Got something to say or just want fewer pesky ads? Join us... 😊

Register Log in

My email account compromised - advice?



Rugrat

Rugrat

Well-known member
Mar 13, 2011
10,215
Seaford
Use BT Internet and had notification that my email account has been accessed from Nigeria. If not me then suggest change p/w.

I've done that but worried because if they got the previous one then however they did it means they can get the new one. More worrying they can get any p/w to bank, cards etc. I'm not daft enough to write them down anywhere so I'm wondering just how they got it and how safe the others are.

Anyone got any experience of this?
 






Rugrat

Rugrat

Well-known member
Mar 13, 2011
10,215
Seaford
KJP said:
The notification is probably a scam
Click to expand...

No. It wasn't an email it was in their "notifications" tab. You can log in and see all account activity, when accessed from where etc. showed all my log ins for the past 30 days or so and there was the Nigeria event (about 5 days ago)
 


Bozza

Bozza

You can change this
Helpful Moderator
Jul 4, 2003
55,720
Back in Sussex
1. Change your password ASAP. Make the password strong - use all of lower case, upper case, numbers and punctuation.

2. For important services, and your primary email address is one of those, use a different password than you use anywhere else. That means, say, if someone compromises your Facebook account, they can't immediately access your email account.
 


beorhthelm

beorhthelm

A. Virgo, Football Genius
Jul 21, 2003
35,303
check your PC for spyware or malware BEFORE you change password, or do so and change again. if you use public PCs, including work, consider if they are properly secure. dont use the same passwd for different forums/services/accounts. but dont be too fussy about passwords either, simple memorable ones for forums, strong ones for bank/key email. use a couple of email addresses, with one "disposeable" for signing up to stuff you dont care. consider if you sign upto a forum or service that they may not be trustworthy/competent and the details you use may be compromised.

see this advice on strong passwords.
 




Rugrat

Rugrat

Well-known member
Mar 13, 2011
10,215
Seaford
Bozza said:
1. Change your password ASAP. Make the password strong - use all of lower case, upper case, numbers and punctuation.

2. For important services, and your primary email address is one of those, use a different password than you use anywhere else. That means, say, if someone compromises your Facebook account, they can't immediately access your email account.
Click to expand...

beorhthelm said:
check your PC for spyware or malware BEFORE you change password, or do so and change again. if you use public PCs, including work, consider if they are properly secure. dont use the same passwd for different forums/services/accounts. but dont be too fussy about passwords either, simple memorable ones for forums, strong ones for bank/key email. use a couple of email addresses, with one "disposeable" for signing up to stuff you dont care. consider if you sign upto a forum or service that they may not be trustworthy/competent and the details you use may be compromised.

see this advice on strong passwords.
Click to expand...

Thanks ... will do. Is there a recom for checking spyware/malware? I have AVG (free) installed but assume there is something a bit more specialist to run one time?
 


El Presidente

El Presidente

The ONLY Gay in Brighton
Helpful Moderator
Jul 5, 2003
39,707
Pattknull med Haksprut
In relation to passwords, are there any apps/pieces of software that generate good passwords and act as a 'wallet' for you to store all of them in?
 


beorhthelm

beorhthelm

A. Virgo, Football Genius
Jul 21, 2003
35,303
Spybot and Adware are well known. AVG is ok but focused on virus. need to think about likely places, real or online, where you've used you password recently. if you used a cyber cafe or signed up to a site with your noraml user/password thats probably where they got details from.
 




Rugrat

Rugrat

Well-known member
Mar 13, 2011
10,215
Seaford
beorhthelm said:
Spybot and Adware are well known. AVG is ok but focused on virus. need to think about likely places, real or online, where you've used you password recently. if you used a cyber cafe or signed up to a site with your noraml user/password thats probably where they got details from.
Click to expand...

