Security and a reset

[Flush]

So I've recently become a bit paranoid about being "followed" around the internet, and how susceptible I am to being hacked, so I came here. I'd like to "reset" my existence on the internet, kill the trail as it were. Starting from my email account as I think of that as the start of my online footprints.
So, to start with, is there a "safe" email service out there?
Second, I've previously just used a handful of passwords for everything, but now I want to not only use different usernames for everything, but also different passwords. This presents a problem for me; I use a lot of sites, so how do you manage such a large amount of username/password combinations?

Now, I understand the general idea here is to teach yourself, but I'm kind of lost as to where I would start with all this, so please be gentle .

This is all just to start with, if you've got suggestions for other things to do, or maybe a guide for me to read, I'd appreciate the help. Or if you just want to call me an idiot noob who shouldn't be posting this, that's fine too I guess.

Thanks.

[limdis]

Hey welcome to HTS. Got somethings for you to read that will help you out that I recently posted myself..

Tips for the Inspiring New Hacker
Gmail Security

Normally its not suggested to keep a copy of your passwords. But if you encrypt them with TrueCrypt you won't have to worry as much. Video Tutorial
Additionally, passwords don't have to be super crazy like Ut7a3#*db(0)zuiz sometimes a longer and simple phrase will give you better security in the long run. For example: Really_long_password_nobody_will_guess_Aa00!! will take a hell of long time to crack. Also will be easier on the brain.

Before you go deleting your old email accounts (if that is your plan) make sure you find out what all other accounts are linked to that email. You might have an account on some old school social networking site that you totally forgot about (like xanga or something) and you wont be able to retrieve your password to it to delete it if your email no longer exists.

[edone automaton]

I think that its a good Idea to have some online presence anyway. To give an example, many employers will do an online search before considering you for a job. Zero online presence looks odd and will set alarm bells ringing (rightly or wrongly), so a person (Fred) might maintain a facebook profile in his real name as well as youtube etc, they are searchable and nice and easy to find. On those accounts, Fred is the model citizen. For someone not looking too hard, that information will be enough. Fred might also have a few 'normal' email accounts for everyday stuff, again in his own name.
Then there is Fred's other internet personality(s) accessed from a different computer using encrypted email with obscure user names and all that good stuff. I dont want to give the impression that Fred is involved in anything dodgy or super exciting, he's not, but he does like to study things and visit corners of the interweb that might look er, undesirable, in certain eyes.
They love to say 'if you have nothing to hide, you have nothing to fear'. Make it look like you have nothing to hide.

As for passwords, a method I like to use is take a song or a book or something and then l337 it up:
H17_M3_6@6y_0n3_m073_71m3
Then you have a 25 character password that's easy to remember. If you must write something down write a clue rather than the password:
'mental redneck with masochistic tendencies' would do nicely.

[LoGiCaL__]

As for passwords, a method I like to use is take a song or a book or something and then l337 it up:
H17_M3_6@6y_0n3_m073_71m3
Then you have a 25 character password that's easy to remember. If you must write something down write a clue rather than the password:
'mental redneck with masochistic tendencies' would do nicely.

I lol'd at the password and the clue. Good idea though.

[Flush]

Tips for the Inspiring New Hacker
Gmail Security

Sweet, I'll give these a read.

Normally its not suggested to keep a copy of your passwords. But if you encrypt them with TrueCrypt you won't have to worry as much. Video Tutorial

I'll have a closer look at that, but I have a question: is the key installation/machine specific? Can I open the container on a different computer (or on the same computer after formatting my HDDs, for example) if I have the right password?

Additionally, passwords don't have to be super crazy like Ut7a3#*db(0)zuiz sometimes a longer and simple phrase will give you better security in the long run. For example: Really_long_password_nobody_will_guess_Aa00!! will take a hell of long time to crack. Also will be easier on the brain.

xkcd mentioned this, I was just wondering if it was true. Wouldn't a dictionary check (or whatever the hell they're called) crack that? Would 1337 protect against that?

Before you go deleting your old email accounts (if that is your plan) make sure you find out what all other accounts are linked to that email. You might have an account on some old school social networking site that you totally forgot about (like xanga or something) and you wont be able to retrieve your password to it to delete it if your email no longer exists.

