Attention - Password and Security Update - Page 3 - 2014+ Jeep Cherokee Forums
User Tag List

 24Likes
Reply
 
LinkBack Thread Tools
post #21 of 39 (permalink) Old 06-16-2016, 10:26 PM
Enthusiast Member
 
Ribbertw's Avatar
 
Join Date: May 2015
Location: Calgary AB
Posts: 117
Garage
456&Djh

Last edited by Ribbertw; 06-17-2016 at 12:10 PM.
Ribbertw is offline  
Sponsored Links
Advertisement
 
post #22 of 39 (permalink) Old 06-16-2016, 10:55 PM
Forum Elder
 
Array's Avatar
 
Join Date: Jan 2014
Location: SE Michigan
Posts: 4,282
Quote:
Originally Posted by Ribbertw View Post
So let me get this straight. You use one password to access all your different passwords? And then store all of those "ultra secure" passwords on the very hack able cloud?
The password manager I use does local-only encryption. An email address and a strong master password are used to locally-generate a unique encryption key. User data is encrypted and decrypted at the device level. It uses AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes. The blob that is sent to the cloud is securely encrypted. The user’s master password, and the keys used to encrypt and decrypt the user data are never sent to to the cloud (servers). Two-factor authentication is also available if desired.

Anyone hacking the the password manager's server will need a quantum computer and some spare time to decrypt the mess that's in the blob.
CherokeeOwner01 likes this.

2015 White/Black Limited | 3.2-L V6 | Active Drive II | Tech Grp | Lux Grp | Trailer Tow Grp | SafetyTec | Uconect 8.4AN | 9 Speakers | Tonneau Cover | Born 09-06-14 : (( (( (( (( (( (( (( :
Array is offline  
post #23 of 39 (permalink) Old 06-16-2016, 11:30 PM
Forum Elder
 
Array's Avatar
 
Join Date: Jan 2014
Location: SE Michigan
Posts: 4,282
Quote:
Originally Posted by ups4 View Post
What exactly would someone do if they DID randomly choose my screen name and perchance matched it up with my password....on this site?

Clearly I wouldn't want that to happen at my banking site, but a car forum?
There are a number of scenarios. Probably the greatest risk falls to those that use the same or easy to crack passwords for more than one site. For example, besides any data a person may have divulged on this forum about themselves, if the site password is the same as the password for the user's email account left on this site, then that account's data may be vulnerable. If that email account contains info on other account names such as social media, shopping, banking, insurance, medical, etc., and the passwords are the same or easy to crack (e.g. dictionary attack), it's pretty easy to create havoc.

It's also a matter of combining data from different sources. In today's environment, if there is a possible monetary gain, it's worth the effort to search. As @Racenut posted earlier, there are plenty of places to get data, including: https://www.leakedsource.com/main/. Note that data mining can be done at this site by username, email, ip address, first and last name, and phone number.
ups4 likes this.

2015 White/Black Limited | 3.2-L V6 | Active Drive II | Tech Grp | Lux Grp | Trailer Tow Grp | SafetyTec | Uconect 8.4AN | 9 Speakers | Tonneau Cover | Born 09-06-14 : (( (( (( (( (( (( (( :
Array is offline  
 
post #24 of 39 (permalink) Old 06-17-2016, 01:54 AM
Member
 
TrailhawkExpress's Avatar
 
Join Date: May 2016
Location: Bay Area - California
Posts: 69
Lastpass.com is another good one. Very easy to use and also supports two factor authentication.
TrailhawkExpress is offline  
post #25 of 39 (permalink) Old 06-17-2016, 11:46 AM
Hardcore Member
 
Spookster's Avatar
 
Join Date: Mar 2014
Location: Marion, Iowa
Posts: 674
Garage
So I can't make my password 123456 anymore?

  1. 2014 Limited | True Blue | 4x4 | 3.2L V6 | ADII |Tow Package |Luxury Package |Tech Package | Panoramic Sunroof | Kitchen Sink
  2. 2015 Trailhawk | Anvil Gray | 4x4 | 3.2L V6| ADII | Comfort Group | Leather Group | Cold Weather Group | Tow Package
Spookster is offline  
post #26 of 39 (permalink) Old 06-17-2016, 11:53 AM
Forum Elder
 
rumrunner's Avatar
 
Join Date: Oct 2015
Location: 25 miles northwest of Boston
Posts: 1,980
Quote:
Originally Posted by Aristo View Post
change passwords
I can get in with the new "assigned" password but I can not change it once I'm in. I enter the current (new) password and enter my desired changed password twice but the save button is inoperable and yes I adhered to these rules

Must be at least 10 characters
Must contain lower-case characters
Must contain upper-case characters
Must contain numbers
Must contain symbols

only thing I can think of is that an underscore "_" is not considered a symbol?

