1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Largest-ever password study: We are all idiots

Discussion in 'Tech Talk - Gadgets, Gizmos and Technology' started by Mark Holtz, Jun 2, 2012.

  1. Mark Holtz

    Mark Holtz Day Sleeper DBSTalk Club

    10,544
    92
    Mar 23, 2002
    Sacramento, CA
    They will take your e-mail address and password and try to log into your e-mail service. If they are successful, they will try the "Forgot password" for every financial institution (bank, brokerage) and shopping site to see which ones generate a password reset e-mail. They would then reset the password to their password, and try to purchase everything and drain your financial accounts.

    (Oh, my e-mail accounts are secured using two-factor authentication)
     
  2. Mark Holtz

    Mark Holtz Day Sleeper DBSTalk Club

    10,544
    92
    Mar 23, 2002
    Sacramento, CA
    If it's Tuesday, you need to reset your LinkedIn password.
    If it's Wednesday, it's eHarmony.
    And, if it's Thursday, it's LastFM.
    What will Friday bring?
     
  3. Laxguy

    Laxguy Honi Soit Qui Mal Y Pense.

    15,386
    585
    Dec 2, 2010
    Winters,...
    Thanks. So, if I see a confo. e-mail from anywhere, such as "We've reset your PW...." I'd better pay attention!
     
  4. hdtvfan0001

    hdtvfan0001 Well-Known Member

    32,456
    258
    Jul 28, 2004
    The weekend?
     
  5. Shades228

    Shades228 DaBears

    6,081
    46
    Mar 18, 2008
    They can use the information they gain in your emails to learn more about you. This allows them more information so they can guess security questions, if you are a person who actually answers them with real answers, they can also use those emails on social media and other sites to find accounts to get more information about you. Then they search places like photbucket to see if you have any open albums or setup watchers so that if you take pictures of things like mail, sensitive documents (You wouldn't believe how many people take pictures of their DL and SS cards so they can keep the information on their phone and not carry a wallet) and then chaos can ensure.

    In a nutshell using passwords for each site, with a common formula like I suggested above, making a junk email you never use for anything other than social sites that is just random letters, and NEVER use real answers to security questions will protect you from most issues even with a security breach.
     
  6. Laxguy

    Laxguy Honi Soit Qui Mal Y Pense.

    15,386
    585
    Dec 2, 2010
    Winters,...
    Wow, thanks again. I guess I am a bit naive as to how resourceful some thieves can be, but if someone went to a lot of trouble to research who my favorite teacher was, etc., it'd be easier to come to my house and rob me, though the chances of getting caught are much higher.
     
  7. dpeters11

    dpeters11 Hall Of Fame

    16,344
    503
    May 30, 2007
    Cincinnati
    They like to stay behind a keyboard. Some even consider it less of a crime. Stealing a CD from a store is considered bad, but some of the same people don't have a problem using a torrent.
     
  8. Stewart Vernon

    Stewart Vernon Roving Reporter Staff Member Super Moderator DBSTalk Club

    21,623
    385
    Jan 7, 2005
    Kittrell, NC
    You might not see it... unless you run your email client app all the time and check for email every few seconds...

    IF they get your email and password, they could easily check/receive an email before you do and the damage gets done without you ever seeing that confirmation email.
     
  9. wilbur_the_goose

    wilbur_the_goose Hall Of Fame

    4,519
    62
    Aug 16, 2006
    Remember, we're talking about organized crime at work here. These aren't kids trying to crash your "C" drive - these are hardened criminals.
     
  10. ke3ju

    ke3ju Legend

    147
    1
    Aug 18, 2006
    Stroudsburg,...
    "It would take a desktop PC About 193 trillion years to crack your password"

    But then again, I write encryption algorithms...
     
  11. dpeters11

    dpeters11 Hall Of Fame

    16,344
    503
    May 30, 2007
    Cincinnati
    I miss the days when a virus would do things like make the characters fall to the bottom of the screen but not do harm.

    Now this is more organized crime or governments.
     
  12. Shades228

    Shades228 DaBears

    6,081
    46
    Mar 18, 2008

    It's also more about bulk. They're job is to get as many accounts and passwords as possible to sell not to try and run the scams themself most of the time.


    Last I saw WoW accounts were selling for more per account (around $1) than CC's ($.75) per account.
     
  13. 4HiMarks

    4HiMarks Hall Of Fame

    1,576
    35
    Jan 21, 2004
    Laurel, MD
    I worked for an academic institution that enforced the "change password every 90 days" model. A semester is 15 weeks, i.e. about 2 weeks more than 90 days. So assuming you set your PW at the beginning of the semester, you now have to change it just before the semester ends and are then in a perfect position to forget it by the time the next semester rolls around, so you get it reset and the clock starts over. Rinse, repeat.

    They also had two systems - a campus network, accessible only from a machine on campus and an extranet, accessible from any internet-connected machine in the world. It was the network password that required changing every 90 days. The extranet PW was good forever. Guess which one is where all your employee and faculty information was (including pay stubs and the ability to issues and change grades)?
     

Share This Page