ICEINSPACE
Moon Phase
CURRENT MOON
Full Moon 100%
|
|
02-06-2021, 08:06 PM
|
|
Moderator
|
|
Join Date: Aug 2005
Posts: 25,784
|
|
Quote:
Originally Posted by LewisM
You have a point.
Or pointy ears.
Either eether
|
Now you're Putin me on....
|
02-06-2021, 08:15 PM
|
|
Registered User
|
|
Join Date: Apr 2010
Location: Melbourne
Posts: 532
|
|
It's possible the unwelcome guest simply got a username/email + password combo from the many data breaches out there.
You can check whether you were victim of such a (known) breach and what was leaked here;
https://haveibeenpwned.com/
|
02-06-2021, 08:36 PM
|
Registered User
|
|
Join Date: Dec 2014
Posts: 606
|
|
Quote:
Originally Posted by gary
If you have an existing bookmark, you might want to edit it
|
Well, shucks! I just updated a couple of hundred old bookmarks from HTTP to HTTPS and 95% of the sites accept a secure connection now. It's just goes to show, you can't be complacent online - it's always changing.
So, tip of the week: check your old bookmarks.
As others have said, encrypting a web connection is not a guarantee of safety, but locking the door is at least an improvement over leaving it open (with all the qualifying statements that would go with that analogy ...).
As for stronger passwords: entropy is what you want. The more entropy in your password, the stronger it is. Here's an explanation or two:
https://explainxkcd.com/wiki/index.p...sword_Strength
https://www.itdojo.com/a-somewhat-br...sword-entropy/
|
02-06-2021, 09:30 PM
|
Registered User
|
|
Join Date: Dec 2014
Posts: 606
|
|
Quote:
Originally Posted by PCH
There’s no need to do any of this
amending your bookmarks.
The site owner can easily and quickly
re-route all the variants to the https address
internally so that you go to the https site regardless
of what you type in (or have saved in your bookmark)
Just satin’
|
Except for all the sites that don't, such as ~90% of the ones I tested today. So thanks for that, but the advice was, in fact, pretty useless. Just sayin'.
More useful advice would be to install a browser extension called HTTPS Everywhere (available for most popular browsers), which forces use of HTTPS if available, regardless of whether you used HTTP or HTTPS in your address bar/bookmark:
Quote:
Originally Posted by Wikipedia
HTTPS Everywhere is a free and open-source browser extension for Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, Brave, Vivaldi and Firefox for Android, which is developed collaboratively by The Tor Project and the Electronic Frontier Foundation.
It automatically makes websites use a more secure HTTPS connection instead of HTTP, if they support it. The option "Encrypt All Sites Eligible" makes it possible to block and unblock all non-HTTPS browser connections with one click.
|
But if you like your browser with minimal extensions - like me - you can edit your bookmarks.
|
02-06-2021, 10:28 PM
|
|
Registered User
|
|
Join Date: Feb 2007
Location: Perth WA
Posts: 2,297
|
|
Quote:
Originally Posted by DarkArts
Except for all the sites that don't, such as ~90% of the ones I tested today. So thanks for that, but the advice was, in fact, pretty useless. Just sayin'.
More useful advice would be to install a browser extension called HTTPS Everywhere (available for most popular browsers), which forces use of HTTPS if available, regardless of whether you used HTTP or HTTPS in your address bar/bookmark:
But if you like your browser with minimal extensions - like me - you can edit your bookmarks.
|
Ok, point taken. I’ve deleted my post since you found it so useless.
Not sure why you felt the need to be rude about it, - I guess you
felt you had a point to make.
|
02-06-2021, 10:31 PM
|
|
Registered User
|
|
Join Date: Nov 2010
Location: Adelaide
Posts: 558
|
|
Quote:
Originally Posted by DarkArts
Well, shucks! I just updated a couple of hundred old bookmarks from HTTP to HTTPS and 95% of the sites accept a secure connection now. It's just goes to show, you can't be complacent online - it's always changing.
So, tip of the week: check your old bookmarks.
As others have said, encrypting a web connection is not a guarantee of safety, but locking the door is at least an improvement over leaving it open (with all the qualifying statements that would go with that analogy ...).
As for stronger passwords: entropy is what you want. The more entropy in your password, the stronger it is. Here's an explanation or two:
https://explainxkcd.com/wiki/index.p...sword_Strength
https://www.itdojo.com/a-somewhat-br...sword-entropy/
|
That was an awesome link with the comic. Never would have thought that as we've always been told by the network security people to do the hard to remember stuff.
Thanks for posting.
