The Entrepreneur Forum | Startups | Entrepreneurship | Starting a Business | Motivation | Success

GOLD! Take Your Computer Security Seriously! YOU Are At Risk!

OP
OP
The-J

The-J

Legendary Contributor
EPIC CONTRIBUTOR
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
Aug 28, 2011
3,471
7,812
1,736
Ontario
@eliquid why 3 passwords?

I love the concept. I'll give it a go. Maybe I can use it for some of my clients.

You know what's funny now that you mention it? My clients have such shit security. Their passwords are almost always the same for everything, and they're so bad. I don't wanna school them on security but I feel like I should.
 

Become a Fastlane INSIDER to view the forum ad free.

eliquid

( Jason Brown )
EPIC CONTRIBUTOR
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
May 29, 2013
1,396
6,646
1,496
Louisville - Kentucky
www.serpwoo.com
@eliquid why 3 passwords?

I love the concept. I'll give it a go. Maybe I can use it for some of my clients.

You know what's funny now that you mention it? My clients have such shit security. Their passwords are almost always the same for everything, and they're so bad. I don't wanna school them on security but I feel like I should.
I need to point out you might need to edit the .bat file a bit more. I left the path to my install hard coded in there in more than 1 spot. But then again, this is just a concept right now.

So for the 3 passwords, there are multiple reasons:
  • A lot of people want to say only 1 password is needed if it's strong and secure. You know, those 84+ char. type passwords. If I zipped up a file and it had a 84+ char password and then I sent that file to my mom/client/journalist/lay tech person in TXT on cell phone or on a sheet of paper, you know how hard that is going to be to type manually on their desktop to unlock the file? It's gonna be a pain. My eyes cross at like the 10th char and I second guess myself what the last char was. I couldn't imagine doing that with 84+

    So I decided instead of 1 strong password of long length, 3 shorter passwords would do. Even at 16 char, you're talking a lot of computer power taking many years to crack. 3 shorter passwords would help with ease and simplicity.. a goal of this project.

  • When other people encrypt the files to send off, it may be a lay tech person who creates them. They put in a 8-16 char password and it's "abcdef123456789". That's not gonna fly well for security, right? Easily cracked. However, now there are 2 more the hacker has to deal with that could be slightly better or stronger that could take a lot of computing power to crack and years. They might crack one, but possibly not the other 2. This is why I put in 3.. a bit better security in case the lay tech user has 1 or 2 weak passwords.. there will still be some security hopefully left.

    Think about it, if your customers use the same password for everything, the hacker might already know that password and that could be the first password the customers used for one of the archives. Now the hacker would need to figure out the other 2 still. Unless your customer just uses the same password 3 times, well there is not much that can be done other than for one of the archives to have an automatic password generated which I might add in to a later version.

  • I thought about just 2 passwords. Since I couldn't do a 2FA after the 1st password ( like websites ), I thought I'd do 2 passwords back to back. When I accepted that would be good, I thought 3 would be even better for no real specific reason other than it might piss off a hacker if they actually did crack the first 2. Past 3 ( going into 4+ ), I thought it would just be a damn pain for the end user. 3 was just a good number it seemed to stay simple, but also secure.

The best way I use it, is to store files on Dropbox or S3. I deal with a lot of my customers data and I don't want it exposed when transferring or having it available.

Sometimes I also need to keep my very personal data on Dropbox ( like my bank info, credit cards, or drivers lic when I am traveling ) and I like knowing I can access it easily on Dropbox while it is still secure if needed in an emergency.
 
Last edited:

Bulgano

Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Sep 12, 2017
64
85
120
Australia
Since I run a SaaS and I have a family, I have been more and more concerned about privacy not only for myself, but my clients ( freelance, agency, & SERPWoo ).

I've been looking at tools and such for sharing data and files and lot of them seem cumbersome having to install a certain app that you also have to pay monthly for. That ,or the app is free but cumbersome, maybe it's no longer maintained or you can't view the source to ensure its solid.

I wanted something I could send my mom and she could easily use for free with apps she might already have. Like Dropbox or some other public file sharing site.

