Yesterday I witnessed this little series of events (and the names have been changed to protect the innocent):

* Joins: HarryLime ([email protected])
<HarryLime> msg NickServ IDENTIFY passw0rd
* HarryLime is now known as Unidentified1337
* Quits: Unidentified1337 ([email protected] ) (Quit: 
         Unidentified1337 )
* Joins: HarryLime_ ([email protected])
<HarryLime_> hmm
* Quits: HarryLime_ ([email protected] ) (Quit: HarryLime_ )
* Joins: HarryLime ([email protected])
* Quits: HarryLime ([email protected] ) (NickServ (GHOST command 
         used by HollyMartins) )
<HollyMartins> lol
<HollyMartins> it was his real password...
<HollyMartins> lol
* Joins: HarryLime ([email protected])
<HollyMartins> HarryLime, change your password
<HollyMartins> and don't identify in the channel
<HollyMartins> you posted this: <HarryLime> msg NickServ IDENTIFY passw0rd
<HarryLime> not my best day today O.o
<HollyMartins> obviously not

Now in case you don’t follow, let me explain what happened there. The user HarryLime logged on and accidentally typed the command to identify in the open channel. Everyone in the channel saw HarryLime’s password. Harry’s friend Holly decided to test out the password and used the GHOST command to log Harry out. [Warning: Ghosting someone’s nick as Holly does may well end up in a ban from the network so don’t try it!]

That situation inspires me to share four pieces of advice with you:

  1. Use the identify command in the status window (the tab or window that welcomes you to the server and tells you to follow the Terms of Service) and no one will ever see your password. It’s best to use that status window anytime you’re typing something you might not want everyone else online to see if something goes wrong.
  2. Change your password immediately if you do type your password in an open channel accidentally. You are at risk. Anyone can take over your nick, and gain access to everything you have on the network. Use this command:
    /msg nickserv set password supersecretpass123
    Replace “supersecretpass123” with your new password.
  3. Choose a strong, unique password. Harry’s password of “passw0rd” is not a good choice at all. Follow these guidelines for strong passwords to make your choice.
  4. Store your passwords in a secure place. Software like LastPass can keep track of all your passwords and even generate unique passwords for you. You can learn more about LastPass below by watching the video from Jupiter Broadcasting.
  5. Even the most secure password can be lost or exploited. In case you think you won’t ever have this problem, read this post on The Myths of Password Security by GeekShed staff member and security expert Allan Jude. No one is immune. Be sure you do what you can to protect your GeekShed login!

 

—posted by Tengrrl/Bunny