Password compromised

Announcements, Introductions, Forum Support and Questions
Post Reply
james
Posts: 866
Joined: 19 Aug 2009, 20:17
Location: Melbourne

Password compromised

Post by james » 22 Mar 2019, 02:51

I just received a dodgy scam email that contained the password I use here,

Just a heads up

packrat
Posts: 997
Joined: 27 Oct 2017, 02:17
Location: Sydney

Re: Password compromised

Post by packrat » 22 Mar 2019, 03:19

Do you use it in more than one place?

james
Posts: 866
Joined: 19 Aug 2009, 20:17
Location: Melbourne

Re: Password compromised

Post by james » 22 Mar 2019, 12:02

packrat wrote:
22 Mar 2019, 03:19
Do you use it in more than one place?
No, and I've changed it twice since haha.

User avatar
BazzOnBass
Posts: 157
Joined: 20 Aug 2011, 01:00
Location: Broken Hill NSW

Re: Password compromised

Post by BazzOnBass » 16 Apr 2019, 11:26

The hackivists are everywhere, vigilance, more than ever, is essential. Changing pwds regularly is also a must.

Aussie security guru Troy Hunt has set up Have I Been Pwned where you can check to see if your email addy's have been compromised.

Even if you can't change that must-have compromised email addy, at least you'll be aware to change the password.

FWIW: As Troy is very active in his field, Troy travels the world, is highly regarded and indeed, a multi award winner within the I.T. security realm. If you are concerned about your and your kids online security, and we all should be, I urge you all to have a squizz at his main site
Washburn Force 8, Ibanez Acoustic/Elec, Fender MIA Precision, Michael Tobias 5 pre Gibson, MTD Artist, for gigs Mailloux #008.

Amps: LabSys 400B, GK MB500, TC Electronics RH500, Peavey TNT 130 Combo
Cabs: Ampeg SVT-410HLF Classic, Peavey 410

bigswifty
Posts: 1506
Joined: 24 Apr 2011, 18:53
Location: Sydney Hills District
Contact:

Re: Password compromised

Post by bigswifty » 16 Apr 2019, 19:33

Troy's site also let's you plug in a password to see whether it comes up in his database as being compromised, which I'd suggest is of more interest that whether your email address shows up in his list..
Mike

BazzOnBass wrote:
16 Apr 2019, 11:26
The hackivists are everywhere, vigilance, more than ever, is essential. Changing pwds regularly is also a must.

Aussie security guru Troy Hunt has set up Have I Been Pwned where you can check to see if your email addy's have been compromised.

Even if you can't change that must-have compromised email addy, at least you'll be aware to change the password.

FWIW: As Troy is very active in his field, Troy travels the world, is highly regarded and indeed, a multi award winner within the I.T. security realm. If you are concerned about your and your kids online security, and we all should be, I urge you all to have a squizz at his main site
I'm a mean offloading machine!

User avatar
NotTheFish
Posts: 2692
Joined: 07 Nov 2009, 18:49
Location: Bathurst

Re: Password compromised

Post by NotTheFish » 16 Apr 2019, 21:32

So after you have given him your email address you suggest we give him your password.. Hmmm..

packrat
Posts: 997
Joined: 27 Oct 2017, 02:17
Location: Sydney

Re: Password compromised

Post by packrat » 17 Apr 2019, 01:36

Well, then you know it has been compromised. Job done.

bigswifty
Posts: 1506
Joined: 24 Apr 2011, 18:53
Location: Sydney Hills District
Contact:

Re: Password compromised

Post by bigswifty » 17 Apr 2019, 13:08

I can understand if people are comfortable staying ignorant about whether their passwords are in some database for sale by criminals (and these databases are huge, cheap and widely available) by criminals. Personally I would rather know but that's just me.

Just change your password(s) after you've used Troy's site - if it is in his database, compromised, you'd be an idiot not to. If it's not in there, you still might as well as a part of your general 'net hygiene.

Or you can just hope for the best.

Mike
NotTheFish wrote:
16 Apr 2019, 21:32
So after you have given him your email address you suggest we give him your password.. Hmmm..
I'm a mean offloading machine!

packrat
Posts: 997
Joined: 27 Oct 2017, 02:17
Location: Sydney

Re: Password compromised

Post by packrat » 17 Apr 2019, 14:12

I use a unique email address for everything which gives me a great deal of certainty about spam and compromises. If you don’t reuse passwords, they’re not that useful to cycle. Frankly passwords are pretty rubbish as a key.

That said, to most actual compromises facing real users. Passwords on a post it on your monitor are pretty damn good security. Funny.

bigswifty
Posts: 1506
Joined: 24 Apr 2011, 18:53
Location: Sydney Hills District
Contact:

Re: Password compromised

Post by bigswifty » 17 Apr 2019, 15:29

packrat wrote:
17 Apr 2019, 14:12
Passwords on a post it on your monitor are pretty damn good security. Funny.
Relational to your physical security which could be anything between watertight and barely laughable. I agree that passwords are cr@p. Roll on SQRL (or whatever similar).
I'm a mean offloading machine!

packrat
Posts: 997
Joined: 27 Oct 2017, 02:17
Location: Sydney

Re: Password compromised

Post by packrat » 17 Apr 2019, 17:12

bigswifty wrote:
17 Apr 2019, 15:29
packrat wrote:
17 Apr 2019, 14:12
Passwords on a post it on your monitor are pretty damn good security. Funny.
Relational to your physical security which could be anything between watertight and barely laughable. I agree that passwords are cr@p. Roll on SQRL (or whatever similar).
Yes, but merely by your house being in Australia, you’ve made the various organised fraud and account harvesting organizations pay vastly too much for it to be worth while. With a few exceptions (nation-state funded attacked on single people or representatives of corporate interests) account harvesting is actually only valuable enough to do when it’s done at massive scale, and that means done via automated means.

And you can’t automate a post-it note.

Now, if you want *real* security, what you need is a second post it to stick over the top.

B>

User avatar
BazzOnBass
Posts: 157
Joined: 20 Aug 2011, 01:00
Location: Broken Hill NSW

Re: Password compromised

Post by BazzOnBass » 18 Apr 2019, 12:44

NotTheFish wrote:
16 Apr 2019, 21:32
So after you have given him your email address you suggest we give him your password.. Hmmm..
Huh?

Checking your email addy isn't giving him your pwd.

Yes, he has a pwd checking link as well if you wish to use it. Troy has a full and complete explanation on how your pwd is secured. Just read the link titled:
Read more about how HIBP protects the privacy of searched passwords.
If you, or anyone else, is sceptical of Troy, I suggest DYOR to confirm his bona fides. :thumbup:
Washburn Force 8, Ibanez Acoustic/Elec, Fender MIA Precision, Michael Tobias 5 pre Gibson, MTD Artist, for gigs Mailloux #008.

Amps: LabSys 400B, GK MB500, TC Electronics RH500, Peavey TNT 130 Combo
Cabs: Ampeg SVT-410HLF Classic, Peavey 410

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests