Thread Status:
Not open for further replies.
  1. the_randomizer

    the_randomizer The Temp's official fox whisperer
    Member

    Joined:
    Apr 29, 2011
    Messages:
    30,278
    Country:
    United States
    Last edited by the_randomizer, Jan 12, 2017
    Patxinco likes this.
  2. mathieulh

    mathieulh GBAtemp Fan
    Member

    Joined:
    Feb 28, 2008
    Messages:
    355
    Country:
    France
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    That's not not what I suggest at all,

    Use something you know:
    - -A password, typically long, with lower, upper case, special characters and numbers,
    I personally achieve this using mnemotechnics to recall long sentences in Japanese with characters stowed in between

    Use something you own:
    - -A Secure Access Module or a Hardware Security Module to store secrets to cryptography challenges used during
    two factor authentications, would it be symetrical keys (OTP based) or private keys (PGP, U2F).
    This exists in the from of a smart card, a (typically compatible with Android smartphones) NFC device (Yubikey NEO, SIGILANCE...),
    a USB device (Yubikey 4, Yubikey NEO, Nitrokey...).


    Contrary to popular belief and despite convenience mitigation, a smartphone application does not constitute "something you own"
    because unlike SAM or HSM designed to be tamper proof and physically separated from your endpoint, your smartphone
    usually being the endpoint itself and connected to a network, is not, making it therefore all the more practical for an attacker
    to exploit the device and extract the keys stored within the apps, as such it becomes "something you know" compromising the
    purpose of the two factor authentication, especially if all the factors are stored/used on the same device.

    There is no such thing as good security, there is only bad security and worse security, security is only as good as its weakest link
    therefore one needs to render his assets as secure as possible, making it time and effort consumming for an attacker to target him.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQEcBAEBCAAGBQJYd9f1AAoJEKa4nBz3AlIIGbQH/35OHAPKBjoOJbOnzF5AsjXg
    aYIxaN3kGvd/69pUrV9Tm0CAnJJwmZBOWpYaI8eUCJGQIth7flOyajHh15iMnJ1s
    R4JW+yn1W15Ya63XPawcoQt4Fo+dzAdR+kKMYLnh6YtgC5Fsq3EPQt5414RGwfyp
    6dQ1U137rqJFUoqGKFquazP2w0pWyD7x9lnOAZi8t82iL7u3x0J+pWjJuEr5pBKx
    fcAjgZAHIWV3esooE1s3NB3ggMEwvCzX8Fkf2p4NSK+dI+C5CWbBR5SViAxqxoQn
    3Eb0WTkOCunm3ggsQJWB7JlGNEe2r1ZR1FANnMMW8LKy/yh/kFUaUFgum8tkoyw=
    =vBU3
    -----END PGP SIGNATURE-----
     
  3. the_randomizer

    the_randomizer The Temp's official fox whisperer
    Member

    Joined:
    Apr 29, 2011
    Messages:
    30,278
    Country:
    United States
    Well I don't have the funds to get a secure USB flash drive, so yeah, but I'm not going to be totally paranoid about security either, as it's a waste of energy.
     
  4. mathieulh

    mathieulh GBAtemp Fan
    Member

    Joined:
    Feb 28, 2008
    Messages:
    355
    Country:
    France
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    It all comes down to how much you value your security and online privacy.
    To me, it's worth spending the money on a $60 secure dongle.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQEcBAEBCAAGBQJYd9l4AAoJEKa4nBz3AlIIV8AIAIbnsAp6zjoeDF/T6YywoN9J
    ogsfje9eizB6vRJ6qlqTjMD2/Pj9+kidypeLc9cqjizo25Jap3bYnelouvWmpeFp
    XvyYL6NsdvPXCiyFRwm5fgLTK1HB4PuZtrvW5G/9IWexXllbYTt3EoBpwnMmjESY
    nlsCOTTwRf1HA4nv467hXDPrkQxGQTofD6/IYUTqqdfVnh1YTuR1MRfLMjmoDgDJ
    Wu4Ud1xkrdd+FW+QYrUG27c8R3u+WmvQK9wxFTu3G9UVYFeFSkCYCPe4iNey/iaj
    P2gcJ4GI/dd+G8TobK4o0hkefKZHI+j5cRqq74GeWTy/f3YXVZXtoig6SrQQYH0=
    =tqYk
    -----END PGP SIGNATURE-----
     
  5. Slattz

    Slattz Easygoing Fairy
    Member

    Joined:
    Nov 21, 2015
    Messages:
    1,258
    Country:
    Ireland
    No offense, but I don't think most people want to see the PGP stuff everytime you post, it's quite 'loud'... At least put the PGP signature in a spoiler or something.
     