I'll probably be keeping my current email, because I have accounts in communities where I want to keep the same names I've been using there. But I'll delete all the other accounts I can, create a new email account and switch to using that for all my future needs. Or would it be better to have a few email accounts?

I think that its a good Idea to have some online presence anyway. To give an example, many employers will do an online search before considering you for a job.

Where I live, employers aren't allowed to do that legally, so them not finding anything about me would just be good.

Then there is Fred's other internet personality(s) accessed from a different computer using encrypted email with obscure user names and all that good stuff.

I only have access to one computer at present, unfortunately. What is this encrypted email though? And what constitutes an obscure username?

As for passwords, a method I like to use is take a song or a book or something and then l337 it up:
H17_M3_6@6y_0n3_m073_71m3
Then you have a 25 character password that's easy to remember. If you must write something down write a clue rather than the password:
'mental redneck with masochistic tendencies' would do nicely.

I was actually gonna ask if 1337 would be better than just "plain" text.

[limdis]

As for passwords, a method I like to use is take a song or a book or something and then l337 it up:
H17_M3_6@6y_0n3_m073_71m3
Then you have a 25 character password that's easy to remember. If you must write something down write a clue rather than the password:
'mental redneck with masochistic tendencies' would do nicely.

!

I'll probably be keeping my current email, because I have accounts in communities where I want to keep the same names I've been using there. But I'll delete all the other accounts I can, create a new email account and switch to using that for all my future needs. Or would it be better to have a few email accounts?

Yes. Have a few different accounts. Everyone should have an official email, usually has your name in it in some way for work and other official business you might have. It's not uncommon. But keep your emails organized. I have an email for online purchases (to catch the spam from it), one for business, one for classes, one dumpster account for when you come across the annoying having to set up an account to view something/any other shit, and then a few for my night life. Like for HTS.

I was actually gonna ask if 1337 would be better than just "plain" text.

It depends on the encryption used to store the password. My advice is to have a little bit but don't go 100%. Most of the time a dictionary attack will occur and with 1337 you are in the clear unless they get really damn lucky. However, if they decided to do the old fashioned 10 year long brute force with all possible key combinations 1337 passwords are a bit easier to be cracked first because there is no recognition put in place for actual English words.

I'll have a closer look at that, but I have a question: is the key installation/machine specific? Can I open the container on a different computer (or on the same computer after formatting my HDDs, for example) if I have the right password?

Its all explained in the video. In order to open the file you will need truecrypt. I keep it on a flash drive. So in the event someone gets on my machine they wont even have the possibility to make a guess attempt because the program to recognize the file is missing.

[WallShadow]

I have little experience with password cracking, but I know much of the internal process. A capital letter, a number, and a random slash will make it THAT MUCH harder to hack.

Also, if you have trouble remembering passwords, here's a trick i learned; when I was about 8, I started using the password 'kingdomhearts' for everything. Extremely weak password, right? Well, 8 years later, I learned to type it with lightning speed without looking at the keyboard or even paying attention to it. If you learned to type using the home row, just move up a row. So for example, 'a' becomes 'q', 'w' becomes '2, 'lol' becomes 'o9o', 'kingdomhearts' becomes 'ih8te9jy3q45w'. Completely random, right? As long as you remember 'kingdomhearts', you can easily type in that crazy password. throw in a random slash at the end, and your password is now hell for a hacker. (FYI, that's not my real password, so don't go trying to crack my accounts with it)

[Flush]

I'll have a closer look at that, but I have a question: is the key installation/machine specific? Can I open the container on a different computer (or on the same computer after formatting my HDDs, for example) if I have the right password?

Its all explained in the video. In order to open the file you will need truecrypt. I keep it on a flash drive. So in the event someone gets on my machine they wont even have the possibility to make a guess attempt because the program to recognize the file is missing.

Yeah I got that part, but what I wanna know is if I can open the container on another installation of truecrypt, on another computer for example.

[limdis]

Yeah I got that part, but what I wanna know is if I can open the container on another installation of truecrypt, on another computer for example.

Yes you can. Its why I carry the portable version on a flash drive. I can transfer smaller truecrypt files via dropbox/email to other computers and throw in the flash drive to mount it. If I don't have my flash drive, yes I could download it on said computer and still access my file. But you still have to know the password.

[Flush]

Cheers.