Celtic Heroes

Since everyone here is subject to losing their accounts, I thought I would give my brief summary and revisit my non-authoritive use on keeping accounts secure(-ish). I saying secure-ish only because the level of security is up to you, the client. Here are some key points of mine.

The data IS secure but NOT secure - What I mean here is that while the data that you submit is transmitted and store using variable methods of security, it's never 100% protected.

Family and or friends are not trustworthy - A common misconception is that your information is safe, even when discussing it with the most intimate people in your life. The most common way people gain access to your personal data is because you shared it with them, most likely because assumed this wouldn't be extended beyond the scope of a second person. In reality, spreading information is no different than spreading gossip, it's viral. Even if the person(s) never intend malice.

Weak - Using weak pass phrases in the most common way anyone can gain access to an account. Define weak? It's pretty obvious to spot a weak pass phrase in actuality, we use these so commonly it could potentially only take a would-be hacker less than milliseconds to crack it. We use words, strictly, and may or may not pre- or post-fix a numeric value. Why? Because it's easy to remember and the last thing we want to do it is stick a ton of sensitive information in a notebook or stickies lying about for prying eyes.

Bruteforce - A would-be hacker will go to almost any length to gain access to someone's account, even if it took months.

Simpleton - Simpleton? NO I'm not calling you names or being condescending, it's just that we all underestimate the ability to not only memorise complex patterns, it's just that we also skeptical to the insidious behaviour. Who would hack me of all people??? To assume this can be painfully foolish.

Leet speak - Or 31337 or 1337. Avoid using leet-morphism, it's actually very very simple for a would-be hacker to convert names morphed into this language as a means to protect their pass phrases. You can search for leet for detailed literature.

So what do I need to do to feel safe and comfortable. Simple, follow the EULA agreement for one. Don't share or sell information, safeguard your ubiquitous account like you would your own personal identity. Now, this is where I will regurgitate my old post...make the phrase strong and try not to reuse an old hashed one and stay away from commonly used words. In practicality it's improbable to determine a strong one without aid. You can find many generators online designed to help you. My personal recommendation try these out first, if you find these too complicated and or struggling to make sense as to how to ever memorise this, you can look at my examples here. I refer to these as mnemonic phrases.

A. Take the most commonly used example, I will use my pet's name because it's unique. Say my hamster's (Disclaimer: I don't actually own a hamster) name is Tabithia. I want to maintain this as best as possible to memorise and I want to add more security. I'll add some numbers, but I avoid using the context Tabithia123 strictly because it's considered weak. Instead, I can expand the characters separated by non-alphanumberic ASCII characters, such as !@#$%^&*(). Say I go with incorporating the two factors as such, Ta&bith(a123. Some folks will recommend to also can incorporate some leet-morphism to further complicate the mess, I just find it unnecessary.

B. Mnemonic Phrases. Some generators are available on the web for this. It's a little more complicated, however, WARNING!! it can also be ineffective especially because they need to be short in length to remember. For example (and it's not a good one which is why it's here), a7wfh30 is, say it with me, Accountable seven Waffles Fry Horrid thirty. Easy right?

C. Most security folks recommend this as the best prevention and the easiest to remember. Take three or more words and string them together to form a non-grammatical context. For example I like Waffles, Bears and a the verb Leap. I can make a simple to learn pass phrase with wafflebearsleap. Easy right!

So now we have to ask ourselves how complicated is this and how strong are the above examples. Simply saying I wrote a password like Y<83&Ag is secure IS secure IS wrong. Remember that key on simpleton? We need tools, and AFAIK the best one to use out there to tell us how secure IS secure is this one.

https://www.grc.com/haystack.htm

I hope this helps those who needed this and I hope to not come to re-edit this. Good luck!