  6. mathieulh

    mathieulh GBAtemp Fan
    Member

    Joined:
    Feb 28, 2008
    Messages:
    355
    Country:
    France
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Is that better?
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQEcBAEBCAAGBQJYd9vPAAoJEKa4nBz3AlIIt9sH/0fkanJdxpPPfgSkuylrmZC1
    ojzLgi2/MLekvmqyJqv2WxNWigXZT8bnhFYiwR5e5AIISBwTeE9dQAzWlgcaOP+h
    I/UN38JPk0ql/5V5LIJ71/WuL205EJwiTx/I6/63R1BK4Oqzui9tOm/7hvWzLFKH
    48CV57T68hs9nVtaRtmXwWnQkM2QR04a9FAukgTjKBXnalBr4edpsNYWsPTl+Ha4
    jP7RrpIMk6+EfX9Z+msvQoYDcHq7WvHBSmj+vwVXzJdZn6HsPfq10AQXeyyIBjHj
    GrBzoX9SY2dOVZsbbbyU0X4BN8+AKXK3SUN6Dph1chnR8AUncqdv/UIf+Hh7T7k=
    =cNqZ
    -----END PGP SIGNATURE-----
     
    Slattz likes this.
  7. Kithron

    Kithron Member
    Newcomer

    Joined:
    Apr 30, 2012
    Messages:
    17
    Country:
    United States
    Thank you for the information, changed my own password and enabled 2FA with my favorite app named Authy.
     
  8. Slattz

    Slattz Easygoing Fairy
    Member

    Joined:
    Nov 21, 2015
    Messages:
    1,258
    Country:
    Ireland
    Yea, thats good :D. Thanks for actually taking my advice, I honestly thought a fight would break out or something :ha:
     
  9. mathieulh

    mathieulh GBAtemp Fan
    Member

    Joined:
    Feb 28, 2008
    Messages:
    355
    Country:
    France
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    To be honest, as it is, it might be breaking the signature, someone would need to manually append the content
    of the spoiler to verify the post.

    I hope this is enough, I am aware the whole PGP metadata can be annoying, it would be much better if forums had
    built-in PGP support.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQEcBAEBCAAGBQJYd959AAoJEKa4nBz3AlII9eYIAKOknZJzv9fLg+edt1QOkHuu
    yWzNDCZ45cfjkPTMIP3pG6UVF/uwKh/+YVsjE7ujIFtKIVp3hNWIYgxLy+hRT61O
    CKhFyhIgp3HQHDItyd9IDqAG7wJpaHtvyLwoYuWPK20WEP0cPynlHnilFscfoVi4
    O8y9AZ1RLsieOuXkAX/rn/ZifYg6STcE+xZJMKkimCW+hHc7PjWf0/ManUSAOV66
    74sVKi41WuuhLXFal5T2DiOJ36r3jUkLNKHOzcrAs7k/F5tJqDeAfdpqKolI/+FA
    +LIElNk/Sy4rfcfHUucdkwPYH2h5cczauyLPgOKu5Zv+bhMZZNKftwxOqkrWZa8=
    =3MlM
    -----END PGP SIGNATURE-----
     
  10. tony_2018

    tony_2018 GBAtemp Psycho!
    Member

    Joined:
    Jan 3, 2014
    Messages:
    3,107
    Country:
    United States
    2 factor or nothing.
     
  11. snails1221

    snails1221 GBAtemp Fan
    Member

    Joined:
    Sep 10, 2015
    Messages:
    307
    Country:
    United States
    Temp hax
     
  12. Deleted User

    Deleted User Newbie

    Oohoho, NOBODY will guess my password if I make it in Esperanto!

    ....absolutely nobody.
     
  13. Raylight

    Raylight Paranoid Temper
    Member

    Joined:
    May 10, 2014
    Messages:
    1,147
    Country:
    United States
    what if we log in through facebook?
     
  14. shaunj66

    shaunj66 GBAtemp Administrator
    Administrator

    Joined:
    Oct 24, 2002
    Messages:
    11,219
    Country:
    United Kingdom
    There's no need to do anything.
     
    Raylight and Gizametalman like this.
  15. Raylight

    Raylight Paranoid Temper
    Member

    Joined:
    May 10, 2014
    Messages:
    1,147
    Country:
    United States
    thank god
     
  16. redrumy3

    redrumy3 Newbie
    Newcomer

    Joined:
    Jul 28, 2010
    Messages:
    6
    Country:
    United States
    I rarely log in and just usually lurk but thanks for letting us know! Appreciate it!
     
  17. Gizametalman

    Gizametalman Banned
    Banned

    Joined:
    Dec 18, 2015
    Messages:
    974
    Country:
    Mexico
    Ugh... not again.
    Could anyone please answer this question:

    If somehow the "hackers" has my email (the one I registered with in GBATemp) do you think they could possible get all those OTHER sites which I've used the same email account?
    You know? Lots of personal information, like bank numbers, phone, how I managed to escape from La Migra, how I dismembered a human and eat it... ok, kiddig with this one.
    But seriously, do you think that may be possible?
    Because, if so, I'll be deleting all the accounts that I have in different sites.
    ¬_¬
     
    Saiyan Lusitano likes this.
  18. Joe88

    Joe88 [λ]
    Global Moderator

    Joined:
    Jan 6, 2008
    Messages:
    12,592
    Country:
    United States
    if you used the same exact password on all those sites sites than yes
     
    Deleted User likes this.
  19. Gizametalman

    Gizametalman Banned
    Banned

    Joined:
    Dec 18, 2015
    Messages:
    974
    Country:
    Mexico
    1234931504682.jpg

    Meh, I don't have any friends anyways...
     
Loading...

Hide similar threads Similar threads with keywords - Addressing, account, recent

Thread Status:
Not open for further replies.