States
    Dr. Wahwee's castle
    Well I don't have the funds to get a secure USB flash drive, so yeah, but I'm not going to be totally paranoid about security either, as it's a waste of energy.
     
  4. mathieulh

    mathieulh GBAtemp Fan

    Member
    5
    Feb 28, 2008
    France
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    It all comes down to how much you value your security and online privacy.
    To me, it's worth spending the money on a $60 secure dongle.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQEcBAEBCAAGBQJYd9l4AAoJEKa4nBz3AlIIV8AIAIbnsAp6zjoeDF/T6YywoN9J
    ogsfje9eizB6vRJ6qlqTjMD2/Pj9+kidypeLc9cqjizo25Jap3bYnelouvWmpeFp
    XvyYL6NsdvPXCiyFRwm5fgLTK1HB4PuZtrvW5G/9IWexXllbYTt3EoBpwnMmjESY
    nlsCOTTwRf1HA4nv467hXDPrkQxGQTofD6/IYUTqqdfVnh1YTuR1MRfLMjmoDgDJ
    Wu4Ud1xkrdd+FW+QYrUG27c8R3u+WmvQK9wxFTu3G9UVYFeFSkCYCPe4iNey/iaj
    P2gcJ4GI/dd+G8TobK4o0hkefKZHI+j5cRqq74GeWTy/f3YXVZXtoig6SrQQYH0=
    =tqYk
    -----END PGP SIGNATURE-----
     
  5. Slattz

    Slattz Easygoing Fairy

    Member
    8
    Nov 21, 2015
    Ireland
    No offense, but I don't think most people want to see the PGP stuff everytime you post, it's quite 'loud'... At least put the PGP signature in a spoiler or something.
     
  6. mathieulh

    mathieulh GBAtemp Fan

    Member
    5
    Feb 28, 2008
    France
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Is that better?
    PGP Signature
     
    Slattz likes this.
  7. Kithron

    Kithron Member

    Newcomer
    3
    Apr 30, 2012
    United States
    Thank you for the information, changed my own password and enabled 2FA with my favorite app named Authy.
     
  8. Slattz

    Slattz Easygoing Fairy

    Member
    8
    Nov 21, 2015
    Ireland
    Yea, thats good :D. Thanks for actually taking my advice, I honestly thought a fight would break out or something :ha:
     
  9. mathieulh

    mathieulh GBAtemp Fan

    Member
    5
    Feb 28, 2008
    France
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    To be honest, as it is, it might be breaking the signature, someone would need to manually append the content
    of the spoiler to verify the post.

    I hope this is enough, I am aware the whole PGP metadata can be annoying, it would be much better if forums had
    built-in PGP support.
    PGP Signature
     
  10. tony_2018

    tony_2018 GBAtemp Psycho!

    Member
    7
    Jan 3, 2014
    United States
    2 factor or nothing.
     
  11. snails1221

    snails1221 GBAtemp Fan

    Member
    7
    GBAtemp Patron
    snails1221 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Sep 10, 2015
    United States
    Anonville
    Temp hax
     
  12. Tomato Hentai

    Tomato Hentai hot death grips singles in your area

    Member
    12
    Oct 30, 2014
    Canada
    Alberta
    Oohoho, NOBODY will guess my password if I make it in Esperanto!

    ....absolutely nobody.
     
  13. rekt.
     
  14. Raylight

    Raylight Paranoid Temper

    Member
    6
    May 10, 2014
    United States
    Who wants to know?
    what if we log in through facebook?
     
  15. shaunj66

    shaunj66 Administrator

    Administrator
    19
    Oct 24, 2002
    United Kingdom
    South England
    There's no need to do anything.
     
    Raylight and Gizametalman like this.
  16. Raylight

    Raylight Paranoid Temper

    Member
    6
    May 10, 2014
    United States
    Who wants to know?
    thank god
     
  17. redrumy3

    redrumy3 Newbie

    Newcomer
    2
    Jul 28, 2010
    United States
    I rarely log in and just usually lurk but thanks for letting us know! Appreciate it!
     
  18. Gizametalman

    Gizametalman Banned

    Banned
    4
    Dec 18, 2015
    Mexico
    D.F. - Zona Cero.
    Ugh... not again.
    Could anyone please answer this question:

    If somehow the "hackers" has my email (the one I registered with in GBATemp) do you think they could possible get all those OTHER sites which I've used the same email account?
    You know? Lots of personal information, like bank numbers, phone, how I managed to escape from La Migra, how I dismembered a human and eat it... ok, kiddig with this one.
    But seriously, do you think that may be possible?
    Because, if so, I'll be deleting all the accounts that I have in different sites.
    ¬_¬
     
    Saiyan Lusitano likes this.
  19. Joe88

    Joe88 [λ]

    Moderator
    15
    Jan 6, 2008
    United States
    if you used the same exact password on all those sites sites than yes
     
    Tomato Hentai likes this.
  20. Gizametalman

    Gizametalman Banned

    Banned
    4
    Dec 18, 2015
    Mexico
    D.F. - Zona Cero.
    1234931504682.

    Meh, I don't have any friends anyways...
     
Loading...
Thread Status:
Not open for further replies.