I mean, why can't something be extremely easy and simple with already existing tools almost anyone has or can get easily for free too? Something that isn't a vault but still secure to pass to other people on already existing platforms like Dropbox or Box.com or even Amazon S3? Even just plain email....

So I came up with something that seemed secure enough for me to use until I find something better. Something that I didn't have to worry needed to stay maintained ( like other platforms ) and something that others could view the source of and trust to use.

privacy.zip

The way it works in a nutshell is:

1. You place items in the "base" folder.
2. You click the .bat file
3. You enter in 3 passwords
4. An embedded copy of 7zip archives whatever is in the "base" folder 3 times, each archive has the passwords you put in
5. 7zip password files are AES 256 encrypted
6. You must know all 3 passwords to get the file(s) you encrypted
7. Anything in the "base" folder is deleted now ( the original file ), but even in the "recycle bin" the copy is encrypted too, so no chance of prying eyes.
8. You can now share what you encrypted on Dropbox or some other public file share with another person without much risk of having what you encrypted read by someone else.
9. The other person does not need 7zip. They can open the archive with WinRar or another unzip/zip tool.
10. I'm sure someone can find a flaw. There is a flaw in everything, even paid tools. At least this is free and simple enough my mom can use quickly without more/other software. That was the goal of this.. easy, simple, free


If this works out, I'd like to make it a larger tool set for use by the masses publically. Right now, its just a "concept" without having to have a "vault" like other apps.

.
Great idea but why have you never considered tools like VeraCrypt? It's the successor to TrueCrypt which for a long time was probably the most used encryption program to date.
It offers a bunch of different encryption algorithms, as well as tons of other features. It's also free and open-source.
 

Bulgano

Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Sep 12, 2017
64
85
120
Australia
I need to point out you might need to edit the .bat file a bit more. I left the path to my install hard coded in there in more than 1 spot. But then again, this is just a concept right now.

So for the 3 passwords, there are multiple reasons:
  • A lot of people want to say only 1 password is needed if it's strong and secure. You know, those 84+ char. type passwords. If I zipped up a file and it had a 84+ char password and then I sent that file to my mom/client/journalist/lay tech person in TXT on cell phone or on a sheet of paper, you know how hard that is going to be to type manually on their desktop to unlock the file? It's gonna be a pain. My eyes cross at like the 10th char and I second guess myself what the last char was. I couldn't imagine doing that with 84+

    So I decided instead of 1 strong password of long length, 3 shorter passwords would do. Even at 16 char, you're talking a lot of computer power taking many years to crack. 3 shorter passwords would help with ease and simplicity.. a goal of this project.

  • When other people encrypt the files to send off, it may be a lay tech person who creates them. They put in a 8-16 char password and it's "abcdef123456789". That's not gonna fly well for security, right? Easily cracked. However, now there are 2 more the hacker has to deal with that could be slightly better or stronger that could take a lot of computing power to crack and years. They might crack one, but possibly not the other 2. This is why I put in 3.. a bit better security in case the lay tech user has 1 or 2 weak passwords.. there will still be some security hopefully left.

    Think about it, if your customers use the same password for everything, the hacker might already know that password and that could be the first password the customers used for one of the archives. Now the hacker would need to figure out the other 2 still. Unless your customer just uses the same password 3 times, well there is not much that can be done other than for one of the archives to have an automatic password generated which I might add in to a later version.

  • I thought about just 2 passwords. Since I couldn't do a 2FA after the 1st password ( like websites ), I thought I'd do 2 passwords back to back. When I accepted that would be good, I thought 3 would be even better for no real specific reason other than it might piss off a hacker if they actually did crack the first 2. Past 3 ( going into 4+ ), I thought it would just be a damn pain for the end user. 3 was just a good number it seemed to stay simple, but also secure.

The best way I use it, is to store files on Dropbox or S3. I deal with a lot of my customers data and I don't want it exposed when transferring or having it available.

