What's new
Apple iPad Forum 🍎

Welcome to the Apple iPad Forum, your one stop source for all things iPad. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Questions about site security risk

Ser Aphim

iPF Novice
Joined
Nov 7, 2013
Messages
1,022
Reaction score
171
Location
Philippines
If a hacker managed to hack a site say for example Facebook, Twitter, or even this site, the Apple iPad forums, will my login details, my email, username and password be exposed? And how is it possible that a website can be hacked?
 

Codeme

iPF Noob
Joined
Apr 9, 2012
Messages
6
Reaction score
3
Location
Blackburn
Website
www.darkasylum.co.uk
most passwords are encrypted no one at all knows what they are only you,
When a site it hacked it's normally because of a few reasons,

1: being the site in question can't be bothered using the correct plugins or SLL certs, and security encryptions.
2: you have used a short common password which are always easy to crack,

Backtrack is now out of date and most hackers are now using Kali Linux a Penetration Testing and Ethical Hacking OS.
I'm not going to explain on here how you use it.

However if you have a long Password with Capital letters and lower-case letters mixed with Numbers and symbols you are 99% of the time fine.Personal I use Dashlane which makes passwords for me and if a website is heard of being hacked Dashlane prompts you to change your password, it also warns you if there's any vulnerabilities with flash or Java , etc. and then again will prompts you to make a change in the passwords for effected websites.

Personally I use between 12 and 18+ all lower case and higher case letters mixed with Numbers and symbols. However some sites only allow numbers and letters.

It's free to use, but if you want to sync between machines , etc., then it's a small fee each year and worth it.
 
OP
Ser Aphim

Ser Aphim

iPF Novice
Joined
Nov 7, 2013
Messages
1,022
Reaction score
171
Location
Philippines
most passwords are encrypted no one at all knows what they are only you,
When a site it hacked it's normally because of a few reasons,

1: being the site in question can't be bothered using the correct plugins or SLL certs, and security encryptions.
2: you have used a short common password which are always easy to crack,

Backtrack is now out of date and most hackers are now using Kali Linux a Penetration Testing and Ethical Hacking OS.
I'm not going to explain on here how you use it.

However if you have a long Password with Capital letters and lower-case letters mixed with Numbers and symbols you are 99% of the time fine.Personal I use Dashlane which makes passwords for me and if a website is heard of being hacked Dashlane tells you to change your password, it also warns you if there's any vulnerabilities with flash or Java , etc.

It's free to use, but if you want to sync between machines , etc., then it's a small fee each year and worth it.

But is it possible for hackers to bypass that encryption?
 

Codeme

iPF Noob
Joined
Apr 9, 2012
Messages
6
Reaction score
3
Location
Blackburn
Website
www.darkasylum.co.uk
But is it possible for hackers to bypass that encryption?


The easiest way for a hacker to bypass encryption is simply to steal the key. If a hacker manages to install a key logger on your machine, he can record your activities, which keys you press sites you visit etc.
Some forms of malware can enable the hacker to browse the contents of your hard drive, so if you store cryptographic keys & passwords in plain text, they would be vulnerable.
Use a good firewall & anti-malware programs & keep them updated with the latest definations this can prevent this type of attack.

Malwarebytes is one of , if not the best anti Malware program out there and they do a free version to.

To prevent hackers from stealing password databases etc., most servers use a cryptographic method called hashing.
Which is a one way ticket.

Just use long and mixed up passwords with a good anti Malware program such i mention above. And a good Anti virus program.
You should be good, Oh and stay away from Russian porn sites to lol.

I forgot to ask, you using Mac or a Windows Machine ?
there's no Malwarebytes for Mac but there are other types.


You can also add unwanted sites or known malware websites to your Hosts file, but thats for someone that's somewhat computer savvy.
 
Last edited:
OP
Ser Aphim

Ser Aphim

iPF Novice
Joined
Nov 7, 2013
Messages
1,022
Reaction score
171
Location
Philippines
The easiest way for a hacker to bypass encryption is simply to steal the key. If a hacker manages to install a key logger on your machine, he can record your activities, which keys you press sites you visit etc.
Some forms of malware can enable the hacker to browse the contents of your hard drive, so if you store cryptographic keys & passwords in plain text, they would be vulnerable.
Use a good firewall & anti-malware programs & keep them updated with the latest definations this can prevent this type of attack.

Malwarebytes is one of , if not the best anti Malware program out there and they do a free version to.

To prevent hackers from stealing password databases etc., most servers use a cryptographic method called hashing.
Which is a one way ticket.

Just use long and mixed up passwords with a good anti Malware program such i mention above. And a good Anti virus program.
You should be good, Oh and stay away from Russian porn sites to lol.

I forgot to ask, you using Mac or a Windows Machine ?
there's no Malwarebytes for Mac but there are other types.


You can also add unwanted sites or known malware websites to your Hosts file, but thats for someone that's somewhat computer savvy.

