View Single Post
Old June 25th 11, 11:04 PM posted to rec.pets.cats.anecdotes,,alt.pets.cats,rec.pets.cats.rescue
Bill Graham
external usenet poster
Posts: 1,065
Default Must Discuss the Kitties' Welfair

nik Simpson wrote:
There's a dangerous assumption here, i.e. that choosing a relatively
simple password that is highly personal to you, is safe because nobody
would guess it unless they knew you and your personal information.
Folks, that's not how hackers break passwords, they don't go your
login and try to guess your password. They hack the website
completely (a-la Sony) grab the master password file & username list,
and feed that data to one or more computers to simply brute force
decrypt the password file, they don't need to know anything about you
at all.
I've decided to use Lastpass and different long completely random
passwords for each website that I couldn't begin to remember. The only
password I have to remember is my Lastpass password, they handle the
rest. Granted, this relies on two things:

1. Nobody can guess my Lastpass password
2. Lastpass's security and encryption is good enough to prevent the
master password data falling into the wrong hands and being decrytped
in a useful amount of time.

So far it's working, but if you bank online or use credit cards
online, the watchword is vigilance ;-)

BTW, are you wondering if one of the recent hacks (Sony, Citicard,
etc) has compromised your password or email address? If not, you
probably should be, so check out this tool:

It's legit and simply searches the data that has been leaked from
sites like Sony to see if your email address is in leaked data.

But how can you be sure some Lastpass employee doesn't sell a bunch of
passwords to someone else for progit? In the same way, I won't know if some
crooked store employee or waiter doesn't swell my credit card information to
someone else. In a word, its impossible to completely protect yourself from