We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Speakers Corner


It's free to register, to post a question or to start / join a discussion


 

Twitter accounts hacked, including encrypted ones


john bunyan
Resolved

Likes # 0

I hear that a quarter of a million Twitter accounts have been hacked, including some encrypted ones. See:

Twitter BBC

I am not a Twitterer as I think it is a bit narcissistic but if these people can hack encrypted files , is on line banking next?

Like this post
Forum Editor

Likes # 0

"...if these people can hack encrypted files , is on line banking next?"

Online banking security is a lot more robust than Twitter, but in theory anything can be hacked. Banks use some sophisticated methods of security enhancement - mine, for instance, knows if I use anything other than my laptop to try to access my account, and it asks me to provide the answers to two additional security questions before it allows me to use my username/password/security code combination.

Banks accounts have been hacked, but it's a rare occurrence, and if it happens your bank should make good any losses - provided you can satisfy it that you took adequate steps to protect your login details.

It goes without saying that you should never, ever, under any circumstances allow these to be stored on your computer. If you use a public access computer - in an airport or hotel, for instance always go into the browser settings when you've finished, and delete the history. I also clear the cookie cache, but it's best never to use public access machines if you can avoid it.

Like this post
simonjary

Likes # 0

More details and online password security tips here.

Like this post
fourm member

Likes # 0

There's very little difference between user accounts getting hacked on Twitter and someone getting their PIN stolen because they mutter the numbers aloud as they type them in. (Believe me, I have stood behind someone who did that.)

If your twitter password is 'twitter' or 'password' or something easy to guess then you are more likely to lose it than if it is '23GtC!879eh'.

Like this post
Quickbeam

Likes # 0

The trouble with secure passwords like the above, is that it's quite unmemorable, and if you have a dozen like wise and not noted down, you'll never access your account again.

Hands up who keeps this sort of information in their phone or similar hidden under a made up contact name.

Like this post
chub_tor

Likes # 0

Am I misunderstanding this? Surely it was the Twitter servers that were hacked not individual PCs? Yes there were phishing emails sent out afterwards to try and gather more but the 250,000 accounts were compromised not because of how strong or weak their passwords were but because Twitter security was inadequate.

A few years back I had my security details breached when hackers got into Cotton Traders, it wasn't my fault it was theirs and we were warned pretty quickly to amend our details not because they were weak but to build up a new identity with Cotton Traders.

Like this post
fourm member

Likes # 0

chub_tor

'Am I misunderstanding this?'

Yes.

You are right that it was Twitter's servers that got hacked but the accounts the hackers accessed were those where the passwords were easy to guess.

Twitter has about 175m users but only 250k attacks succeeded before it was detected and blocked.

Once you've got into a server you start by looking for easy passwords. You try all the dictionary words because there will be people who think 'aardvark' is a strong password.

If you get the chance, you then search people's Tweets for common words because there will be people who tweet about their cat, 'Mogpuss', and use that as their password.

Then you'll pick up some more accounts from people who use their birthdate and then Tweet 'hooray it's my birthday'.

So, yes, Twitter's security had a flaw (tell me any service that doesn't) but the users who got hacked bear a good part of the responsibility.

Like this post
Forum Editor

Likes # 0

I once received a plaintiff call from the Marketing director of a fashion company, asking for help because 'my computer password has been hacked, and someone has stolen some new designs'.

When I arrived he tearfully explained that the hacker must have been really professional, because the password was very secure. When I asked him to write it down (the room was full of people) he wrote 'dr0wssap'.

I explained that he had chosen one of the easiest passwords to guess, and that I would have been into his files in about 1 minute flat. He was astonished, and couldn't believe that he had chosen one of the 'top ten' guessable words.

As fourm member says, people commonly choose passwords that are in everyday use, and often associated with them - the name of their wife, or one of their children, for instance.

The trick is to use an alpha-numeric string, but one which for you will be memorable for some reason. if you're a pig farmer you might decide on p0rkyw0rk1n30n which you'll remember as porkyworkinson. That's a simple one, but you get the idea.

These passwords are much more difficult to crack, and with a little practice you'll develop a personal convention which will allow to to create memorable, secure passwords easily enough.

Don't try to invent a new password for every single application or website you use, that policy will soon have you wallowing in a sea of confusion. Use two or three passwords for different contexts, and stick at that. remember, we all like to think that our personal files are ultra-attractive to hackers, but of course they're not. Nobody is interested in hacking the Simon Cowell fan-club database for your login details - hackers are after details that can result in access to information that has value. Anywhere money changes hands, for instance, is a possible target, so banks, and e-commerce sites are definitely up there, presenting a juicy target.

I never accept the invitation to 'store your card details for future purchases' when I make online purchases.

Like this post
fourm member

Likes # 0

'Don't try to invent a new password for every single application'

I was trying to come up with a way to have strong passwords with a different one for every application but easy to remember. I was posting my idea when I realised it might actually work so, sorry, for my eyes only.

Like this post
john bunyan

Likes # 0

If a teenager can hack the Pentagon and CIA , then on line banking etc seems a little risky. I suppose eventually we will have to have uncrackable codes based on prime numbers or One Time Pad style passwords for things like on line bank accounts.

Like this post
BT

Likes # 0

"One Time Pad style passwords for things like on line bank accounts."

Don't we already have something like that in the Barclays Pinsentry and other banks' devices where it generates a seemingly random code after you have inserted your Debit or Authorisation card, then part of the card number and a PIN. The number is valid for one use only and expires after a short period of time. I'm sure the numbers aren't really random, but to me seems far more secure than typing in the same reference and passwords each time.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

iPad Air 2 release date, price, specs, new features: world's thinnest tablet also gets Touch ID

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Will Photoshop work with Yosemite? And will Illustrator, After Effects, Premiere Pro or the other A?......

IDG UK Sites

Should I upgrade from Mavericks to OS X 10.10 Yosemite? What you need to know before updating to...