Gmail, facebook, and more hacked on mac

Discussion in 'macOS' started by matttrick, Apr 5, 2010.

  1. matttrick macrumors 6502

    Joined:
    Aug 28, 2006
    #1
    I only use a mac, and while i dont use the same password everywhere, i had used some of them in more than one place. So tonight my gmail was accessed, recently my facebook, and before that i had gotten someone using my debit card fraudulently. what are my options? i downloaded iantivirus and it found one infection so far on my imac. im on my mbp at the moment. i also cleared and reset safari. should i be reformatting to be sure?

    the mbp came up clean on scan, but still..
     
  2. MBHockey macrumors 68040

    MBHockey

    Joined:
    Oct 4, 2003
    Location:
    New York
    #2
    Do you regularly download programs from people you don't know and give these programs your administrator password to run? If not then it has nothing to do with the security of your computer being compromised.

    The most likely scenario is that you used easy passwords.
     
  3. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #3
    Uh... having your password cracked ("guessed") has nothing to do with viruses. Change your passwords.
     
  4. matttrick thread starter macrumors 6502

    Joined:
    Aug 28, 2006
    #4
    i dont download programs. my passwords were all 9 characters with letters and numbers. they were not "easy", although they could have been better with some other characters i admit
     
  5. Anonymous Freak macrumors 601

    Anonymous Freak

    Joined:
    Dec 12, 2002
    Location:
    Cascadia
    #5
    Regardless of numbers and special characters, was your password something that could have been guessed? Was it the same password on all "hacked" sites?

    For example, if your password is your own middle name plus year of birth, it doesn't matter that it's "complex", it's easy to guess. Likewise, if it's a common word with a couple letters obfuscated by symbols (such as the rather ubiquitous "P@ssw0rd",) it may meet some base criteria as "complex", but is still easy to guess.

    Personally, I have three "levels" of password. One ultra-simple, "throwaway" that I use for cases where I don't care one lick if someone hacks it. (Like some web forums.) I have a second, more complex one that I use for cases where someone gaining access wouldn't be good, but wouldn't be instant "identity theft" level, such as webmail or sites where I have a purchasing account. (aka: Sites where they may be able to buy something, but it would be bought under my name, sent to me only.) Then I have the ultra-secure password for cases where if it were hacked, it would be *BAD*. This one I also rotate on a regular basis.

    Within each category, I also have a few variations, mostly for cases when something has different password requirements. (For example, one site doesn't allow punctuation, where even my 'complex' password has punctuation.) I keep a list of what level+variation password is for each site/use. I don't store the actual passwords, just the 'code' for them.

    So, using the above "P@ssw0rd" as an example, I would call this my "complex" password. If I have my banking at, say, Wells Fargo, but they require ten characters, and disallow all punctuation, I might use "Passw0rd10" instead. So I would have in my password list:
    WF:C-!+## This means "Complex password, minus the punctuation, but plus two digits."

    (Note, I don't use any variation of "password" as any of my passwords, nor do I have an account at Wells Fargo, nor do I use "10" as a numeric add-on. All pure fake examples.)

    My listing for this site is: "MR:C" Yes, my password document appears to be a document full of gibberish. That's the point.
     
  6. Patrick J macrumors 65816

    Patrick J

    Joined:
    Mar 12, 2009
    Location:
    Oporto, Portugal
    #6
    You can use LastPAssword, 1 password, or any one of infinite password managers to do that. Why don't you use a password manager to automatically generate, apply, and remember passwords?
     
  7. Hellhammer Moderator

    Hellhammer

    Staff Member

    Joined:
    Dec 10, 2008
    Location:
    Finland
    #7
    I would never trust my important (like banking) passwords onto one app's hands. Even if it generates hard passwords, it can send them around the net..

    I keep my pass words in a small notebook in my safe, best security for them!
     
  8. Patrick J macrumors 65816

    Patrick J

    Joined:
    Mar 12, 2009
    Location:
    Oporto, Portugal
    #8
    I understand, and I am by no means attacking your point of view, but these services (Lastpassword is web based but installs a service on your browser) encrypt your password before if leaves your computer. Meaning that even if the server gets hacked, they can't see your password.
     
  9. Anonymous Freak macrumors 601

    Anonymous Freak

    Joined:
    Dec 12, 2002
    Location:
    Cascadia
    #9
    And what happens when that software dies, my hard drive crashes, etc? I've lost all my passwords. I have to go and reinstall the software, and restore a backup of its database, etc, etc. My method is simple. I have a file full of what appears to be gibberish, with an innocuous name, stored (encrypted with my 'secure' password, of course,) in multiple locations. Folders on my computers, on a couple USB flash drives, on a couple secure-access online file storage sites, and even a copy or two printed out in the fireproof safe. (I also have a separate document detailing what my three 'base' passwords are, plus information on how to decode my file, stored in a safe in a family member's house, that way if anything happens to me, my family member can decode my passwords. My actual file of gibberish is NOT stored there, though.)
     
  10. MBHockey macrumors 68040

    MBHockey

    Joined:
    Oct 4, 2003
    Location:
    New York
    #10
    Why do you try to make restoring from a backup sound like it's impossible?

    1Password is a much better solution than what you're doing. It allows me to have different 20 character passwords of symbols, letters of mixed cases, and numbers for every log in I have. The problem with your method is that it's a chore to input complex passwords when you actually want to log in to something.
     

Share This Page