this morning i woke up to a pleasant email from hsbc telling me they had suspected fraudulent charges on my checking account. i called them expecting it to be a false alarm on a charge i made, but it really was a fraudulent charge :shock:. it was and still is kind of disturbing, so i am now spreading the word to the people of the ubuntu community cafe to start using secure passwords!

i was the type of person who had 2 core passwords with a few derivatives based off them that i used for everything. if you do this and think you'll be fine, then you should seriously reconsider instead of waiting to find out the hard way it's not very safe. there are a lot of bung holes out there in the world.

here are the results of a little preliminary research i've done, just to help you along if you're lazy. there is this program in the ubuntu software center called KeePassX that allows you to store all your passwords in one program that is itself protected by a master program. it also has a password generator, so you could create separate 20-character long insane passwords for every account you have, but only have to remember 1 password to access them. another cool thing about it is if you're fortunate enough to have a smart phone, i saw one of the reviewers mention a KeePadAndroid app, so you could securely take all your secure passwords with you.

that's all. send me your best wishes as i obsessively check me credit report over the next 6 months to make sure the thief didn't get my social security number too and started opening a bunch of credit cards under my name :sad:

I'm sorry that it had happened. Are you sure it was your password was hacked and not some other way?

These are the rules I follow

1. Use a password manager with a master password

2. Create long passwords with at least 1 cap, 1 lowercase, 1 number, and 1 symbol

3. Never use the same password twice especially for your email, online banking, and online taxes.

4. Never store your email, online bank or online tax passwords in your password manager in case your password manager is compromised. Keep them in your head.

5. If your bank or email allow you to enable 2 step verification then enable it.

So technically I just have to remember 4 passwords.

I'm sorry that it had happened. Are you sure it was your password was hacked and not some other way?

These are the rules I follow

1. Use a password manager with a master password

2. Create long passwords with at least 1 cap, 1 lowercase, 1 number, and 1 symbol

3. Never use the same password twice especially for your email, online banking, and online taxes.

4. Never store your email, online bank or online tax passwords in your password manager in case your password manager is compromised. Keep them in your head.

5. If your bank or email allow you to enable 2 step verification then enable it.

So technically I just have to remember 4 passwords.

i am not sure whether it was a password compromise or not, but it seems like that's the most likely scenario. i've been thinking about what might have happened and the two things that come to mind are two separate landlords i've had who are kind of sketchy, and that recent hack into the Steam database. i have a steam account, have purchased games on there, and have been using those same two core passwords i talked about before for the past 5 or 6 years.

those are some nice rules you use though. i'm going to have to implement a few of them in my own password repertoire.