Sometimes I also need to keep my very personal data on Dropbox ( like my bank info, credit cards, or drivers lic when I am traveling ) and I like knowing I can access it easily on Dropbox while it is still secure if needed in an emergency.
In regards to the first quote, 84 chars is overkill. Last I heard it's universally accepted that 16 with lower, upper, symbols, and numbers is a good minimum and going higher slowly depreciates ineffectiveness. That is if we are talking in terms of brute-forcing.
If we are, then to crack the password "37OVrmm7x!5@iN2o", it would take; "420805123888006 years, 6 months" estimated.

If we are talking about anything else, then I guess it complicates things. The main way accounts get hacked is via combination bruting.
AKA A hacker has a huge list of usernames and a huge list of passwords (Generally sourced from website database dumps), and they they bruteforce the combinations rather than every character of a password for 1 user.

Not sure how much of what I just said is useful or applies here, but guess it's still a bit of good knowledge to know at the end of the day. :)
 

eliquid

( Jason Brown )
EPIC CONTRIBUTOR
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
May 29, 2013
1,396
6,646
1,496
Louisville - Kentucky
www.serpwoo.com
Great idea but why have you never considered tools like VeraCrypt? It's the successor to TrueCrypt which for a long time was probably the most used encryption program to date.
It offers a bunch of different encryption algorithms, as well as tons of other features. It's also free and open-source.
The problem is it's a vault and thus another piece of software the end user has to install, use, and keep on their computer.

Then there is the learning curve with it if they use it for other things instead of JUST opening my files.

.
 
OP
OP
The-J

The-J

Legendary Contributor
EPIC CONTRIBUTOR
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
Aug 28, 2011
3,471
7,812
1,736
Ontario
Is this still true/valid? xkcd: Password Strength
Sort of, although a brute forcer can narrow a password down to words in the dictionary.

Length = strength, but there's more to strength than length. A password should make the job of a brute forcer as hard as possible. So if you, for some reason, need to memorize a password (maybe it's a master password), you could use a phrase of 4 or more words that are rarely used together and segment each with some additional characters, while also including some capital letters. This increases the character set that a brute forcer needs to use.

So correcthorsebatterystaple becomes Correct2!horse2#battery8%staple (2/28 being the birthday, month and day of someone you know, the other characters being random), bringing the total character count to 36 and more than doubling the amount of characters a brute forcer needs to try.

Even so, there's more to security than a password as passwords can be acquired through other means. Ideally, people shouldn't be able to access your accounts even if they know your password.
 

G-Man

Legendary Contributor
EPIC CONTRIBUTOR
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
Jan 13, 2014
1,767
9,504
2,186
Sort of, although a brute forcer can narrow a password down to words in the dictionary.

Length = strength, but there's more to strength than length. A password should make the job of a brute forcer as hard as possible. So if you, for some reason, need to memorize a password (maybe it's a master password), you could use a phrase of 4 or more words that are rarely used together and segment each with some additional characters, while also including some capital letters. This increases the character set that a brute forcer needs to use.

So correcthorsebatterystaple becomes Correct2!horse2#battery8%staple (2/28 being the birthday, month and day of someone you know, the other characters being random), bringing the total character count to 36 and more than doubling the amount of characters a brute forcer needs to try.

Even so, there's more to security than a password as passwords can be acquired through other means. Ideally, people shouldn't be able to access your accounts even if they know your password.
I'm basically technologically illiterate, so here's how I come up with strong passwords: Memorize a poem, or a chapter from a favorite book, or a long-a$$ quote from an admired historical figure, then use the first letter of each word in the password. To remember password, simply recite from memory, typing in first letter of each word. Bonus points for using numbers, punctuation, and upper case, or any quote not in the english language. (clue, remember the date the person said it)

Plus, there's something satisfying about using a quote from Ronald Reagan or Teddy Roosevelt to keep people out of your shit.
 

rogue synthetic

Gold Contributor
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
Aug 2, 2017
351
1,045
359
Is this still true/valid? xkcd: Password Strength
That recommendation is very similar to Diceware, though there's less randomness if you just choose a pass-phrase from words you like or think you will remember.

