[diktus]

Hi Guys,

A few days ago someone was take over my blackberry ID. I woke up at the morning, open BBM on my android and realize that it was logout. Luckily i can login again, then i change my password and security question. The hacker chat with my friend in contact list and my friend confirmed again to me after i have login back to my account.

Display picture and status not change, hacker only send broadcase message that i'm in trouble and chat with my random friends.
Until know i still confuse how he/she can get my blackberry ID password?

my email password was different with blackberry id but sometimes i use the email and password to create account on another website.

I just think if he/she login to blackberry id account and change the password then i will lose my blackcberry ID forever. I have contact blackberry but no response at all.

Why blackberry not upgrade the security of blackberry ID? another service like google, microsoft, line use phone number or alternate email to recovery email. Also use confirmation to email or mobile phone if password trying to changed.

Now i always think that my blackberry id could be taken from someone just with secret question and without my notice

[martinjdub]

Sorry to hear about the BlackBerry ID hack.

I think two factor authentication is also important (like a text or secondary email) I I great idea and I agree, seems odd that BlackBerry hasn't invested in this however, the number of BlackBerry ID's getting hacked are likely on the decline rather than a rise.


You raise some great points but at the end of the day, I recommend that the password you use for all accounts is very long. I'd suggest 16 characters versus a 'complex' password.

"Theblackberrypassportisgreat" is more secure than "P@assw0rds"
The longer, the more difficult it is to crack even if a script kitty has a dozen video cards.

I hope this help!

[eugene_bbq5]

It's not safe when you use bbm on analdroids..

Q5

[conite]

Just pick a unique, complex password. Why make it more complicated than that?

[conite]

It's not safe when you use bbm on analdroids..

Q5

Why? Give specifics.

[thurask]

[diktus]

i think it is not about how complex the password. Some people usually use almost same password for their account. You can imagine if one account already compromised and the attacker targeted the email and the password to login on blackberry ID.

Technically that scenario is not blackberry fault. But blackberry fault to protect the ID from being stealing by changing the password and does not have any method for the real user to recovery or proof their account after the BB ID stealing.

It's ridiculous when Blackberry sell their security but not protect the simple user ID. Common blackberry, you don't need a big investment for doing that. With these simply fault you can lose your customer, they can not trust you anymore although you offer a military grade security.

It's not safe when you use bbm on analdroids..

Q5

Seriously, does not make any sense. Blackberry even create an android phone like Priv and the new one DTEK50.

[martinjdub]

Ummm...dictionary attacks.
#InfoSecLife

Posted via CB10 and the BlackBerry Passport

[itsyaboy]

As a layman, I am really curious whether I should take your recommendation serious or not. Don't hackers use like every word in the dictionary to speed up the brute forcing too? If that's the cause, four random words don't seem like a strong password to me...

Posted via CB10

[byex]

Ummm...dictionary attacks.
#InfoSecLife

Posted via CB10 and the BlackBerry Passport

Won't work on hacking BlackBerry ID
Majority of people that have their BlackBerry accounts hacked are through social engineering, phishing emails and so on.

If people were brute force hacking BlackBerry ID's many many more would be comprised.

Posted via CB10

[martinjdub]

If it's got user name and password requirement...it can be brute forced.
https://blackberryid.blackberry.com/bbid/login/

That said, I would suggest that BlackBerry has lock out attempts and time out events and so forth to prevent it...

Just pick a long password (12-16 characters) which almost eliminates brute forcing.

Posted via CB10 and the BlackBerry Passport

[byex]

If it's got user name and password requirement...it can be brute forced.
https://blackberryid.blackberry.com/bbid/login/

That said, I would suggest that BlackBerry has lock out attempts and time out events and so forth to prevent it...

Just pick a long password (12-16 characters) which almost eliminates brute forcing.

Posted via CB10 and the BlackBerry Passport

Numeric 4 digit password has 9999 possible combinations I believe. Far more combinations than attempts BlackBerry allows. Throw in the alphabet and special characters and the possible combinations just grows exponentially.

There's always that flaw that BlackBerry allows 10 attempts before a lockout. But what are the chances someone gets the correct password within 10 attempts? Not very good. Highly improbable but not impossible.

Posted via CB10

[snowsquirrel]

For a company betting the farm on security, not have 2FA is nuts.