Change All Passwords

[Garpal Gumnut]

While panic is anathema to me, in view of the Optus and Medibank kerfuffles may I suggest all ASF members change their banking and broker passwords as well as their email, computer and phone logins.

Now.

As Oscar Wilde wrote " To lose one parent, Mr. Worthing, may be regarded as a misfortune; to lose both looks like carelessness".

In my experience, limited as it is, this is only the beginning.

Bad actors with foreign Governments' backing are probably behind it.

Many Australian Financial and Banking oufits' security is reflected by the succession rule for "mates", low intelligence and poor governance of their boards and members rather than any skillset or proactive outlook on risk.

gg

​

 

[divs4ever]

an extra suggestion ,

do NOT have one password for ( almost ) everything ( even if it means keeping your passwords in a note book hidden out of sight .. NOT on your devices/computers/phones )

 

[Craton]

FWIW, as per the OP re. changing pwds.
With my work related logins for our various service providers, the most onerous have a 3 month enforced password change and some even enforce the 2FA requirement as well.

Password managers such as KeePass can help if you have tons of passwords.

 

[sptrawler]

Write down all your passwords, but add a common prefix or suffix to them that you have no trouble remembering eg (make, model and year of your favourite car/motor bike/boat/whatever) only you know it.
Then if someone gets hold off the password list, it is useless without the memorised prefix or suffix and the password list can be changed any time.

 

[Gringotts Bank]

While panic is anathema to me, in view of the Optus and Medibank kerfuffles may I suggest all ASF members change their banking and broker passwords as well as their email, computer and phone logins.

Now.

As Oscar Wilde wrote " To lose one parent, Mr. Worthing, may be regarded as a misfortune; to lose both looks like carelessness".

In my experience, limited as it is, this is only the beginning.

Bad actors with foreign Governments' backing are probably behind it.

Many Australian Financial and Banking oufits' security is reflected by the succession rule for "mates", low intelligence and poor governance of their boards and members rather than any skillset or proactive outlook on risk.

gg

​

Good to have long pws for personal accounts, but corporate hacking bypasses all of that.

Big corp won't stand for this much longer. Someone will develop a watertight, unhackable database technology and make themselves into billionaires overnight. It won't go on forever because too much is at stake. Big money always wins in the end.

 

[Garpal Gumnut]

Good to have long pws for personal accounts, but corporate hacking bypasses all of that.

Big corp won't stand for this much longer. Someone will develop a watertight, unhackable database technology and make themselves into billionaires overnight. It won't go on forever because too much is at stake. Big money always wins in the end.

That would be the assumption, however thieving has been going on since Adam was a boy and the dishonest will always find a way around any lock.

For the individual punter it is best to change passwords frequently and not use the same or similar password for different accounts.

I don't trust machine generated passwords by Firefox, Safari, etc etc.

Mine is presently Garpal_Gumnut for all accounts, but please do not tell anyone. The underscore is rarely used.

gg

 

[divs4ever]

one problem is many people in large companies have legitimate access to your personal details ( or certain parts of them ) say your dentist knows your medicare No. plus the usual stuff , , and that doesn't count those who have unauthorized opportunities to see some details ( say co-workers )

 

[Gringotts Bank]

That would be the assumption, however thieving has been going on since Adam was a boy and the dishonest will always find a way around any lock.

For the individual punter it is best to change passwords frequently and not use the same or similar password for different accounts.

I don't trust machine generated passwords by Firefox, Safari, etc etc.

Mine is presently Garpal_Gumnut for all accounts, but please do not tell anyone. The underscore is rarely used.

gg

mm, that's true.

I use machine generated pws and disposable emails for a lot of online stuff where I just want to have a quick read of something, but sign up is required to do it. If they start spamming me, I just delete the email with one click. It's a nice system although people are wising up to this and will prevent access unless you have a "proper" email.

 

[DaveDaGr8]

FWIW, as per the OP re. changing pwds.
With my work related logins for our various service providers, the most onerous have a 3 month enforced password change and some even enforce the 2FA requirement as well.

Password managers such as KeePass can help if you have tons of passwords.

+1 for Keepass .... I actually use KeePassXC.

KeepassXC can do TOTP (2FA) as well, although if you're a security freak you might not want to have your password and TOTP in one place.

2FA for everything.

OnlyKey Hardware device, for sites that can use it. It has a PIN unlike Yubikey

CryptoMator to encrypt everything important in Onedrive.

 

[Craton]

Good to have long pws for personal accounts, but corporate hacking bypasses all of that.

Big corp won't stand for this much longer. Someone will develop a watertight, unhackable database technology and make themselves into billionaires overnight. It won't go on forever because too much is at stake. Big money always wins in the end.

Quantum internet is touted as being hack proof because of the way the qubits entanglement link works. Any interference in the link, say like a middle man attack or someone just reading the "packets" causes the link to fail. Why?
The link is identical at both ends so any tampering, yep, even having a sneak peek at the data flow is an alteration of the link. Pretty cool from what I've read so far.