Diceware passphrases are pretty hard to beat if you follow the recommendations. Even if the attacker knows what you're using and tries a brute-force attack they're still facing an astronomical difficulty:

The level of unpredictability of a Diceware passphrase can be easily calculated: each word adds 12.9 bits of entropy to the passphrase (that is, log (base 2) (6^5) bits). Originally, in 1995, Diceware creator Arnold Reinhold considered five words (64 bits) the minimal length needed by average users. However, starting in 2014, Reinhold recommends that at least six words (77 bits) should be used.

This level of unpredictability assumes that a potential attacker knows that Diceware has been used to generate the passphrase, knows the particular word list used, and knows exactly how many words make up the passphrase. If the attacker has less information, the entropy can be greater than 12.9 bits per word.
 

Become a Fastlane INSIDER to view the forum ad free.

sinj

New Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Jul 20, 2017
10
8
20
28
Mexico
Everything that has been mentioned here is very good, but I want to share something else that I have not seen here mentioned that is really very important, which is: be really careful about what emails you open and the attachments. Email can be said to be of someone when is really not.

Second thing, VPNs are good, but you not all providers are good. They might be logging everything, force you to give a lot of data about yourself.

I would say that right now, but this could change in a blink of the eye, one of the good providers and not very expensive is Mullvad.

Now a little story about opening unknown emails:

I worked on information security, and when we had a penetration test that in the rules of engagement allowed social engineering. We sent invoices that looked like it was from corporate execs going to gentleman's clubs. My friends had a lot of experience going to this kind of places, so they got the invoices' templates perfect. They were Microsoft Office documents with macros. They would open it, and we had total access to their computer systems and networks. We took photos from their webcams as proof.
 

Calvin Foster

New Contributor
Read Millionaire Fastlane
Nov 5, 2017
6
4
16
Orlando, Florida
So true, it can happen to anyone. Great job at listing out the necessities to protect yourself @The-J. I would definitely recommend using LastPass to anyone looking for password protection software. It integrates directly with your browser and has the option to auto-fill your login information. Two-step authentication is a great feature to setup and enable as well for banking, social media, and anywhere else that stores any private data.
 

LeoistheSun

Silver Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
Oct 3, 2017
424
621
271
Southern Cali
Did I mention PIA because its what I use: Anonymous VPN Service From The Leaders | Private Internet Access

Microsoft Defender is prob the best Antivirus if your using Win 10.

I also use Keepass (its encrypted) password database.

Ultimate Windows Tweaker
This has been shown to be ineffective.

If you want to use Linux, I recommend Kali Linux (its pretty secure)

Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
Penetration testers (aka ethical hackers) keep their versions very secure. Its also updated all the time. But any version of Linux will do. Preferably non-Ubuntu (if you dont trust Corporations).
 
Last edited:

ruzara5

Bronze Contributor
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
May 1, 2011
169
170
156
Currently in Washington State
It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.

All I know, is that I was vulnerable... and they got me.
Yes. We live in a wonderful computer world. Full of scary thingys. And ever evolving masses of chewy nasty bits. Okay. Trying to add a little odd humor. Under personal computer usage. Always have a quality virus and malware cleaner protector. Keep it up to date. Include 'tough passwords on all you internet related logons both locally and over 'secure connections' Make the passwords 'strong or strongest'. IF it is something vital, important. Have a separate pc device. And only use it for certain important connections and logon operations on the internet. When NOT in use. Take is physically OFF the internet. AKA unplug the CAT5 cable. Place it in a safe place. This will decrease your threshhold for being hacked, spiked, and spoofed. Amidst other things. Remember you ARE your a first point of being more and most secure and safe.
Some instances of remote access that are interesting is to be aware of the latest methods used. One is the use of 'official email alerts' like the use of apple or other major brands that request you to 'click on the link below'. Can relate to the MAC and IP address. They grabbed it all the way from 'so called' Barcelona Spain and displayed the ip in the email. Location for the original and actual ip started in WA state. USA. Simply. That ip did change. That dynamic effect. Along with a good scrubbing malware cleaner. Interesting times we live in. Be safe.
 

urianasi

Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Aug 17, 2017
20
47
26
US
Did I mention PIA because its what I use: Anonymous VPN Service From The Leaders | Private Internet Access

Microsoft Defender is prob the best Antivirus if your using Win 10.

I also use Keepass (its encrypted) password database.