Ta, know spybot will run that and will pay a bit more attention to passwords as your prev
 


beorhthelm

beorhthelm

A. Virgo, Football Genius
Jul 21, 2003
35,303
El Presidente said:
In relation to passwords, are there any apps/pieces of software that generate good passwords and act as a 'wallet' for you to store all of them in?
Click to expand...

there are, but there's two problems with this approach. firstly compromise the wallet and all your passwords are known instantly. you are probably better off writing them down at home (less likly to burgled and you can hide the relation to site/usernames somehow). password generators are fine but tend to create random strings that are horrible to remember. better to use a random word generator and string two or three together 12-15 char minimum where it matters. really, the many target is to not be obvious (so "golfgti" on a golf forum would be stupid) or common ("password" is ridiculously common apparently), the hackers will move onto low handing fruit. unless you've been compromised with a keylogger in which case its acedemic what the strength of the password is.
 










CheeseRolls

CheeseRolls

Well-known member
NSC Patron
Jan 27, 2009
5,951
Shoreham Beach
Have to say I don't use any of these products. Mainly because I use a mixture of Windows, android and sometimes linux. Cross platform licensing seems to get too expensive. Apple only folks should consider onepassword from agilebits.
 




DanielT

DanielT

Well-known member
Jun 25, 2010
2,217
Brighton. On matchdays, I'm in ESU
CheeseRolls said:
Have to say I don't use any of these products. Mainly because I use a mixture of Windows, android and sometimes linux. Cross platform licensing seems to get too expensive. Apple only folks should consider onepassword from agilebits.
Click to expand...

I use lastpass across all platforms (except apple because [insert can of worms here])

Only reported problem wasn't a problem just the development team being extremely paranoid.
 


Spimunk

Spimunk

Member
Jun 17, 2011
36
West Sussex
Last Pass

I use a service called Last Pass https://lastpass.com/index.php?fromwebsite=1 and find it great. It has a browser plug in for all the major browsers and a login link for mobile devices such as iOS, Android etc and all you do is change your password on the sites you use by creating a random secure password for each one so each site has its own password but instead of needing to remember or write these all down, you use your master password for Last Pass to login to their service and hit the browser plug in button or bookmark on a mobile device and it logs you in as long as you've saved the details within Last Pass
 


Bozza

Bozza

You can change this
Helpful Moderator
Jul 4, 2003
55,720
Back in Sussex
Triggaaar said:
These two bits of advice seem to be conflicting.
Click to expand...

Both will be sufficiently strong. Passwords are rarely cracked by brute force as most systems protect against this.

The 3 random word approach falls down when a system forces you to use mixed character sets.
 


Bozza

Bozza

You can change this
Helpful Moderator
Jul 4, 2003
55,720
Back in Sussex
Spimunk said:
I use a service called Last Pass https://lastpass.com/index.php?fromwebsite=1 and find it great. It has a browser plug in for all the major browsers and a login link for mobile devices such as iOS, Android etc and all you do is change your password on the sites you use by creating a random secure password for each one so each site has its own password but instead of needing to remember or write these all down, you use your master password for Last Pass to login to their service and hit the browser plug in button or bookmark on a mobile device and it logs you in as long as you've saved the details within Last Pass
Click to expand...

http://www.pcworld.com/article/227268/lastpass_ceo_exclusive_interview.html
 




Dominoid

Dominoid

Albion fan in Devon
Jan 6, 2011
557
Plymouth, United Kingdom
Triggaaar said:
These two bits of advice seem to be conflicting.
Click to expand...

Bozza's suggestion is the common practice in IT, however I agree with XKCD that using a combination of unrelated words is easier to remember with a potentially better level of security than a shorter random character password.

Also it's worth noting that writing down passwords at home is unlikely to get them stolen. The types of criminal that break into houses and the type that steal data are seldom one and the same. If a burglar sees a post it note with a password near your computer they will generally only take it if its attached to something they are stealing.
 




You must log in or register to reply here.

Share this page

Albion and Premier League latest from Sky Sports


Top
Link Here