Forums - General Discussion - Warning: Sextortian scam going around

Yeah, this has been going on for a while. I got one maybe last year of the year before that too, and I think it was already old by then. A good reminder though. The passwords are probably from leaks from other services and they're just guessing you're still using the same email address and password everywhere else because it's a fairly good guess.

SvennoJ said:
What's the max length of a password that's actually used/stored on sites though? Some random sentence might sound safe, but if the site only checks the first 10 characters or so :/ Then try to remember 40 different random sentences for stuff you maybe only access a few times a year. Write it down somewhere safe. There's only 2 (difficult) passwords I remember, the one for my bank and the one for my email, since every password reset request goes to my email. That's the most vulnerable point. That's my Microsoft password now which I also unlock my laptop with every day, so won't forget it. Of course if MS gets hacked :/

Any service that does password security well doesn't, in practice, restrict password length, because the password itself is never stored but only used to calculate a fairly short value. I mean, there might be some really high restrictions, but in practice, you shouldn't run into them. Poorly designed services are another thing though...

Anyway, you'll want to use a different password everywhere. Password managers are what's considered an acceptable solution to 'remembering' all the passwords these days. That way, you only need to remember one password.



Around the Network
SvennoJ said:
What's the max length of a password that's actually used/stored on sites though? Some random sentence might sound safe, but if the site only checks the first 10 characters or so :/ Then try to remember 40 different random sentences for stuff you maybe only access a few times a year. Write it down somewhere safe. There's only 2 (difficult) passwords I remember, the one for my bank and the one for my email, since every password reset request goes to my email. That's the most vulnerable point. That's my Microsoft password now which I also unlock my laptop with every day, so won't forget it. Of course if MS gets hacked :/

Then it's time to fire their IT/security team. That suggests they are storing passwords in plain text.  You can't just check the first X characters of an hashed password. 



Massimus - "Trump already has democrat support."

Someone tried that with me not too long ago. Laughed it off and deleted the email. Then I shook my head at the site with poor password security.



SvennoJ said:
Hiku said:

I use different passwords for everything, and I don't have a webcam, so I guess something like this wouldn't concern me.
But good for people to know that these things tend to be scams.

Yeah me too, it's just that one password I use for low risk stuff. I might have used it once for some one time use website to send a card or something. Or maybe the psn hack got it although that shouldn't have your wifi info. The rest of my passwords are all different random strings of characters.

A new one for me although this scam is already 2 years old. Meanwhile the apple / amazon / netflix scams continue almost daily. Is there no law against this stuff that it continues to go on at this scale? They're starting to look closer and closer to the real thing. Of course never ever click on anything inside an email, and only open attachments from people you are expecting to send you them.

I'm sure a lot of these scams originate from countries where the victim is not from. So even if there's a law against it in say USA, they can't do much when the perpetrator is in Nigeria.



KLAMarine said:
Someone tried that with me not too long ago. Laughed it off and deleted the email. Then I shook my head at the site with poor password security.

Same for me