Page 1 of 1
Cloudflare Security Issue
PostPosted:Fri Feb 24, 2017 3:22 am
by Shrinweck
Hit by the Cloudbleed HTTPS traffic leak, Cloudflare may have compromised a lot of passwords. And "a lot" is probably an understatement:
https://github.com/pirate/sites-using-cloudflare
Took this as an excuse to go through my password manager and get rid of my duplicate passwords and update old passwords. Took 2-3 hours lol. Logging in and manually changing passwords to stuff like games I haven't played in 4+ years was a trip. I even logged into facebook for the first time in a few years haha. It was weird how many sites have password character restrictions these days. I have an easily remembered 'trick' to a long unique (20+ character) password that I can remember for sites/products that I can't tie into my password manager and having to dumb some of them down was annoying. The two most notable sites still doing shit like that were Paypal and Blizzard which imposed a ~15 character limit on me. IIRC paypal also got bitchy when I tried to include a space as a character.
In any case, hope you guys have good luck with not being compromised.
Re: Cloudflare Security Issue
PostPosted:Sat Feb 25, 2017 3:11 am
by kali o.
I keep such a small online profile; and when I do commerce online, I use prepaid cards only...usually.
Only Amazon, Google Wallet, gmail and my online bank have any sensitive info -- but I am hopeful all those sites are big enough to ensure my info is a top priority to protect and I am *sure* they would offer me protection/communication with any compromise. Steam/PSN only get prepaid card use - but I would be bummed if something happened to those accounts.
I have a 12 character password I use for ALL games.
I have a 10 character password I use for ALL social/pointless websites.
I have a 12-20 character password, with a nonsense word+numbers+symbols, that I use for the four important online sites mentioned before.
I have two VPNs I use for different purposes. I use Veracrypt on my HDDs, and I will not specify what type of password(s) I use for that.
Just sharing my personal security practices -- it's pretty low maintenance and certainly vulnerable in areas (but imo, only for stuff I don't much care about). I haven't had any issues yet and hopefully never will (*knock on wood*).
Re: Cloudflare Security Issue
PostPosted:Sat Feb 25, 2017 6:36 am
by Eric
Do you not use 2 factor authentication? I find it to be godsend.
Re: Cloudflare Security Issue
PostPosted:Sat Feb 25, 2017 2:17 pm
by Shrinweck
Yeah I use it where applicable but the ~150 sites that my password manager used to keep track of (trimmed it to 70) typically don't have that as an option.
In any case, this particular vulnerability, while it did exist, it kind of appears no one realized it was out there and took advantage. Still I needed to change my passwords. The duplicates were careless and while 95% of the sites where I used duplicates don't matter, there's no real reason to have duplicates when you're using a password manager.
I use Veracrypts (RIP Truecrypt) encrypted file containers as more of a.... deterrent were I to die or some such against people looking at the things I've accrued as single, so to speak.
Re: Cloudflare Security Issue
PostPosted:Mon Feb 27, 2017 7:53 pm
by kali o.
Eric wrote:Do you not use 2 factor authentication? I find it to be godsend.
I actually hate two+ factor authentication schemes. Something else to remember, or like Bioware did for SWTOR, another app/hoop for me to deal with.
I can't wait till we are all just chipped, iris scanned or something, and I don't have to remember shit. Hurry up big bad government!
Re: Cloudflare Security Issue
PostPosted:Mon Feb 27, 2017 8:15 pm
by Don
Two factor works because it's a pain for the 'something else' part and that's also why it's not that prevalent. There's a lot of stuff that you'd think is important like your bank account or your Amazon account that does not use a 2 factor authentication while a random MMORPG wants you to use a 2 factor authentication. This isn't because your SWTOR account requires more security than your bank account, but that your bank figures imposing such a system is not necessarily worth it.
Biometrics may seem promising, but what happens if it gets compromised? Time to get a new eye?