+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 21

Thread: The Weekly Marmot - Keeping Your Account Safe

  1. #1

    The Weekly Marmot - Keeping Your Account Safe

    Follow me on Twitter | Facebook | Google+

  2. #2
    Join Date
    Jun 2009
    Posts
    66
    I use the free version of AVG, and I have never had a problem with it.
    Arms DPS main spec // Prot warrior tank off-spec

  3. #3
    Join Date
    Mar 2011
    Posts
    1
    I use AVG as well and search and destroy also I use a program called Dragon naturally speaking I do not type my password
    and I'm also wondering where are they going to offer you a job.
    maybe Mike should keep his eyes open

  4. #4
    In other news, that is one of the creepiest thumbnail shots yet I think.
    Follow me on Twitter | Facebook | Google+

  5. #5
    Join Date
    Apr 2010
    Location
    Oklahoma
    Posts
    1,055
    lol

  6. #6
    Join Date
    Jul 2011
    Posts
    126
    Loved the intro, that was good acting and made me laugh!

  7. #7
    Join Date
    Aug 2012
    Posts
    1
    Great info although for those unable/willing to pay for the authenticator or cant use the smart phone app there is a windows software authenticator called WinAuth. (http://code.google.com/p/winauth/) It is not officially endorsed by Blizzard, and is not as secure as the others if you put it on the same computer as your wow installation, however, it is another security layer. Here is a link to a blue post (http://eu.battle.net/wow/en/forum/topic/2569217651) stating Blizzard's stance on Winauth in case anyone is leery of retribution from using it.

    As for passwords, one could use an algorithm to generate passwords along the lines of: "tanr4!nb0wPOT33" which when written out as the algorithm reads:
    "first three letters of the site/service your logging into, "rainbow" replacing letters with numbers/symbols where applicable, last three letters of the site/service capitalized, then 33" (No, this is not my password.)

    This kind of password for say, Amazon, would be amar4!b0wZON33, which is different but all you need to remember is the creation algorithm. Be creative with your algorithm, do the first letters to the words in the chorus to Call Me Maybe with 1234 after each line: hijmy1atic2hmn3scmm4, instead of the "r4!nb0w" above then you can just sing the song and type it.

    I hope this information is useful.

    Lore, your shows are a great service to the community keep up the good work!
    Last edited by Zymotical; 08-31-2012 at 10:49 AM. Reason: Links broken :(

  8. #8
    Join Date
    Oct 2008
    Posts
    726
    The #1 thing: do NOT use the same password on <random internet sites or forums> as you do for Bnet. I work in IT security for a 15K-student community college. May not be glamourous, but that's a lot of student/staff accounts to secure! I see lists of 10-50K email addresses and passwords stolen off the internet every week. If any of those are the same as bnet, and you have no authenticator, guess what? You're hacked, soon as they get around to you.

    Strangely enough, for free AV on Windows, I recommend Microsoft Security Essentials, plus Malwarebytes, and CCleaner is the only registry cleaner that isn't either crap or malware in and of itself.

    Of course, the authenticator is either free or like six bucks, and makes you a target they don't want to bother with, rather than an easy target they can take over if they get your (shared) password on a list somewhere. If they do get your password, and you have an authenticator, they're going to get a hit, get asked for auth code, and probably mark it "don't use-authenticator attached" and not bother you again. If you don't have one, they're in.

    Edit: and on passwords: if you have trouble remembering obscure stuff, try passphrases. I use a couple passphrases for things that are about 20 characters long. See http://xkcd.com/936/. Hard to crack, but easy to remember, because it's long, but not particularly obscure. I use a 20+ character one on my bnet account, different from the ones at work.
    Last edited by mavfin; 08-31-2012 at 11:46 AM.

  9. #9
    Join Date
    Dec 2009
    Posts
    127
    If you do want to use a paid anti-virus, keep an eye out for deals. A couple weeks ago I managed to pick up Norton Internet Security on Newegg. It was on sale for $50 and had a $50 mail-in rebate.

  10. #10
    Join Date
    Oct 2008
    Posts
    726
    Quote Originally Posted by Syltraul View Post
    If you do want to use a paid anti-virus, keep an eye out for deals. A couple weeks ago I managed to pick up Norton Internet Security on Newegg. It was on sale for $50 and had a $50 mail-in rebate.
    I'm sorry, but, you'd have to *pay me* to put Norton on my computer. It's as bad as the malware itself.

  11. #11
    Join Date
    Apr 2010
    Location
    Oklahoma
    Posts
    1,055
    Comodo makes a decent free AV. I recommend uninstalling the Geek Buddy as soon as it finishes though.

  12. #12
    Join Date
    Aug 2011
    Posts
    3
    Quote Originally Posted by Lore View Post
    In other news, that is one of the creepiest thumbnail shots yet I think.


    http://i0.kym-cdn.com/photos/images/.../946/62223.jpg

  13. #13
    Join Date
    Dec 2009
    Posts
    127
    Quote Originally Posted by mavfin View Post
    I'm sorry, but, you'd have to *pay me* to put Norton on my computer. It's as bad as the malware itself.
    I've been using Norton for quite a few years now without any problems. Before that I had used AVG but I had gotten some virus that completely corrupted my HDD. To each his own I suppose

  14. #14
    Join Date
    Sep 2010
    Location
    Bellefontaine, Ohio
    Posts
    13
    why not just say "check out my youtube page devomorph" for some of the other series I do
    I remain the only warrior in all of Azeroth that can cast fireball
    http://www.facebook.com/#!/photo.php?pid=398031&id=1827335559&ref=fbx_album

  15. #15
    Join Date
    Jul 2011
    Location
    Ottawa, ON
    Posts
    47
    Password complexity is one that doesn't get stressed enough. The XKCD linked above covers the idea well: just because something is difficult for you to remember doesn't mean that it will be hard for someone else to guess. "Stalwart9!" might be annoying to remember because you affixed a number and a punctuation mark to a word you fancy, but it isn't particularly challenging for someone else to guess. "OttawaOnionZebraParliament" on the other hand, is pretty hard to accidentally stumble across, is relatively easy to remember if you imagine a Zebra visiting the Canadian parliament buildings and eating an onion, and still allows you to attach a number and some punctuation, if it makes you feel better.