Only issue now is they won't let me use a really good easy to remember password and I have to have letters, numbers,characters and have to press the keys whilst standing on my head. Lol.😏
Cheers,
Damien
|
03-06-2021, 08:16 AM
|
|
PI cult member
|
|
Join Date: Dec 2012
Location: Flaxton, Qld
Posts: 2,064
|
|
Quote:
Originally Posted by redbeard
That was an awesome link with the comic. Never would have thought that as we've always been told by the network security people to do the hard to remember stuff.
Thanks for posting.
Only issue now is they won't let me use a really good easy to remember password and I have to have letters, numbers,characters and have to press the keys whilst standing on my head. Lol.😏
Cheers,
Damien
|
Use a password manager. Let it generate and remember the passwords for you. As an added bonus you can have stupendously large passwords (40, 50, 60+ characters, etc) with symbols, letters, different case, numbers, etc. Then, all you need to remember is one password to access the password manager - make this decent, but memorable and you're in a much better position overall.
|
03-06-2021, 08:31 AM
|
|
ze frogginator
|
|
Join Date: Oct 2007
Location: Sydney
Posts: 22,062
|
|
Quote:
Originally Posted by LewisM
Why the hell do I want the password "VertVertVertVertVertVertFroggy "?
|
You're missing one "vert". It's a recursive pwd based on the Russian dolls design. Uncrackable.
|
03-06-2021, 09:54 AM
|
|
Always gonna be a NOOB...
|
|
Join Date: Oct 2008
Location: Cairns, Qld
Posts: 1,285
|
|
Quote:
Originally Posted by lazjen
Use a password manager. Let it generate and remember the passwords for you. As an added bonus you can have stupendously large passwords (40, 50, 60+ characters, etc) with symbols, letters, different case, numbers, etc. Then, all you need to remember is one password to access the password manager - make this decent, but memorable and you're in a much better position overall.
|
Any advice on the 'free' password manager such as say Nordpass free? I use their paid VPN service.. so, any catches with a free password manager that you know of?
|
03-06-2021, 06:07 PM
|
|
PI cult member
|
|
Join Date: Dec 2012
Location: Flaxton, Qld
Posts: 2,064
|
|
If you're already using Nord for VPN, then that's probably a good enough option. The hassle will be if you leave Nord and need to transfer your passwords to a new manager.
I am using Lastpass right now, but recently they changed things to make it less useful. I'm probably going to change to Keepass for my requirements, but it's a bit more stuffing around to manage it properly and I haven't summoned the will to get it done yet.
|
03-06-2021, 06:29 PM
|
|
Always gonna be a NOOB...
|
|
Join Date: Oct 2008
Location: Cairns, Qld
Posts: 1,285
|
|
Quote:
Originally Posted by lazjen
If you're already using Nord for VPN, then that's probably a good enough option. The hassle will be if you leave Nord and need to transfer your passwords to a new manager.
I am using Lastpass right now, but recently they changed things to make it less useful. I'm probably going to change to Keepass for my requirements, but it's a bit more stuffing around to manage it properly and I haven't summoned the will to get it done yet.
|
Thankyou... I'm actually looking at the Nord Family Premium now with it's extra functionality of password sharing which, would be useful between the wife & I for shared accounts (Amazon, bank, creditcards, etc)...
Cost seems reasonable... I am struggling to convince my wife of the need though which is a little frustrating...
|
03-06-2021, 08:02 PM
|
Registered User
|
|
Join Date: Dec 2014
Posts: 606
|
|
Quote:
Originally Posted by PCH
Ok, point taken. I’ve deleted my post since you found it so useless.
Not sure why you felt the need to be rude about it, - I guess you
felt you had a point to make.
|
Yeah, I guess that was overly blunt - believe it or not, offense not intended. But there is an awful lot of 'lukewarm' advice out there that doesn't actually help people and that really ought to be set straight.
|
04-06-2021, 12:30 PM
|
|
1¼" ñì®våñá
|
|
Join Date: Nov 2006
Location: Sydney
Posts: 1,845
|
|
Quote:
Originally Posted by gary
Hi Peter,
When you see the "Not Secure" message and an open padlock icon
next to the URL field on your browser, it means you accessed it
via a URL of the form http://www.iceinspace.com.au
If you have an existing bookmark, you might want to edit it to
be of the form https://www.iceinspace.com.au
|
Thanks for the tip, I had a http bookmark not a https one so I updated it
|
04-06-2021, 12:38 PM
|
|
ze frogginator
|
|
Join Date: Oct 2007
Location: Sydney
Posts: 22,062
|
|
Adding those lines to the .htacess file would redirect everything to https automatically and address the current indexing in Google as well.
Quote:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.iceinspace.com.au/$1 [R,L]
|
Having said that there is nothing of value on IIS. It is public domain. Storm in a teacup.
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +10. The time is now 07:38 AM.
|
|