Discussion in 'Swapmeet Talk' started by N6OIL, Jan 13, 2018.
Sorry but no on Yuma, I have another engagement!
I'm now vetted!
very nice feature 2FA /Identity Verified , the directions for FF need to be updated as the screens/steps are different from the current version.
And another thing...
When someone's account gets hacked and the attacker uses the stolen identity to gain access to the site, we immediately ban the affected user. Once banned, the victim will be required to provide proof of identity and will be required to use Two Factor Authentication.
What about the perpetrator? We hold no hope of ever finding the perpetrator. Even if we did, it would be highly unlikely that he would every pay a price for his conduct. Although it is without a doubt a true cyber crime, it is at a level at which the authorities won't get involved. I hate to say that the cops don't care, but you can draw your own conclusions.
When a person allows another person to have their password, it is their own fault if they get hacked. Similarly, if one falls for a phishing scheme where a they submit their password into a fake page, it's also their own fault for not paying attention to the address bar at the top of the screen. In addition, if they use the same password on many different sites, including QRZ, they deserve to get hacked because such practice is just plain dumb.
Here's a strategy that you can use to both insure a unique password on every site, and make it such that you won't have trouble remembering it.
1. Choose a good, basic password ( see https://xkcd.com/936/ ). For example, "applepuppysplash".
2. Next, look at the name of the website that you're logging into: For example, "facebook.com".
3. Choose a number to represent a position in the website name. For this lesson, let's choose 2. Now, looking at the name (facebook) notice that the letter in the second (2) position is an 'a'.
4. Take the letter you've chosen ('a' in our example) and convert it to its phonetic word, in this case "alpha" because "a" stands for "alpha".
5. For facebook.com, your password then becomes 'applepuppysplash' AND 'alpha', written such as "applepuppysplash+alpha". Similarly, for QRZ.COM, the password would be "applepuppysplash+romeo", because the second letter in the name is 'r'. For CQ.com, it would be "applepuppysplash+quebec", and so on. The phonetic modifier can be before the root password, or after it, or even embedded within. You can use any punctuation in the password (+ in our example), or none at all. The important thing is that you do it the same way every time so that you always remember your secret strategy. This way, all you have to remember is your universal base password and your modifier strategy.
Remember that you choose the strategy. You choose the letter position in the website name to use for phonetic coding. You choose how the phonetic word is added to your default password and whether or not it uses punctuation. In other words, design a strategy that works for you. Nobody else will be able to figure it out if you are reasonably careful.
Once you've figured this out, you'll never need to write down passwords again. And they'll be secure.
Note: all of the above is still no substitute for 2FA. I use BOTH a password strategy AND 2FA. 2FA is in fact so secure that I could literally give a hacker my exact password and not worry about it. That's because even having possession of my password, a hacker would also need my smartphone and my fingerprint. This is what good security feels like. Its not perfect, but its 1000% better than anything else that is practical and available at this usage level.
Trouble with standards is there are so many to choose from.
Some sites require minimum X characters, some maximum X characters, some require special characters, some won't allow certain special characters, etc. etc.
No matter how hard you try to devise the ultimate security procedures, some moron will compromise them without even trying.
Fred: Seriously, is there any way to have 2FA good for only one day, instead of 30 days? I'm one of those guys who closes his browser and goes "off line" when he's done online.
Don't check the 30 day box and log out of QRZ, rather than just closing your browser.