This has been shown to be ineffective.

If you want to use Linux, I recommend Kali Linux (its pretty secure)

Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
Penetration testers (aka ethical hackers) keep their versions very secure. Its also updated all the time. But any version of Linux will do. Preferably non-Ubuntu (if you dont trust Corporations).
Kali Linux is a distribution created for Penetration Testers, but it doesn't necessarily means you're completely secure. Professionals usually install this distribution in virtual machines, and it's definitely not suited for people who wants to start using Linux. A normal user will not use or need more than half of the programs installed and for sure won't know what those are there for.

The problem with recommending tools is that we are simply trusting that in case of a malicious actor or threat wants to steal or capture our information, they will save us. This isn't necessarily the case.

Security is a process, not a tool. Nobody should expect to be secure after using a simple tool, although many of them market it that way.

There are some things you can do, of course, with some tools to make surveillance more difficult, or to prevent threats, but most of them depend not only on tools, but also behaviors and processes that the person follows. That's the very big problem with digital security.
 

Victor152

New Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
May 5, 2018
5
7
19
Do that, too. Trouble is, anyone can record you when you're on a Skype call (or any kind of call). So accept that responsibility, and be careful with whom you share your screen. I don't quite understand much of it myself, but apparently, there's metadata that can be used to help identify your machine and your IP address.

The big key, though, is no single point of failure.

Lastpass offers 2 factor authentication, and idle time-outs. You need both. If someone gets access to your device, and somehow knows your master password, they should still be unable to get into your password vault.

Not only that, if someone is able to get your phone's SIM and load your phone onto theirs, they should not be able to know your password
Do that, too. Trouble is, anyone can record you when you're on a Skype call (or any kind of call). So accept that responsibility, and be careful with whom you share your screen. I don't quite understand much of it myself, but apparently, there's metadata that can be used to help identify your machine and your IP address.

The big key, though, is no single point of failure.

Lastpass offers 2 factor authentication, and idle time-outs. You need both. If someone gets access to your device, and somehow knows your master password, they should still be unable to get into your password vault.

Not only that, if someone is able to get your phone's SIM and load your phone onto theirs, they should not be able to know your passwords.

For most people, if someone is able to get access to both your phone AND your computer (not too difficult if they're on the same network!), you're right F*cked. The chances of that happening are very, very low.

2 factor protects you from most executables (trojans, etc.) as well as from password leaks. Strong, unique passwords protect you from password leaks and brute force attacks.

Here's something to remember, though: a truly motivated hacker CAN get your sh*t. The most motivated hackers use social engineering to find the weakest link in the chain: stupid humans with access to your accounts.
I dont know if you can still see the ip of the person you are friends on skype but it for sure was possible some time ago.
I tried with my cousin and it worked
 

JAVB

Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Apr 20, 2011
39
70
113
Florida, USA
I didn't think it would happen to me.

A few days ago, I woke up with about ~$1200 USD (in different currencies) taken from various bank accounts via Paypal transactions I didn't make.

Upon calling Paypal to rectify the solution, they told me that those transactions were properly authorized by me, from my computer (!), from my IP address.

That's impossible, I said. I wouldn't do that. I would know!

"Sorry, you're out of luck. Call your bank and have them stop the transactions. That's all you can do."

I kept saying "f*ck Paypal" over and over, until I realized what had happened.

My computer was hacked.

I'm not quite sure how they did it. It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.

All I know, is that I was vulnerable... and they got me.

It's not Paypal's fault, and Paypal isn't responsible. It's my fault, and I'm responsible.

After several virus scans with different software, I found out that I was, indeed, infected.

I could still be infected right now. I don't know. Many viruses and backdoors remain undetected, and they could be on your computer right now.

Yes, YOU are at risk.

I was lucky that all they took was $1200. They could have cleaned me out. And, after calling my bank, I might only stand to lose $300. Time will tell.

You, however, might not be so lucky.

I took several hours to watch Youtube videos, read articles, and scour interviews with security professionals and experts to figure out 2 things: (1) Why did this happen to me, and (2) How can I make sure it doesn't happen again?