    Use words that do not have any special meaning or significance to you, or that no one who knows you today will associate with you.

    Don't use your street name. If you must use a street name, pick one five or more blocks away from you in a random direction that you determine by spinning a bottle, or twirling in circles until you fall over.

    Don't use your pet's name. If you must use a pet's name, pick the pet of a friend from your childhood who you haven't spoken to in years.

    Don't use the name of a country you like, or hope to visit. If you must use the name of a country you like, pick the name of a country that you completely made up in your head during that brief period in the eighth grade when you told yourself you were going to become a fantasy author, and never spoke aloud to anyone.

    Pick four random objects on your desk. Pick four random objects in your house. Break into your neighbour's house*, and pick four random objects there. Embrace the potential to be absurd. Combine an animal you like with an insect you don't, and a beverage you'd enjoy seeing either one try to drink. Penguinmosquitoscrewdriver. Combine your first girlfriend/boyfriend's name with your favourite kind of potato, and a disease you hope one of them gets and the other doesn't. Tessayukonswineflu. How about your father's middle name, a kind of soup you usually keep in the cupboard, and a sport you have never tried and don't care to? Leopoldclamchowdertennis.

    And do not, please, I swear to God, stop doing this, I beg you: write your work password on a sticky note and stick it to the front of your computer, in the office.

    *Do not break into your neighbour's house.

  16. #16
    Join Date
    Apr 2010
    Location
    Oklahoma
    Posts
    1,055
    Everyone knows the proper place for your password sticky is under the keyboard. Sheesh. 11 years in IT tells.me i can get into 60% of work pcs that way.

    Sent from my SAMSUNG-SGH-I717 using Tapatalk 2
    "he doens't need healing, he doesn't need healing, he doesn't nee-WHAOSHIT!wtf was that man!". Please stop leaning on TDR. -Teng

  17. #17
    Join Date
    Sep 2010
    Location
    Next to the murder capital of the world....
    Posts
    54
    Quote Originally Posted by lauragnome View Post
    Password complexity is one that doesn't get stressed enough. The XKCD linked above covers the idea well: just because something is difficult for you to remember doesn't mean that it will be hard for someone else to guess. "Stalwart9!" might be annoying to remember because you affixed a number and a punctuation mark to a word you fancy, but it isn't particularly challenging for someone else to guess. "OttawaOnionZebraParliament" on the other hand, is pretty hard to accidentally stumble across, is relatively easy to remember if you imagine a Zebra visiting the Canadian parliament buildings and eating an onion, and still allows you to attach a number and some punctuation, if it makes you feel better.
    Internet security professionals are actually starting to recommend passphrases. If your password is a dictionary word (even with leet speak), it's easier to crack. An example of a passphrase would be - I need a password for Tankspot - which would translate to "In@p4T".

    Also, we use Avira AntiVir for antiviurs in my house. Although I will admit, the user needs to be a little bit computer savvy because its hueristics are very aggresive and it will sometimes have false positives. :-)
    "Dear Blizzard, Nerf rock, Paper is fine. -Scissors." - - from Arctius (Official Forums)

  18. #18
    Join Date
    Apr 2011
    Posts
    15
    There's one tidbit layer of security that i've seen a few times, but that i find strange that it has not taken hold and became more commun:
    have a randomised keyboard pop-up to type your password-like thing (anything from actual password down to a 4digit PIN number).

    An other basic thing, banks give you 3 tries on you creditcard "pass-number", if you fail to input the right pass 4 times in a row it gets locked-for-a-day/eated/whatever. Why is it that most webservices do not have the same mecanic ? I actually can not remember a single webservice(except my online bank) where could not i try different combination of ID/Pass all day long.
    At the very least, having an IP (or cloud) continously trying to login should rise a flag, no ?

  19. #19
    Join Date
    Oct 2008
    Posts
    726
    Quote Originally Posted by ayashi View Post
    An other basic thing, banks give you 3 tries on you creditcard "pass-number", if you fail to input the right pass 4 times in a row it gets locked-for-a-day/eated/whatever. Why is it that most webservices do not have the same mecanic ? I actually can not remember a single webservice(except my online bank) where could not i try different combination of ID/Pass all day long.
    At the very least, having an IP (or cloud) continously trying to login should rise a flag, no ?
    Because it's a good investment for a bank to do that, and have the people to serve the customers who get locked out. Blizzard doesn't lock so easy, because you're not dealing with bank accounts, so the return on investment isn't good except in the worst cases that cause accounts to be locked.

  20. #20
    Join Date
    Jul 2012
    Posts
    10
    I think one thing to keep in mind that Lore didn't really touch on is Social Engineering. From working in a computer repair shop it is probably the most commonly bought form of attack by consumers.

+ Reply to Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts