Security Reminder
Hi, I'm here from the Internet;
My friend foxsong had her LJ hacked last night (NSFW), and it's made me think about password security, especially after reading the Hack FAQ #117, particularly:
Your LiveJournal password can always be reset by anyone with access to the current email address associated with your account, as well as any email address which has been validated on your account longer than the current email address. Ultimately, the security of your first validated email address determines the security of your LiveJournal account.
If you can no longer access any email address associated with your LiveJournal account, you will first need to work with your email service provider before you can resecure your LiveJournal Account. If your first validated email address has been compromised, and cannot be resecured, there is unfortunately no action that you or the Abuse Team can take to resecure your LiveJournal account.
The lesson?
1. DO NOT use the same password for your primary email and your LJ account.
2. CHANGE PASSWORDS frequently. Go and do it RIGHT NOW, in fact. It can't hurt.
3. Maintain secure passwords. Use something that's hard to guess, and which uses alpha-numeric mixed-case characters. Don't use your pet's name, your kid's name, or anything that someone could easily guess from reading your blog.
4. Hackers suck. But not as hard as their moms do. And believe me, I know.
foxsong is really nice, and doesn't deserve the headache of this sort of juvenille bullshit. I just hope her LJ is the only security breach she has to contend with. Better check those credit cards, Fox.
I know I'm preaching to the choir - everyone here uses uncrackable, completely random passwords, and never uses the same password for any two purposes. Just remember to be safe, kids. It's a big, bad, scary Internet out there, and it's full of terrible people. Don't take cookies from strangers, and no matter how badly you want to see more pix of Scully naked, don't give AndersonBoy aka CGBS your credit card number. But I don't really need to tell you THAT.
My friend foxsong had her LJ hacked last night (NSFW), and it's made me think about password security, especially after reading the Hack FAQ #117, particularly:
Your LiveJournal password can always be reset by anyone with access to the current email address associated with your account, as well as any email address which has been validated on your account longer than the current email address. Ultimately, the security of your first validated email address determines the security of your LiveJournal account.
If you can no longer access any email address associated with your LiveJournal account, you will first need to work with your email service provider before you can resecure your LiveJournal Account. If your first validated email address has been compromised, and cannot be resecured, there is unfortunately no action that you or the Abuse Team can take to resecure your LiveJournal account.
The lesson?
1. DO NOT use the same password for your primary email and your LJ account.
2. CHANGE PASSWORDS frequently. Go and do it RIGHT NOW, in fact. It can't hurt.
3. Maintain secure passwords. Use something that's hard to guess, and which uses alpha-numeric mixed-case characters. Don't use your pet's name, your kid's name, or anything that someone could easily guess from reading your blog.
4. Hackers suck. But not as hard as their moms do. And believe me, I know.
foxsong is really nice, and doesn't deserve the headache of this sort of juvenille bullshit. I just hope her LJ is the only security breach she has to contend with. Better check those credit cards, Fox.
I know I'm preaching to the choir - everyone here uses uncrackable, completely random passwords, and never uses the same password for any two purposes. Just remember to be safe, kids. It's a big, bad, scary Internet out there, and it's full of terrible people. Don't take cookies from strangers, and no matter how badly you want to see more pix of Scully naked, don't give AndersonBoy aka CGBS your credit card number. But I don't really need to tell you THAT.