Ransomware..is this a real threat.

roy111 said:

Hi Kari, sorry I edited the original message, possibly while you were answering me, so you find additional info there.

I think the video is quite clear, I'm not referring to "the table" as a viable informantion but to the explanation on how you "compose" your password.

I'm talking about cracking the password, not about gaining access to accounts or authenticate

I repeat what I posted earlier:

Kari said:

You might be clever, but I strongly advice you not to reply. You might just make more fool of yourself.

Brute force cracking a password has absolutely, profoundly nothing to do with what I posted about my password system. Each and every password can be cracked with enough time and effort.

I was telling about a good, easy method to create safe passwords, But, as we all know, even the safest passwords can be cracked. That's why a good password is nothing without a second layer of authentication, 2FA (two factor authentication).

Your comment completely missed the target: my password creating system is at least as good as that on some password generating applications, easy to remember and easy to use. But, as with any passwords, with correct equipment and enough time, my passwords can naturally be cracked as any random password.

If you do it, if you brute force crack my password, you would still need the code sent as text message to my mobile phone because I use 2FA whenever available.

Keenly awaiting your next "clever" reply!

Kari

You seem to be obsessed with people trying to look clever, or wanting to make a fool of themself, my intent was simply to warn you that your passwords "may be crackable". Sorry for that.

Kari said:

... But, as we all know, even the safest passwords can be cracked.

Not true the safest password can not be cracked.

LOL!

Kari said:

You might laugh now, but I use addresses as passwords, usually places like hotels or landmarks I have visited, but also home addresses for people important to me.

This sounds complicated, but I can assure you it is extremely easy. I have used this "password protection" system for years, without any issues.

An example. Let's say I need an additional Outlook.com account, and a good password for it. There's a pub in London I have reasons to remember, in 44 Elizabeth Street, post / zip code SW1W 9PA.

My passwords always start with post / zip code, followed by the house / building number and street name. In addition, as this example is about a new Outlook.com account, I need to remember it has a 16 character limit for password.

I would now set the new email account's password as SW1W9PA44Elizabe, 16 first characters from the address written in my way (zip, house #, street). I have an encrypted, password protected password list (Excel workbook) stored in OneDrive. I would now add this account as Outlook 5 - London to that list (I have 4 Outlook.com email addresses already). Part of that list would look like this:

Outlook 1	Isle of Skye 16
Outlook 2	Oslo 16
Outlook 3	Utsjoki 16
Outlook 4	Carrara 16
Outlook 5	London 16
Gmail 1	Charleston FULL

The number after the city in the list reminds me of password length. As Gmail allows really long passwords, FULL in cities assigned to Gmail accounts means I can use the full address; for Outlook, the password in this example would be SW1W9PA44Elizabe, the same address used as Gmail password would be SW1W9PA44ElizabethStreet.

Note that cities in above list are naturally not the real ones I use!

OK, I now have a strong, long password with upper and lower case letters and digits. Together with 2FA, access to my accounts is as secured as possible.

I have no issues in remembering the places or landmarks I associate with each city, they are all important places / companies / people for me. I only use one city for one password, so even if I forgot the password to this sample Outlook.com account, I would check my encrypted list, see the password hint is London. Remembering the place I used in London, I could now use Bing to find their address and be able to sign in.

Kari

Interesting way of doing passwords Kari but some of them still use recognisable words and names. Although I admit, they would be hard to work out.

farrellart said:

Hi everyone,

Yesterday I received three emails stating that I have been looking at dodgy sites and they have webcam footage of me....etc....they want £3,000 in bitcoin. OK I know this bit is a scam because I don't look at dodgy sites or have a webcam.

The weird thing is that the email was delivered to an old dormant email account where I cannot recieve or send emails, I just keep the old emails on file for reference and old receipts etc.

The question is how did I get this email on an ISP that is no longer in use - could this be a virus/malware? it just got me thinking.

Chris

Hi farrellart, like other have said it's not Ransomware, just spam.
So what they are trying to do is called social engineering.
Basically they try to trick you into paying them a set amount of money,
sadly some people believe the scam mail they get and actually pay the fee that is sent in the mail :/

farrellart said:

Thanks for the replies

...the thing is...how did it show up on my dormant email which has not been used for years?....I definitely cannot send from it and all my test emails to that account are not delivered or recieved.

They most likely spoofed the email server.
You can check if the domain has Records for SPF, DMARC, DKIM here.
Domain Diagnosis - DMARC, SPF, DKIM tools | EasyDMARC

@Kari
There are ways to spoof phone numbers and get the 2fa sms.
If you are serious about protecting your account use microsoft two factor authenticator app instead,
https://www.microsoft.com/en-us/account/authenticator

And
For everything else use googles authenticator
Google Authenticator - App Store
Google Authenticator - Google Play

For strong & secure passwords, go here and generate:
Strong Random Password Generator