2014 Limited ADI 2.4 L 4-cylinder
rumrunner is offline  
post #27 of 39 (permalink) Old 06-17-2016, 11:56 AM
Moderator
 
Join Date: Dec 2014
Location: NOVA (Ashburn), VA
Posts: 2,132
Quote:
Originally Posted by Ribbertw View Post
So let me get this straight. You use one password to access all your different passwords? And then store all of those "ultra secure" passwords on the very hack able cloud?


Sent from my iPhone using Tapatalk
My device is encrypted, has a long boot-up PIN, a different unlock PIN, and yet another PIN for the password safe. The database used by the password safe is also encrypted, locally on the device. What hits the cloud is an encrypted blob. The cloud service can delete the entire data set, but that's the only access they have.

I'm in the process of changing all my PINs to pass-phrases, where possible.

If somebody has the compute capacity to break the encryption, they also have other means to coerce it (hey, give us access or go to prison...).

'15 Deep Cherry Red TH w/Brown Interior. 3.2L V-6
Safety-Tec, Cold Weather, Technology, Comfort, Tow, Leather.
Gobi Stealth roof rack with ladder.
My testing platform for electronics/telemetry experimenting.
Rojhan is offline  
post #28 of 39 (permalink) Old 06-17-2016, 11:57 AM
Super Moderator
 
gravitywell's Avatar
 
Join Date: Mar 2015
Location: Fairfax, VA
Posts: 3,136
Garage
Quote:
Originally Posted by rumrunner View Post
I can get in with the new "assigned" password but I can not change it once I'm in. I enter the current (new) password and enter my desired changed password twice but the save button is inoperable and yes I adhered to these rules

Must be at least 10 characters
Must contain lower-case characters
Must contain upper-case characters
Must contain numbers
Must contain symbols

only thing I can think of is that an underscore "_" is not considered a symbol?
Are all of the blue check marks present?

Unless all four are present, it will not allow you to continue, nor will it tell you that you're missing something.

His: 2015 Cherokee TH: Brilliant Black; V6
Mods: Gobi Rack and Ladder; Interior/Exterior LED upgrade; Xenon-Depot No Resistor HIDs; Hazard Sky Fabrications Lift Kit

Hers: 2015 Renegade Trailhawk: Alpine White; 2.4L


Forum Rules.
gravitywell is offline  
post #29 of 39 (permalink) Old 06-17-2016, 11:59 AM
Moderator
 
Join Date: Dec 2014
Location: NOVA (Ashburn), VA
Posts: 2,132
Quote:
Originally Posted by Ribbertw View Post
Already have seen a massive decrease.


Sent from my iPhone using Tapatalk
Really? "Massive"? You have access to the server and forum logs to see the volume and frequency of logins?

'15 Deep Cherry Red TH w/Brown Interior. 3.2L V-6
Safety-Tec, Cold Weather, Technology, Comfort, Tow, Leather.
Gobi Stealth roof rack with ladder.
My testing platform for electronics/telemetry experimenting.
Rojhan is offline  
post #30 of 39 (permalink) Old 06-17-2016, 12:01 PM
Moderator
 
Join Date: Dec 2014
Location: NOVA (Ashburn), VA
Posts: 2,132
Quote:
Originally Posted by ups4 View Post
I've never logged out since becoming a member.

What exactly would someone do if they DID randomly choose my screen name and perchance matched it up with my password....on this site?

Clearly I wouldn't want that to happen at my banking site, but a car forum?
Quote:
Originally Posted by Array View Post
There are a number of scenarios. Probably the greatest risk falls to those that use the same or easy to crack passwords for more than one site. For example, besides any data a person may have divulged on this forum about themselves, if the site password is the same as the password for the user's email account left on this site, then that account's data may be vulnerable. If that email account contains info on other account names such as social media, shopping, banking, insurance, medical, etc., and the passwords are the same or easy to crack (e.g. dictionary attack), it's pretty easy to create havoc.

It's also a matter of combining data from different sources. In today's environment, if there is a possible monetary gain, it's worth the effort to search. As @Racenut posted earlier, there are plenty of places to get data, including: https://www.leakedsource.com/main/. Note that data mining can be done at this site by username, email, ip address, first and last name, and phone number.
Once you unravel one thread, everything can start falling apart.

'15 Deep Cherry Red TH w/Brown Interior. 3.2L V-6
Safety-Tec, Cold Weather, Technology, Comfort, Tow, Leather.
Gobi Stealth roof rack with ladder.
My testing platform for electronics/telemetry experimenting.
Rojhan is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the 2014+ Jeep Cherokee Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



  Similar Threads
Thread Thread Starter Forum Replies Last Post
Attention someone in Utah! csmithEOD Exterior 0 07-13-2014 12:55 PM
lost password Gator Jeepcherokeeclub.com Site Help 6 12-11-2013 02:40 AM

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On