03-02-2013, 09:58 PM | #1 |
Groupie
Posts: 195
Karma: 1069472
Join Date: Aug 2007
Location: Chicago,IL USA suburb
Device: Sony PRS-T1 and PRS-950
|
EVERNOTE passwords were hacked
Although I own Sony PRS-T1 and 950 ebook readers, I came across this news article that may be of concern to the T2 (and other?) users that use EVERNOTE:
http://gma.yahoo.com/evernote-hacked...opstories.html part of the article.. "The next time you log in to your Evernote account, don't be surprised when you are asked to reset your password. The web and app-based digital notebook service reset all user passwords after a "coordinated attempt to access secure areas of the Evernote Service." Last edited by gardenstate; 03-02-2013 at 09:59 PM. Reason: clarification |
03-03-2013, 01:56 AM | #2 | |
Frequent Flier
Posts: 1,282
Karma: 2058993297
Join Date: Oct 2011
Device: KB kindle aboard, Galx Tab 7.0 Plus, trying out Droid 1 as mini-tab
|
Quote:
Is some valuable kept there? I thought it was just a note taker and writer. |
|
Advert | |
|
03-03-2013, 02:08 AM | #3 |
Wizard
Posts: 1,358
Karma: 5766642
Join Date: Aug 2010
Device: Nook
|
People tend to use the same passwords everywhere, and an account on any web site will very likely have an email address in it. Spammers love to get hold of other people's email passwords.
|
03-04-2013, 02:04 PM | #4 | |
Bah, humbug!
Posts: 39,073
Karma: 157049943
Join Date: Jun 2009
Location: Chesapeake, VA, USA
Device: Kindle Oasis, iPad Pro, & a Samsung Galaxy S9.
|
I know this is no laughing matter (I'm an Evernote customer myself), but I couldn't hold it in after reading this comment by "Ralf The Dog" at the Huffington Post's article on this subject:
Quote:
|
|
03-04-2013, 02:40 PM | #5 |
Guru
Posts: 722
Karma: 2084955
Join Date: Dec 2010
Device: iPhone
|
They love the email addresses, even without the passwords. I read that Dropbox users whose accounts were hacked months ago have recently been bombarded with junk mail.
|
Advert | |
|
03-04-2013, 04:10 PM | #6 | |
Captain Penguin
Posts: 2,947
Karma: 2077653593
Join Date: May 2009
Location: Vancouver, BC
Device: Kobo Libra 2, Nook Glowlight
|
Quote:
|
|
03-04-2013, 05:29 PM | #7 | |
Guru
Posts: 826
Karma: 18573626
Join Date: Jun 2011
Location: Canada
Device: Kobo Touch, Nexus 7 (2013)
|
Quote:
As of yesterday though, I've started using LastPass, and now have a different password for every site. The passwords are generally 12 to 16 character long strings of random letters, numbers and symbols to avoid an easy dictionary-based attacks, and I've also setup two-factor authentication where it's available. Even with all that, I still feel like my data on any given site is easy prey to a hacker with enough time or skill. Edit If anyone is interested in setting up a password manager, LifeHacker has a tutorial on LastPass here. Last edited by Ninjalawyer; 03-04-2013 at 05:31 PM. |
|
03-04-2013, 05:34 PM | #8 | |
Connoisseur
Posts: 59
Karma: 712900
Join Date: Oct 2009
Location: Hull, UK
Device: Kindle PW, Kindle Keyboard, Kobo Touch, Sony PRS-505, 600 & Librié
|
Quote:
These hacks are a pain in there backside but at least it's making people think about security. |
|
03-04-2013, 06:46 PM | #9 |
Readaholic
Posts: 5,156
Karma: 90000000
Join Date: Sep 2011
Location: South Georgia
Device: Surface Pro 6 / Galaxy Tab A 8"
|
I have multiple passwords of differing difficulties depending on the sites.
Apache |
03-05-2013, 08:29 AM | #10 |
Guru
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
I only trust open source password managers and of those I've looked over, two that look like they cover everything are Password Safe and Keepassx. Not done a detailed analysis though, just had a brief read the source to see how they handle key generation/storage and password stretching and to build a version for myself.
Whilst there could be bugs, they at least appear to do everything needed, which is more than can be said for many of the closed source offerings. Some were found to use weak encryption or stored a master password with the db or didn't perform key stretching... Not looked at last pass, but I wouldn't trust any online service with my passwords even with client side encryption. |
03-05-2013, 09:13 AM | #11 |
Bah, humbug!
Posts: 39,073
Karma: 157049943
Join Date: Jun 2009
Location: Chesapeake, VA, USA
Device: Kindle Oasis, iPad Pro, & a Samsung Galaxy S9.
|
Good point. It makes sense to use a different password on every site that requires one.
|
03-06-2013, 05:18 AM | #12 |
Wizard
Posts: 4,334
Karma: 4000000
Join Date: Oct 2008
Location: Paris
Device: Cybooks; Sony PRS-T1
|
|
03-06-2013, 07:08 AM | #13 |
Readaholic
Posts: 5,156
Karma: 90000000
Join Date: Sep 2011
Location: South Georgia
Device: Surface Pro 6 / Galaxy Tab A 8"
|
Banks in the US are required to make you change your password every six months. And you can not use the last four previous passwords. The logic behind this is that it is supposed to make your account more secure. I find that it does the opposite. Changing your password frequently will make most people use something that is easy to remember or write down their current password. I prefer to just use one really strong one that I have memorized.
A corollary is people that right down safe combinations and leave them on their desk or carry them on them. Anytime you have a password written down someone can use it. Even if you have it stored encrypted electronically it can be hacked. The only safe password is the one that stays in your brain and nowhere else. Every one of my employees that has access to my security system has his own unique code. Whenever my system is accessed it is logged and I receive email and text alerts allowing me to see which code is being used. Your security is important and everyone should always be aware of theirs. Apache |
03-06-2013, 02:33 PM | #14 |
Rookie Mucker
Posts: 56
Karma: 568004
Join Date: Mar 2011
Location: NW Montana-near center of universe
Device: Pixel 7. Moto G, Kobo Glo HD, PW2, Linux PCs
|
All of my banks are all in the U.S. and none of them require me to change my password. I googled it and see where experts recommend it but see no mention of it being required. Am I missing something or did you mean to say it is recommended?
|
03-06-2013, 04:10 PM | #15 |
Readaholic
Posts: 5,156
Karma: 90000000
Join Date: Sep 2011
Location: South Georgia
Device: Surface Pro 6 / Galaxy Tab A 8"
|
I have business and personal accounts in different banks. All of them have told me they are required to do so by the Fed.
Apache |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Classic Passwords etc | Pomtroll | Barnes & Noble NOOK | 3 | 04-03-2013 01:25 PM |
News for PRS-T2 Users: EVERNOTE passwords were hacked | gardenstate | Sony Reader | 1 | 03-03-2013 06:08 AM |
PRS-T1 problem with passwords | Priscillux | Sony Reader | 10 | 11-13-2011 04:30 PM |
Passwords, mashwords.......... | carpetmojo | News | 32 | 05-03-2011 06:49 PM |
Confused by behavior of two pdfs w/permissions passwords, but no open passwords/DRM | grr | 0 | 12-21-2009 02:21 PM |