Author Topic: Leaked Passwords (Read 2188 times)

PaulF · « **on:** February 24, 2021, 01:36:38 pm »

Did anyone else get a reminder from an android device that passwords for Rawk have leaked out into the wilderness?
Timely reminder to NEVER share passwords across sites.
And consider a password reminder.
And Mutli Factor authentication

stoa · « **Reply #1 on:** February 24, 2021, 01:42:23 pm »

Wait... I'm using "password" as password everywhere and now you're telling me I'm doing it wrong?

To be honest, I wish a lot more sites would use two/multi factor authentication, because I would like to use "simpler" passwords and have that second authentication option as a safety net. I get, that there are apps you can use to generate and store safe passwords, but a lot of the time it's just a drag, if you have to use other devices or if you need to login in another programme where you can't autofill your password.

PaulF · « **Reply #2 on:** February 24, 2021, 01:51:27 pm »

Quote from: stoa on February 24, 2021, 01:42:23 pm

Wait... I'm using "password" as password everywhere and now you're telling me I'm doing it wrong?

To be honest, I wish a lot more sites would use two/multi factor authentication, because I would like to use "simpler" passwords and have that second authentication option as a safety net. I get, that there are apps you can use to generate and store safe passwords, but a lot of the time it's just a drag, if you have to use other devices or if you need to login in another programme where you can't autofill your password.

Agree totally. I haven't seen how MS are implementing passwordless, but I thinkit must be something like this.
I've never liked letting my browser store a password, but with sites supporting MFA , I might change my stance.

[new username under construction] · « **Reply #3 on:** February 24, 2021, 03:13:24 pm »

Chrome has a password checker built in for testing them, good to occasionally run through them and see what's compromised

Ben S · « **Reply #4 on:** February 24, 2021, 03:17:13 pm »

Quote from: PaulF on February 24, 2021, 01:36:38 pm

Did anyone else get a reminder from an android device that passwords for Rawk have leaked out into the wilderness?
Timely reminder to NEVER share passwords across sites.
And consider a password reminder.
And Mutli Factor authentication

No, because it is based on Googles leaked password checker, it checks the combination of user / pass stored in your Chrome/Google password store and compares that against its database of leaked username & passwords.

It isn't site specific. Do you use the same combination of paulfelce & the password you use here, elsewhere?

gazzalfc · « **Reply #5 on:** February 25, 2021, 12:47:29 pm »

2 factor authentication has to be more and more common.

Face ID and fingerprint sensors on phones have helped alot.

My work one gets changed every 2 months. I just keep adding a ! on the end every time.

PaulF · « **Reply #6 on:** February 25, 2021, 07:37:49 pm »

Quote from: Ben S on February 24, 2021, 03:17:13 pm

No, because it is based on Googles leaked password checker, it checks the combination of user / pass stored in your Chrome/Google password store and compares that against its database of leaked username & passwords.

It isn't site specific. Do you use the same combination of paulfelce & the password you use here, elsewhere?

Thanks Ben. That's interesting. I think there was a handful of sites. Luckily i stopped that practice pretty swiftly....

rob1966 · « **Reply #7 on:** February 25, 2021, 07:53:46 pm »

Quote from: gazzalfc on February 25, 2021, 12:47:29 pm

2 factor authentication has to be more and more common.

Face ID and fingerprint sensors on phones have helped alot.

My work one gets changed every 2 months. I just keep adding a ! on the end every time.

I copy the "private car reg" practice, make numbers look like letters

halfpoundcheesy · « **Reply #8 on:** February 26, 2021, 07:57:08 am »

This site is pretty useful if you want to check if any accounts linked to a specific email address have been leaked.

https://haveibeenpwned.com/

You can get free alerts from it.

Lee1-6Liv · « **Reply #9 on:** February 26, 2021, 12:26:51 pm »

My google password checker tells me I have 286 compromised passwords!

Claire. · « **Reply #10 on:** February 27, 2021, 08:48:08 am »

Get a password manager and generate all your passwords.

Elmo! · « **Reply #11 on:** February 27, 2021, 11:36:10 am »

^ FYI, LastPass have just announced their free version will soon only allow you to use it on mobile, or on computer, not both.

I've moved to Bitwarden which so far is working well.

PaulF · « **Reply #12 on:** February 27, 2021, 02:27:09 pm »

Is there anything you miss about last pass? I've never been s fan, but I've got used to it. Happy to only have it on my mobile to be fair, but it shouldn't be hard to migrate and I can probably review passwords as I do it.

Elmo! · « **Reply #13 on:** February 27, 2021, 02:33:25 pm »

Quote from: PaulF on February 27, 2021, 02:27:09 pm

Is there anything you miss about last pass? I've never been s fan, but I've got used to it. Happy to only have it on my mobile to be fair, but it shouldn't be hard to migrate and I can probably review passwords as I do it.

So far it Bitwarden seems to have everything Lastpass has. It works better on my phone as well where autofill didn't work on Lastpass very well so had to go and open the Lastpass app and search for my password and then switch back to my browser or whatever app I needed a password for. Autofill working fine with Bitwarden.

The migration is easy - you can export a CSV file from Lastpass in the options, and then import to Bitwarden.

PaulF · « **Reply #14 on:** March 7, 2021, 07:54:34 am »

Thanks JE , I've been on bitwarden for about a week now. And it feels good.

stoa · « **Reply #15 on:** April 3, 2023, 12:07:55 am »

I can now say from my own experience, that you should take password security seriously. Had my Twitter account taken over by what looks like some person in the US. As I've stated in this thread, I had a pretty simple password, I used on mulitple webistes that were basically not very important to me like registering for a message board I didn't really care about and just wanted to read or other stuff like newspaper websites (not for paid content). I also had the Chrome message that that info had leaked, but never really bothered to change all those passwords as none of that had any important information in it or was really in use on a daily basis. Twitter was a bit different, but I also only really had that account to be able to read Twitter-links people posted and I was following some people mostly LFC-related. Didn't tweet anything myself and no real personal info in my profile.

Got an e-mail that my password on Twitter has been changed and another one saying that someone had logged in from Washington, US. I immediately checked the e-mail-header whether the mails were actually from Twitter or whether they were a fishing attempt, but it turns out the mails were really from Twitter. So, opened Chrome and tried to log in to Twitter, but it said my password was wrong. Thankfully whoever went into my account didn't change my e-mail-address (not sure you even can on Twitter), so I was able to reset my password and got my account back. Also nothing nefarious was done to my account, so I'm pretty happy with the outcome. Have now changed all my passwords that weren't save...

Author Topic: Leaked Passwords (Read 2188 times)

PaulF

Leaked Passwords

stoa

Re: Leaked Passwords

PaulF

Re: Leaked Passwords

[new username under construction]

Re: Leaked Passwords

Ben S

Re: Leaked Passwords

gazzalfc

Re: Leaked Passwords

PaulF

Re: Leaked Passwords

rob1966

Re: Leaked Passwords

halfpoundcheesy

Re: Leaked Passwords

Lee1-6Liv

Re: Leaked Passwords

Claire.

Re: Leaked Passwords

Elmo!

Re: Leaked Passwords

PaulF

Re: Leaked Passwords

Elmo!

Re: Leaked Passwords

PaulF

Re: Leaked Passwords

stoa

Re: Leaked Passwords