Premier Rock Forum

Colonel Panic wrote:Jodi S. wrote:I have a question about passwords in general.If you use elements of, say, your Electrical PW in another PW (but not the exact PW) are those at risk also? This might just be the incident that has me kill off my old email address for good.It's unlikely, but theoretically, yes. It depends largely on how much similarity exists between your other password and your EA Forums one. The more similarity exists, the more the uniqueness and integrity of your password is compromised. That's why they say you should never use the same word in passwords for multiple sites in recognizable patterns such as "googleswordfish," "yahooswordfish" and "electricalswordfish." There are password cracking algorithms that use "dictionary attacks" coupled together with the "rainbow tables" technique mentioned by BlahBlah above that do actually automate the process of brute-forcing passwords. Add to that the fact that (as BlahBlah also mentioned) PHPBB doesn't salt hashed passwords by default, plus the distinct possibility of the attacker sharing our forum's ~/etc/password list file for all his friends to have a crack at. If I were you, I'd play it safe and change any passwords for other sites that share similar words or long character sequences with your EA password.Good to know. I've now also changed the password for the email account with which I registered to post here.

Wow, that sucks. Thanks for your efforts. Do you know who did this?

Major wrote:If they hacked into my PMs Kerble's mom is gonna be all over Reddit soon.kmyp

Colonel Panic wrote:Jodi S. wrote:I have a question about passwords in general.If you use elements of, say, your Electrical PW in another PW (but not the exact PW) are those at risk also? This might just be the incident that has me kill off my old email address for good.It's unlikely, but theoretically, yes. It depends largely on how much similarity exists between your other password and your EA Forums one. The more similarity exists, the more the uniqueness and integrity of your password is compromised. That's why they say you should never use the same word in passwords for multiple sites in recognizable patterns such as "googleswordfish," "yahooswordfish" and "electricalswordfish." There are password cracking algorithms that use "dictionary attacks" coupled together with the "rainbow tables" technique mentioned by BlahBlah above that do actually automate the process of brute-forcing passwords. Add to that the fact that (as BlahBlah also mentioned) PHPBB doesn't salt hashed passwords by default, plus the distinct possibility of the attacker sharing our forum's ~/etc/password list file for all his friends to have a crack at. If I were you, I'd play it safe and change any passwords for other sites that share similar words or long character sequences with your EA password.Good to know. I've now also changed the password for the email account with which I registered to post here.

Wow, that sucks. Thanks for your efforts. Do you know who did this?

Major wrote:If they hacked into my PMs Kerble's mom is gonna be all over Reddit soon.kmyp

Colonel Panic wrote:Jodi S. wrote:I have a question about passwords in general.If you use elements of, say, your Electrical PW in another PW (but not the exact PW) are those at risk also? This might just be the incident that has me kill off my old email address for good.It's unlikely, but theoretically, yes. It depends largely on how much similarity exists between your other password and your EA Forums one. The more similarity exists, the more the uniqueness and integrity of your password is compromised. That's why they say you should never use the same word in passwords for multiple sites in recognizable patterns such as "googleswordfish," "yahooswordfish" and "electricalswordfish." There are password cracking algorithms that use "dictionary attacks" coupled together with the "rainbow tables" technique mentioned by BlahBlah above that do actually automate the process of brute-forcing passwords. Add to that the fact that (as BlahBlah also mentioned) PHPBB doesn't salt hashed passwords by default, plus the distinct possibility of the attacker sharing our forum's ~/etc/password list file for all his friends to have a crack at. If I were you, I'd play it safe and change any passwords for other sites that share similar words or long character sequences with your EA password.Good to know. I've now also changed the password for the email account with which I registered to post here.

Wow, that sucks. Thanks for your efforts. Do you know who did this?

Major wrote:If they hacked into my PMs Kerble's mom is gonna be all over Reddit soon.kmyp

Colonel Panic wrote:Jodi S. wrote:I have a question about passwords in general.If you use elements of, say, your Electrical PW in another PW (but not the exact PW) are those at risk also? This might just be the incident that has me kill off my old email address for good.It's unlikely, but theoretically, yes. It depends largely on how much similarity exists between your other password and your EA Forums one. The more similarity exists, the more the uniqueness and integrity of your password is compromised. That's why they say you should never use the same word in passwords for multiple sites in recognizable patterns such as "googleswordfish," "yahooswordfish" and "electricalswordfish." There are password cracking algorithms that use "dictionary attacks" coupled together with the "rainbow tables" technique mentioned by BlahBlah above that do actually automate the process of brute-forcing passwords. Add to that the fact that (as BlahBlah also mentioned) PHPBB doesn't salt hashed passwords by default, plus the distinct possibility of the attacker sharing our forum's ~/etc/password list file for all his friends to have a crack at. If I were you, I'd play it safe and change any passwords for other sites that share similar words or long character sequences with your EA password.Good to know. I've now also changed the password for the email account with which I registered to post here.