Thank you Codeme. I use Windows.
 

ardchoille

iPF Novice
Joined
Apr 21, 2012
Messages
1,471
Reaction score
446
I'd like to add that you shouldn't use the same password for more than one site. If a hacker was able to retrieve passwords from one site, and you have reused passwords on multiple sites, then they can possibly get into your account on other sites.

Best practices:
* get rid of Windows and buy a Mac or learn to use a Linux distro or BSD properly.
* use a password manager to manage your passwords so you only have to remember one password for the manager.
* never reuse passwords on multiple sites.
* never leave passwords in plain text.
* never use passwords that are easy to remember, a password that is easy to remember can also be easy to guess - this is why a password manager is beneficial.
* I recommend using passwords that are at least 12 characters in length and include numbers, letters (upper and lower case), spaces and symbols.
* don't trust links in email or messages unless you're sure of the source.
* don't use apps unless you know their origin.
 

Codeme

iPF Noob
Joined
Apr 9, 2012
Messages
6
Reaction score
3
Location
Blackburn
Website
www.darkasylum.co.uk
I'd like to add that you shouldn't use the same password for more than one site. If a hacker was able to retrieve passwords from one site, and you have reused passwords on multiple sites, then they can possibly get into your account on other sites.

Best practices:
* get rid of Windows and buy a Mac or learn to use a Linux distro or BSD properly.
* use a password manager to manage your passwords so you only have to remember one password for the manager.
* never reuse passwords on multiple sites.
* never leave passwords in plain text.
* never use passwords that are easy to remember, a password that is easy to remember can also be easy to guess - this is why a password manager is beneficial.
* I recommend using passwords that are at least 12 characters in length and include numbers, letters (upper and lower case), spaces and symbols.
* don't trust links in email or messages unless you're sure of the source.
* don't use apps unless you know their origin.


I tried to Like and Agree with your post as both applied.
So I ticked Agreed because you are correct I should have mentioned that also and it would only allow me to click one option lol..

I stopped using Windows 4 year's ago and I've never looked back, Mac and Linux are the best in my book.
That Dashlane App i use it's a password maneger and they have a free version for all platforms, but if you wanted to sync across all the devices then you need to pay the few Dollars a year. Well worth it.

Anyway ardchoille Thank you for adding and reminding me
 

ardchoille

iPF Novice
Joined
Apr 21, 2012
Messages
1,471
Reaction score
446
I tried to Like and Agree with your post as both applied.
So I ticked Agreed because you are correct I should have mentioned that also and it would only allow me to click one option lol..

I stopped using Windows 4 year's ago and I've never looked back, Mac and Linux are the best in my book.
That Dashlane App i use it's a password maneger and they have a free version for all platforms, but if you wanted to sync across all the devices then you need to pay the few Dollars a year. Well worth it.

Anyway ardchoille Thank you for adding and reminding me
You're welcome. And, thank you for mentioning Dashlane, I'll have to try that one - I like the idea of sync'ing password across all devices.

I also switched from Windows, moved to Linux in 2001 and never looked back. I began my OS X journey last year and have been quite the happy camper since :)
 

twerppoet

iPad Fan
Joined
Jan 8, 2011
Messages
24,150
Reaction score
15,398
Location
Milton-Freewater, OR
Personally I like 1Password for the secure, cross device, syncing of passwords. It's probably the most full featured solution available, and with a well thought out UI. However, there are no free versions, and by the time you purchase it for each platform it's probably one of the more expensive.

Still, it's my favorite. I'm not shy about paying for things when I like them, and I actually want to pay for excellent products. How else can I encourage the developer to keep making and supporting the product.
 
OP
Ser Aphim

Ser Aphim

iPF Novice
Joined
Nov 7, 2013
Messages
1,022
Reaction score
171
Location
Philippines
Thank you guys for you help. Another question if I may ask, is two step authentication necessary?
 

2112

iPF Novice
Joined
Jul 27, 2013
Messages
105
Reaction score
41
Location
NY
Agree! I use two step verification where it's available, such as on my Apple ID and my email. Your going to have to have physical posestion of my cell phone even if you have my passwords. I am always amazed at some of my friends that don't even lock their phones, let alone even know what two step verification is
 

ardchoille

iPF Novice
Joined
Apr 21, 2012
Messages
1,471
Reaction score
446
Another vote for two-step verification, it's always a good idea. Two-step verification adds a security layer to your account such that changes to the account will not be accepted without that second verification.

If someone were to have access to my Apple ID and password they couldn't make any changes to my account without having access to my iPhone or iCloud security code. This does two things; a) it lets me know that my account has been accessed, requiring my intervention, and b) prevents changes without my knowledge. I set this up as soon as I learned Apple added the feature.
 
Last edited:

scifan57

Administrator
Staff member
Joined
Dec 3, 2011
Messages
34,976
Reaction score
23,098
Location
Regina,Canada
I agree as well. One of the best features, mentioned by Ard is the automatic message you get from Apple whenever your account is accessed and changes or attempted changes are made. I like the way these notices pop up in the middle of the screen, making them impossible to miss.
 

Most reactions

Latest posts

Top