Well, the answer to the first question was clear. It happened to me because I was an easy target. My computer was on overnight. I hadn't run a virus scan in months. And, worst of all, I did not have the proper security on my Paypal account.

The second question weighed heavily on my mind, though, and after some searches I found a lot of 'duh, common sense' kind of answers. I quickly figured out that even though I thought it was common sense, I was not following those rules.

My passwords sucked, and were shared among many sites (remind me to change my FLF password too). I didn't have 2 factor authentication on anything (even my Paypal! I thought I did, but I did not.) I wasn't paying attention to what I was downloading.

So, if you think you're not an idiot, let me run you through a checklist of things you must have.

1) An active antivirus. Yes, that includes you, Mac users. (Linux users, you're pretty much fine.) That should be on your phone, too.

2) 2 factor authentication, on everything that supports it. If you have a spare phone that you can use for it (that you don't give to anyone and, preferably, is not connected to your name), then that should be your 2FA phone. (Two factor authentication would have been my saving grace in the Paypal situation, but it wont always be.) Google Authenticator is also an awesome tool.

3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.

4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.

5) An active firewall on both your computer and your router. Yes, firewalls for routers are different than firewalls for computers, and you should have both.

6) A secure autofill program for when you need to enter your credit card or Paypal info. Lastpass does this pretty well. Preferably, this autofill should be protected by a password (again, Lastpass does this pretty well).

7) A strong password on your computer, and, preferably, a 2nd factor (like a biometric scan or a phone/USB unlock) for your computer. (Also, keep your computer OFF when not using it, and preferably, disconnect it from power so it can't turn on without your control!)

8) As many backdoors closed as possible. Some backdoors on Windows computers include Universal Plug n Play, Teamviewer, and allowing remote access protocols. I understand TeamViewer is an important tool; however, it should not ever be running when you're not using it.

After speaking with some people, I also found out that it's very, very likely to get hacked while travelling. Hotel Wifi, Starbucks Wifi, plane Wifi, all of these networks are often more vulnerable than you think! For your safety, use a VPN while travelling. HideMyAss is a popular one. There are several others. You could even make your own, if you wanted.

However, keep in mind: even while following these tips, you could still be vulnerable. People can spoof your phone so they can get into your 2 factor sites. People can take advantage of database breaches and steal your login info. Hackers are always coming up with new ways to steal info and money. (There are also more tips that might help, so please, feel free to add anything! I'm not a computer expert!)

Your job, though, is to lower the likelihood of something ever happening to you. There is no magic armor, but you could at least be wearing a bulletproof vest.

Protect your a$$.
To you list I'd add installing, learning, and heavily using a password manager... something like LastPass or 1Password.

Unfortunately, being a bit sophisticated when it comes to cybersecurity takes effort, learning, and a bit of extra work.... and I say unfortunately because as long as this is the case, there will always be people that, even knowing all this, will be lazy enough not to do it... taking a huge risk.
 

MrChill

Contributor
FASTLANE INSIDER
I've Read UNSCRIPTED
Dec 18, 2015
19
39
23
Cisco offers OpenDNS for free to help block out malware and other crap that you can filter from your home network at the hardware/router level. I highly recommend this, as it is even more proactive than anti-virus software alone, as that's a client installed on your OS. The best malware is the one that never makes it to the OS, but is blocked by your router.

Highly advise looking into this: Home Free by OpenDNS
 

Become a Fastlane INSIDER to view the forum ad free.

Kak

Capitalist Swine
EPIC CONTRIBUTOR
FASTLANE INSIDER
Read Millionaire Fastlane
Summit Attendee
Speedway Pass
Jan 23, 2011
5,218
19,826
4,004
Bump this...

What else is everyone using?

I am going through a big security upgrade. I have been the laziest person on earth about this. I had like 3 reused crappy passwords for 100 different services. I even had a google home (wiretap). I decided I needed to take this way more seriously.

I recently got NordVPN, which I try to use most of the time on browsing devices. When I get fiber soon, I will install Nord on the router.

I use Lastpass to make like 30+ character passwords. I am changing my old 5 year old passwords to these new lastpass passwords as I log into these services.