From Wikipedia re. Quantum Internet:

One example of a prototype quantum communication network is the eight-user city-scale quantum network described in a paper published in September 2020. The network located in Bristol used already deployed fibre-infrastructure and worked without active switching or trusted nodes

In 2022, Researchers at the University of Science and Technology of China and Jinan Institute of Quantum Technology demonstrated quantum entanglement between two memory devices located at 12.5 km apart from each other within an urban environment.[35]

In the same year, Physicist at the Delft University of Technology in Netherlands has taken a significant step toward the network of the future by using a technique called quantum teleportation that sends data to three physical locations which was previously only possible with two locations.

 

[Craton]

Oops, forgot to add this link from 2020 re. the Quantum Internet. Upshot is that is can work on top of the existing infrastructure.

In the constant race of the codemakers and codebreakers, the quantum internet won’t just prevent the codebreakers taking the lead. It will move the race track into another world altogether, with a significant head start for the codemakers. With data becoming the currency of our times, the quantum internet will provide stronger security for a new valuable commodity.

 

[Gringotts Bank]

Quantum internet is touted as being hack proof because of the way the qubits entanglement link works. Any interference in the link, say like a middle man attack or someone just reading the "packets" causes the link to fail. Why?
The link is identical at both ends so any tampering, yep, even having a sneak peek at the data flow is an alteration of the link. Pretty cool from what I've read so far.

From Wikipedia re. Quantum Internet:

That is very cool. Why aren't they using it? Or do you think it's in process of being rolled out?

 

[So_Cynical]

Pretty much all the so called hacks in the news past and present have come about via the thief of login credentials, so an authorised employee not doing the right thing etc, password hacking really isn't a thing outside of the basics.

 

[Craton]

That is very cool. Why aren't they using it? Or do you think it's in process of being rolled out?

DARPA has since 2003:

DARPA Quantum Network Starting in the early 2000s, DARPA began sponsorship of a quantum network development project with the aim of implementing secure communication. The DARPA Quantum Network became operational within the BBN Technologies laboratory in late 2003 and was expanded further in 2004 to include nodes at Harvard and Boston Universities. The network consists of multiple physical layers including fiber optics supporting phase-modulated lasers and entangled photons as well free-space links.[42][43]

The Chinese have also:

Beijing-Shanghai Trunk Line In September 2017, a 2000-km quantum key distribution network between Beijing and Shanghai, China, was officially opened. This trunk line will serve as a backbone connecting quantum networks in Beijing, Shanghai, Jinan in Shandong province and Hefei in Anhui province. During the opening ceremony, two employees from the Bank of Communications completed a transaction from Shanghai to Beijing using the network. The State Grid Corporation of China is also developing a managing application for the link.[48] The line uses 32 trusted nodes as repeaters.[49] A quantum telecommunication network has been also put into service in Wuhan, capital of central China's Hubei Province, which will be connected to the trunk. Other similar city quantum networks along the Yangtze River are planned to follow.[50] In 2021, researchers working on this network of networks reported that they combined over 700 optical fibers with two QKD-ground-to-satellite links using a trusted relay structure for a total distance between nodes of up to ~4,600 km, which makes it Earth's largest integrated quantum communication network.[51][52]

As to why it's not been rolled out?
A quick Google search show that it's starting to happen.
AWS and AliroNet

AliroNet™ enables full-scale universal deployments, pilot implementations, and quantum network emulation

NEW YORK, Oct. 25, 2022 /PRNewswire/ -- Aliro Quantum, the first pure play quantum networking company, today announced the availability of AliroNet™, a comprehensive end-to-end entanglement-based Quantum Network solution. This unified solution is used to emulate entanglement-based quantum networks, implement small scale pilots, and deploy full-scale universal entanglement-based quantum networks.

 

[Dona Ferentes]

Mine is presently Garpal_Gumnut for all accounts, but please do not tell anyone. The underscore is rarely used.

gg

Damn. I've been using Garnut Gumpal . No woody blunder

 

[Garpal Gumnut]

Damn. I've been using Garnut Gumpal . No woody blunder

Garnut_Gumpal works as well.

I always underscore, and do not, do not comment @Dona Ferentes on the first three words in this sentence.

Seriously though.

Layyydees n Gennnnelmen, as is said before boxing matches.

Change yer passwords frequently, hacking will get worse.

gg

 

[So_Cynical]

Saw a good tip on youtube, works like this, get a password manager and allow it to assign crazy complex passwords then add the same 4 or 5 characters extra to every password, so you are not completely dependant on the password manager and only have to remember the same 4/5 characters.

Resulting in very complex passwords that are all 100% unique and cannot be compromised.

 

[Garpal Gumnut]

Saw a good tip on youtube, works like this, get a password manager and allow it to assign crazy complex passwords then add the same 4 or 5 characters extra to every password, so you are not completely dependant on the password manager and only have to remember the same 4/5 characters.

Resulting in very complex passwords that are all 100% unique and cannot be compromised.

Have you tried it?

gg

 

[So_Cynical]

Have you tried it?

gg

Planning to - finding the correct password manager at the right price is a challenge, considering that you are kind of locking yourself into yearly subscription fees for ever, probably a legitimate tax deduction anyway and generally not crazy expensive at about 35 dollars per year.

Double blind password method explained.