Wow, that's a big one. It's a mix of a lot of different sources so it's not really fair, but "Collection #1" is now shown as the largest breach on https://haveibeenpwned.com/ I use the Pwned...
Wow, that's a big one. It's a mix of a lot of different sources so it's not really fair, but "Collection #1" is now shown as the largest breach on https://haveibeenpwned.com/
I use the Pwned Passwords list on Tildes to prevent people from using passwords that have been seen in data breaches, so I guess this is probably a good time to update it, since it sounds like this added about 10 million new passwords to the list.
How do you word you error message when this happens? Some may get might embarrassed / scare if they think you already know what their password is (but I suppose they really do need to be told)
I use the Pwned Passwords list on Tildes to prevent people from using passwords
How do you word you error message when this happens? Some may get might embarrassed / scare if they think you already know what their password is (but I suppose they really do need to be told)
I think I tested it out in June? I remember the error message explicitly mentioning the password had been found in a global database of leaked passwords. Which is probably as neutral and honest as...
I think I tested it out in June? I remember the error message explicitly mentioning the password had been found in a global database of leaked passwords. Which is probably as neutral and honest as you can word it.
The blogpost mentions there are a fair number of duplicates, but it's still a massive breach on it's own. The fact that really worries me is that this isn't the result of an intrusion detection...
The blogpost mentions there are a fair number of duplicates, but it's still a massive breach on it's own. The fact that really worries me is that this isn't the result of an intrusion detection but literally the dataset floating around freely on the web.
Well damn, my passwords got leaked. Fortunately I've been using a password manager(bitwarden) for quite some time, so all my accounts should be secure but now I feel the personal responsibility to...
Well damn, my passwords got leaked. Fortunately I've been using a password manager(bitwarden) for quite some time, so all my accounts should be secure but now I feel the personal responsibility to help all my family and change their passwords...
If anything they should probably check passwords for essential services first, bank accounts, primary emails, any other essential service providers etc. just so they don't run the risk of those...
If anything they should probably check passwords for essential services first, bank accounts, primary emails, any other essential service providers etc. just so they don't run the risk of those being ransomed.
Is there a way to see which sites compromised accounts are from on HIBP? All I've been able to determine is that my email address is in this dump, but that's it.
Is there a way to see which sites compromised accounts are from on HIBP? All I've been able to determine is that my email address is in this dump, but that's it.
It's impossible because the data itself is not in the dump. Just a set of emails and passwords, sorry. Even if you haven't been compromised getting a password manager and using a unique password...
It's impossible because the data itself is not in the dump. Just a set of emails and passwords, sorry. Even if you haven't been compromised getting a password manager and using a unique password everywhere is a good idea
Do people here agree that 1Password is the shit? I'm going to get a password manager now (wasn't in this breach luckily but have been in the past). I'm a Mac and iOS user.
Do people here agree that 1Password is the shit? I'm going to get a password manager now (wasn't in this breach luckily but have been in the past). I'm a Mac and iOS user.
I strongly recommend 1Password as a "no frills" password manager. If you want something free and/or self-hosted, go with KeepassXC. Otherwise, go 1Password. It's simple and easy to use (I...
I strongly recommend 1Password as a "no frills" password manager.
If you want something free and/or self-hosted, go with KeepassXC. Otherwise, go 1Password. It's simple and easy to use (I converted my mom to it!), featureful, and honestly cloud syncing is a must for this kind of thing even if it scares some people. 1Password also integrates HIBP with its "Watchtower" feature to tell you if some of your passwords are known to be compromised.
The other thing with 1Password is they have an enterprise offering that you 100% should talk to your employer about if you work at all with a computer. It's a good occasion to potentially push a password manager for your work, and you get the personal plan for free.
Here's a follow-up article by Brian Krebs as well: https://krebsonsecurity.com/2019/01/773m-password-megabreach-is-years-old/ It's mostly in response to a lot of other sites that were acting like...
It's mostly in response to a lot of other sites that were acting like this was some brand new gigantic breach, but has a bit of other interesting info in it as well.
Wow, that's a big one. It's a mix of a lot of different sources so it's not really fair, but "Collection #1" is now shown as the largest breach on https://haveibeenpwned.com/
I use the Pwned Passwords list on Tildes to prevent people from using passwords that have been seen in data breaches, so I guess this is probably a good time to update it, since it sounds like this added about 10 million new passwords to the list.
How do you word you error message when this happens? Some may get might embarrassed / scare if they think you already know what their password is (but I suppose they really do need to be told)
I think I tested it out in June? I remember the error message explicitly mentioning the password had been found in a global database of leaked passwords. Which is probably as neutral and honest as you can word it.
The blogpost mentions there are a fair number of duplicates, but it's still a massive breach on it's own. The fact that really worries me is that this isn't the result of an intrusion detection but literally the dataset floating around freely on the web.
Well damn, my passwords got leaked. Fortunately I've been using a password manager(bitwarden) for quite some time, so all my accounts should be secure but now I feel the personal responsibility to help all my family and change their passwords...
If anything they should probably check passwords for essential services first, bank accounts, primary emails, any other essential service providers etc. just so they don't run the risk of those being ransomed.
Is there a way to see which sites compromised accounts are from on HIBP? All I've been able to determine is that my email address is in this dump, but that's it.
It's impossible because the data itself is not in the dump. Just a set of emails and passwords, sorry. Even if you haven't been compromised getting a password manager and using a unique password everywhere is a good idea
Multi-factor authentication, everywhere, all the time, not involving SMS.
Sadly MFA is still not universally adopted, so I imagine quite a few people will have no way to secure some of their info that way.
Do people here agree that 1Password is the shit? I'm going to get a password manager now (wasn't in this breach luckily but have been in the past). I'm a Mac and iOS user.
I strongly recommend 1Password as a "no frills" password manager.
If you want something free and/or self-hosted, go with KeepassXC. Otherwise, go 1Password. It's simple and easy to use (I converted my mom to it!), featureful, and honestly cloud syncing is a must for this kind of thing even if it scares some people. 1Password also integrates HIBP with its "Watchtower" feature to tell you if some of your passwords are known to be compromised.
The other thing with 1Password is they have an enterprise offering that you 100% should talk to your employer about if you work at all with a computer. It's a good occasion to potentially push a password manager for your work, and you get the personal plan for free.
I used KeePassX with Dropbox for a long time. These days I use Syncthing.
I've heard good things. Personally I'm transiting between Lastpass and Keepass, but the latter is much more cumbersome.
Here's a follow-up article by Brian Krebs as well: https://krebsonsecurity.com/2019/01/773m-password-megabreach-is-years-old/
It's mostly in response to a lot of other sites that were acting like this was some brand new gigantic breach, but has a bit of other interesting info in it as well.