Originally Posted by Captain Pooka
And this has been happened on myspace, I hate myspace by the way,
People hack your account and post bullitons advertising stuff... everybody was like, How are they getting my password? So I looked into it and found that alot of the links you click on in Myspace asks you to relog in.
So I made a post, send a message to tom and said, Check the address bar, if you are ever asked to relog in make sure it says login.myspace.com (or whatever) or just re-type in myspace.com.
and tom, being the bastard he is, Made a blog about it and said " I figured it out!" and basically copied everything I sent him and posted it as a blog thats on everyones main page. almost word for word
I hate Tom.
yeah, I figured that out a long time ago as well, tried to educate friends.
Toms blog post just made the situation worse, things used to go to a site like
myspce.cn/login?us_en=1&xyz=bez or something similar
now they go to a page that looks just like the login url.
login.myspace.com.login.us_en.cn/?login or something, so people do actually see the words login.myspace.com
reading the address (and looking carefully) or anti phishing plugins are really the only way around this ind of attack.
Originally Posted by aff1993
there is a random password generator, you are best off getting a thing it keep passwords
but then you need to store the passwords. this is fine until something happens to you like happened to me.
(someone (exgf) booted my computer in safe mode, logged in as administrator/blank and then had access to the password generator and stored passwords).
Originally Posted by MattMyster
I recommend using a combination of something random that you will remember such as the word "Canada" but replacing the a's with numbers for example like "C4n4d4" it makes it much more difficult to crack.
as you'll see earlier, most dictionary attack passwords are clever enough to figure out 1337 5p34k (leet speak)
so replacing letters with numbers is not always for the best.
canada, is a dictionary word, so your replacement password (assuming a good brute force cracker) will probably only last about a tenth of a second longer.
I heard a long time ago that the most common password was actually money
best passwords are ones that are made of letters and numbers, that you can also remember.
for example a goog password might consist of your families birthdays something like
(assuming that your mum and dad were born jan 7th and dec1st or something like that.
it's easy for you to remember, you don't have to write it down.
personally i have a set of passwords that I use.
my email passwords
general web accounts
online banking/credit cards
these are three completly different passwords, I know that generally if I sign up for a forum I'll use the weak general password, if this gets cracked then it's no big worry.
my email passwords are more secure since this can generally be used to recover other passwords
my online banking passwords are just as secure, as my email passwords, but completly different.