Verified Member Status Requirements

Discussion in 'Ham Radio Gear For Sale' started by AA7BQ, May 19, 2019.

ad: L-HROutlet
ad: l-rl
ad: Left-3
ad: L-MFJ
ad: MessiPaoloni-1
ad: Subscribe
ad: Left-2
  1. KJ4VTH

    KJ4VTH Ham Member QRZ Page

    "16 character, no words in the Oxford Dictionary, numbers interspersed in the strings, special characters" has been debunked by the guy who originally proposed that. Very long normal text passwords (such as iloveQRZmorethanever!) are more effective if you can believe his subsequent updates on the internet.
     
  2. KJ4VTH

    KJ4VTH Ham Member QRZ Page

    oh damn! I just gave up my credentials. :(
     
  3. W7UUU

    W7UUU QRZ Lifetime Member #133 Administrator Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    Yeah except people fall for phishing schemes like the last several rounds over the last few weeks, and just give their "super complicated password" to the scammers to take over their account.

    Dave
    W7UUU
     
    KJ4VTH likes this.
  4. K1OIK

    K1OIK Platinum Subscriber Platinum Subscriber QRZ Page

    [QUOTE="AA7BQ, post: 5096118, member: 1"

    Also, all things being equal, the key to a good password is its length, above all else. For example, a password like AppleOrangeSteelGasoline is vastly more secure than "dy45@$wp!" 16 characters is a good start, but longer is still better. Best explained here: https://xkcd.com/936/[/QUOTE]
    Speaking of passwords, I see why QRZ needs it so W1AW won't sign in as me but why does my electric company need one from me, is someone going to pay my bill?
     
    K3EY likes this.
  5. N0TZU

    N0TZU Platinum Subscriber Platinum Subscriber QRZ Page

    Phishing is real and can be quite convincing:

    A criminal convinced someone in my former employers payroll department to email them the entire W2 tax form database a few years ago, covering at least 10000 employees (SSNs, yearly income, addresses). That had to have been more than just a poorly worded email.

    The crook immediately filed fraudulent tax returns to get big refunds sent to them. We had to go to an IRS office with multiple physical IDs to prove our identities so we could file the real return which was oh so much fun. We still have to show special ID information on our return every year now.

    Probably all that information was sold on the dark web somewhere too.
     
  6. AA7BQ

    AA7BQ QRZ Founder Administrator Platinum Subscriber QRZ Page

    Burt,
    Regarding the electric company you mention, consider that a customer may a legitimate reason to keep their location confidential. Maybe it's an abusive ex-spouse, or perhaps a deranged criminal. In any event, people do have valid reasons for not releasing their addresses. If someone logs into your electric account, it would not be unusual to think that the Service Address might be posted there. So that 's why. They are protecting your privacy and perhaps even your identity.

    73 -fred
     
  7. KA3BQE

    KA3BQE Platinum Subscriber Platinum Subscriber Life Member QRZ Page

    Pretty common scheme too. I do find it interesting though because the IRS issued a PIN for both myself and my wife and we can't file a return without it. This was about 10-15 years ago I think? And my identity has been involved in all the major hacks that I also have a credit freeze see this link. I've only needed to "thaw" my account once when I had to switch credit cards for Costco and it was a fairly painless process but did require I be involved in the process. The "thaw" was also only for that one request from that bank and no one else.
     
    N0TZU likes this.
  8. N0TZU

    N0TZU Platinum Subscriber Platinum Subscriber QRZ Page

    Yep, freezing credit is the ONLY way to go these days, IMO. Especially now that by law it's free to freeze/unfreeze. (Oh, and the "lock" feature that the agencies sell to you isn't the same, so it pays to hunt around for their actual freeze webpage. They make it hard to find to encourage you to pay for their "lock" service).
     
  9. KA9JLM

    KA9JLM Ham Member QRZ Page

    Don't tell people that work with SERIOUS network security that. They may prove that to be wrong.

    There are ways to find the MAC address of computers connected to the internet.

    But a MAC address can be spoofed, Just like a IP address can. People that spoof can be found also. :)

    Keep up the good work Fred. Everyone loves QRZ or we would not be here.
     
    Last edited: Jun 13, 2019
  10. AA7BQ

    AA7BQ QRZ Founder Administrator Platinum Subscriber QRZ Page

    I knew that comment would get me into trouble :) Perhaps you could email me with a reference on how a compromised MAC address could be effectively used over the Internet. They don't get routed, they don't have a DNS, and I just can't think of a way the information would be of any use, EXCEPT, for an attack that was originating from the inside of one's own network. I'm not a security expert and I respect those that are. Fortunately, there are enough of them amongst our users that surely one of them will let me know if we're making a mistake. I worked at Sun Microsystems for almost 20 years as a programmer, systems engineer, and system performance expert. I do wish that I could have served a stint in the security department, but my talents were in high demand in other areas.

    My comment really should have said, "I think you meant IP, not MAC". My apologies.

    73, -fred
     

Share This Page