Twitter accounts hacked, including encrypted ones

  john bunyan 18:17 02 Feb 2013

I hear that a quarter of a million Twitter accounts have been hacked, including some encrypted ones. See:

Twitter BBC

I am not a Twitterer as I think it is a bit narcissistic but if these people can hack encrypted files , is on line banking next?

  Forum Editor 18:36 02 Feb 2013

"...if these people can hack encrypted files , is on line banking next?"

Online banking security is a lot more robust than Twitter, but in theory anything can be hacked. Banks use some sophisticated methods of security enhancement - mine, for instance, knows if I use anything other than my laptop to try to access my account, and it asks me to provide the answers to two additional security questions before it allows me to use my username/password/security code combination.

Banks accounts have been hacked, but it's a rare occurrence, and if it happens your bank should make good any losses - provided you can satisfy it that you took adequate steps to protect your login details.

It goes without saying that you should never, ever, under any circumstances allow these to be stored on your computer. If you use a public access computer - in an airport or hotel, for instance always go into the browser settings when you've finished, and delete the history. I also clear the cookie cache, but it's best never to use public access machines if you can avoid it.

  simonjary 09:55 03 Feb 2013

More details and online password security tips here.

  Quickbeam 11:18 03 Feb 2013

The trouble with secure passwords like the above, is that it's quite unmemorable, and if you have a dozen like wise and not noted down, you'll never access your account again.

Hands up who keeps this sort of information in their phone or similar hidden under a made up contact name.

  chub_tor 11:43 03 Feb 2013

Am I misunderstanding this? Surely it was the Twitter servers that were hacked not individual PCs? Yes there were phishing emails sent out afterwards to try and gather more but the 250,000 accounts were compromised not because of how strong or weak their passwords were but because Twitter security was inadequate.

A few years back I had my security details breached when hackers got into Cotton Traders, it wasn't my fault it was theirs and we were warned pretty quickly to amend our details not because they were weak but to build up a new identity with Cotton Traders.

  Forum Editor 13:44 03 Feb 2013

I once received a plaintiff call from the Marketing director of a fashion company, asking for help because 'my computer password has been hacked, and someone has stolen some new designs'.

When I arrived he tearfully explained that the hacker must have been really professional, because the password was very secure. When I asked him to write it down (the room was full of people) he wrote 'dr0wssap'.

I explained that he had chosen one of the easiest passwords to guess, and that I would have been into his files in about 1 minute flat. He was astonished, and couldn't believe that he had chosen one of the 'top ten' guessable words.

As fourm member says, people commonly choose passwords that are in everyday use, and often associated with them - the name of their wife, or one of their children, for instance.

The trick is to use an alpha-numeric string, but one which for you will be memorable for some reason. if you're a pig farmer you might decide on p0rkyw0rk1n30n which you'll remember as porkyworkinson. That's a simple one, but you get the idea.

These passwords are much more difficult to crack, and with a little practice you'll develop a personal convention which will allow to to create memorable, secure passwords easily enough.

Don't try to invent a new password for every single application or website you use, that policy will soon have you wallowing in a sea of confusion. Use two or three passwords for different contexts, and stick at that. remember, we all like to think that our personal files are ultra-attractive to hackers, but of course they're not. Nobody is interested in hacking the Simon Cowell fan-club database for your login details - hackers are after details that can result in access to information that has value. Anywhere money changes hands, for instance, is a possible target, so banks, and e-commerce sites are definitely up there, presenting a juicy target.

I never accept the invitation to 'store your card details for future purchases' when I make online purchases.

  john bunyan 16:31 03 Feb 2013

If a teenager can hack the Pentagon and CIA , then on line banking etc seems a little risky. I suppose eventually we will have to have uncrackable codes based on prime numbers or One Time Pad style passwords for things like on line bank accounts.

  BT 17:53 03 Feb 2013

"One Time Pad style passwords for things like on line bank accounts."

Don't we already have something like that in the Barclays Pinsentry and other banks' devices where it generates a seemingly random code after you have inserted your Debit or Authorisation card, then part of the card number and a PIN. The number is valid for one use only and expires after a short period of time. I'm sure the numbers aren't really random, but to me seems far more secure than typing in the same reference and passwords each time.

  Quickbeam 09:31 04 Feb 2013

That's far too complicated alan14 to remember once I've forgotten the password and how I created it!

  john bunyan 09:54 04 Feb 2013

Are these "password lockers", such as this one below, worth having?


  Quickbeam 10:01 04 Feb 2013

Not if they get hacked. I'll stick with the password index at the back of LOTRs!

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Qualcomm Snapdragon 855 release date & specs

The Pantone Colour of the Year 2019 is 'Living Coral'

Can Macs Get Viruses & Do Macs Need Antivirus Software?

Comment baisser votre ping ?