I force Firefox to forget everything and log me out of everything every time I close it. I use a 2 factor authenticator on several services that allow for it, I am adding more daily as I use them.

I have the regular Windows Defender that comes with 10 Pro.

I switched out my text message app with Signal a while back which is only as good as your network of peers that also have it.
 

TheCj

Bronze Contributor
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
Jan 3, 2017
121
182
153
Ontario, Canada
I think the whole have a strong password thing is kind of a joke.

Most of these hackers attack larger database's and get 1000's or millions of passwords and info at one time. So doesn't matter if you have the most difficult password in the world, it's reduced to 1's and 0's somewhere, and that's the easiet place to get the password.

Just like seeing people worried and cover there pin code at atm's and gas stations. Meanwhile the actual threat is the atm machine or card reader itself has been compromised.

Yes it's good to have good passwords. It is better to limit exposure to an attack so not having your paypal account linked to a larger account etc... Or using credits card since they offer better protection when your account is compromised. I know lots of people don't realize the huge inconvenience and possible loss between getting money stolen from a debit card vs credit card. Debit card theft will require the bank to investigate and if they see that the money was stolen using your pin number you are most likely out of luck if you get anything back at all. This is all after they investigate checking camera's etc.. which can take time. As opposed to credit card theft one call they will go over the fraudulent charges, issue you a new card and off you go.
 
OP
OP
The-J

The-J

Legendary Contributor
EPIC CONTRIBUTOR
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
Aug 28, 2011
3,471
7,812
1,736
Ontario
I think the whole have a strong password thing is kind of a joke.

Most of these hackers attack larger database's and get 1000's or millions of passwords and info at one time. So doesn't matter if you have the most difficult password in the world, it's reduced to 1's and 0's somewhere, and that's the easiet place to get the password.

Just like seeing people worried and cover there pin code at atm's and gas stations. Meanwhile the actual threat is the atm machine or card reader itself has been compromised.

Yes it's good to have good passwords. It is better to limit exposure to an attack so not having your paypal account linked to a larger account etc... Or using credits card since they offer better protection when your account is compromised. I know lots of people don't realize the huge inconvenience and possible loss between getting money stolen from a debit card vs credit card. Debit card theft will require the bank to investigate and if they see that the money was stolen using your pin number you are most likely out of luck if you get anything back at all. This is all after they investigate checking camera's etc.. which can take time. As opposed to credit card theft one call they will go over the fraudulent charges, issue you a new card and off you go.
Strong passwordS. As in, different passwords for each site.

The real threat is not just getting one account hacked, it's a hacker getting access to your password, running your email address through a tool that searches websites that have an account with that address, then trying that one password in every site (and successfully breaking in).

You can't prevent data breaches, and you can't fix another business's security, but you can minimize the damage done.
 

Yzn

Bronze Contributor
Speedway Pass
Jul 1, 2018
140
229
155
Strong passwordS. As in, different passwords for each site.

The real threat is not just getting one account hacked, it's a hacker getting access to your password, running your email address through a tool that searches websites that have an account with that address, then trying that one password in every site (and successfully breaking in).

You can't prevent data breaches, and you can't fix another business's security, but you can minimize the damage done.
Great point.

A few friends of mine used to actually hack other people's computers back in the day, through Trojans and social engineering. And let me tell you there's a million ways to hack you once they put you in their mind. ESPECIALLY if you're just a normal non-tech guy. Which to be honest is most of the human race. So the point @The-J makes is very true. Whilst it's extremely hard to let them out, you can make sure that once they're in you take the least damage.

Another point from personal experience: Anti-viruses only catch threats which were usually made by "noobs" or old binding techniques...the more experienced will make sure it will never be detected by any Anti-Virus app...they even use VirusTotal to test their files lol...

And I'm just talking about normal teenage computer fanatics...
Imagine some U.S or Russian hacking geniuses out there...
 
  • Wow
Reactions: Roz

SquatchMan

Gold Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
Dec 27, 2016
451
1,626
468
Nowhere
Bump this...

What else is everyone using?

I am going through a big security upgrade. I have been the laziest person on earth about this. I had like 3 reused crappy passwords for 100 different services. I even had a google home (wiretap). I decided I needed to take this way more seriously.

I recently got NordVPN, which I try to use most of the time on browsing devices. When I get fiber soon, I will install Nord on the router.

I use Lastpass to make like 30+ character passwords. I am changing my old 5 year old passwords to these new lastpass passwords as I log into these services.

I force Firefox to forget everything and log me out of everything every time I close it. I use a 2 factor authenticator on several services that allow for it, I am adding more daily as I use them.

I have the regular Windows Defender that comes with 10 Pro.

I switched out my text message app with Signal a while back which is only as good as your network of peers that also have it.
Wow. Forgot about this thread. It looks like you got everything covered.

iPhone has the best phone security by far. It's not even close.
 

Kak

Capitalist Swine
EPIC CONTRIBUTOR
FASTLANE INSIDER
Read Millionaire Fastlane
Summit Attendee
Speedway Pass
Jan 23, 2011
5,218
19,826
4,004
Wow. Forgot about this thread. It looks like you got everything covered.

iPhone has the best phone security by far. It's not even close.
I have not heard this!

What makes an iphone more secure than say a flagship samsung?
 

SquatchMan

Gold Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
Dec 27, 2016
451
1,626
468
Nowhere
I have not heard this!

What makes an iphone more secure than say a flagship samsung?
A few things. Android has a laxer app store, less frequent updates, and they transmit phone data to Google (easier to intercept). It's pretty much accepted in the security industry that iOS has the best security. I've never seen anyone say otherwise.

However, I doubt it truly matters unless you have top-secret information.

You can see for yourself by comparing the price of zero-day exploits for iOS.

 

eliquid

( Jason Brown )
EPIC CONTRIBUTOR
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
May 29, 2013
1,396
6,646
1,496
Louisville - Kentucky
www.serpwoo.com
I have been going through a recent update of all my laptops/desktops too recently.

And yes, it's more about different passwords on each site/service than character length because of breaches on other sites, stolen data, hacked/leaked databases, etc. About once a month I have a few different services alert me my data was found on the dark web or some hack site.

When I go look, it's always breaches at forums, stolen info from big companies, etc. So what's the point of me doing all I can on my end, when hackers are stealing it on the other end....

While you want your password to be long and complex to keep the weak sites from having hackers guess your passwords on the front end ( strong sites ban multiple attempts and have other safeguards ), you also need different passwords for when someone breaches the backend of these sites too.

Something I have also recently done that not many talk about are:
  • Put a freeze on all my credit reports.
    • Let's assume someone does hack into a few sites and gets a lot of my info. What's the worse they can do? Steal my identity for one. And with that the biggest issue is financial fraud. Locking my credit pulls/reports/use at all 3 bureaus should block all of that possibility.
    • This freeze stays froze until I decide to undo it. Which will prob only be the next time I look into buying another home or another car which will be a long time from now.

  • Change out my emails ( and usernames if I can ) every year.
    • As a marketer, I have maybe 30+ emails. If you are a marketer ( especially one that freelances ) you know what I am talking about here. Generally most lists of hacked data contain your password, but what else? YES YOUR EMAIL ( or username ). While the data separately can be used, lets face it.. these people are using both to try to hack in and steal more data and collect info on you.
    • So why not change your email too? If they try to log into your Amazon account it won't work because the email is wrong. If they try to email you malware you won't get it since you might be on your new email now.
    • I'm looking to change my email once a year. I will still keep my personal email since it may be hard for family or connections to remember to email me at my new email, but any and all websites/apps/SaaS/etc will get the new email.

  • Mass deleting software, apps, files, zip archives, etc that I haven't touched in X months/years.
    • Bad things can live in these apps and zips. Hidden malware, trojans, etc.
    • Having a ton of software can potentially open up areas prone to attack on your computers and phones. The less you have, the better off you will more than likely be.
.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Post New Topic

Please SEARCH before posting.
Please select the BEST category.

Post new topic

Fastlane Insiders

View the forum AD FREE.
Private, unindexed content
Detailed process/execution threads
Monthly conference calls with doers
Ideas needing execution, more!

Join Fastlane Insiders.

Top Bottom