MegaSack DRAW - This year's winner is user - rgwb
We will be in touch
Been ignoring this message from google for months but should really sort it. Do I really have to change them one by one or will something like lastpass help?
Hmm, following this, I have a mere 67 to sort out
loads of them I can probably delete anyway, they're from defunct websites etc, but it's still a faff
The real danger is the passwords for compromised/defunct sites that you have re-used for non-compromised active sites.
^^^
That. My iCloud account got hacked from a long defunct last.fm account.
Fortunately i was online as it happened and got it back in a couple of minutes.
How do you find out how many compromised passwords you have?
The latest iOS and I’m assuming android tells you if any of the passwords it stores are on compromised lists.
Or try haveibeenpwned.com
Ah, okay. Looks like I'm clear for now. Had a weird hacking issue last year and lost access to my google account and had to start from scratch as it wouldn't let me reset it (they didnt believe I was me even though I had two factor authentication and was able to put the code they texted me in).
I'm much more careful now.
The latest iOS and I’m assuming android tells you if any of the passwords it stores are on compromised lists.
Does it flash that up in neon like intensity or do you have to ask?
A big pop up appears, can’t miss it. Mine does it whenever I log into google with chrome.
I use 1Password. It's good, I like it - chose it because it integrates into all the devices I use, including work. it also tells you which sites offer two-factor authentication that you haven't activated.
I used to be part of the "use the same password for everything" brigade until it was explained why that was such a bad idea!
It took me a while to sort everything out after getting 1password - as above, prioritize those accounts which would be most serious if they got hacked - email, paypal, amazon etc.
I recently discovered I had over 200 compromised passwords, however I've changed the most critical ones over to a new 20+ character formula that is different for each website.
According to a password checking website my old password would be hacked in under a minute. A password similar to my new one 19 septillion years....
Even ones restricted by no special characters and limited to under 10 characters would take 2000 years to crack by a computer.
I've started using a VPN 24/7 too. I use lots of public networks unfortunately.
One good reason to despise online retailers that force you to create an account rather than allowing checkout as guest 😡
Latest versions of Chrome suggest a password for you, since Chrome itself stores those passwords you don't have to remember them. Of course it's a pain if you decide to use a different browser to access one of those services.
I think I've eight "compromised" passwords but they are actually development passwords local to my machine.
it’s a pain if you decide to use a different browser to access one of those services.
I have Chrome on my phone specifically just so I can check what my stored password is when logging in somewhere on a different browser 😁
This is a job I keep meaning to do. I've changed my Google account password to something 'secure' (19 characters, alphanumeric mix), but I should really do the rest, as they're all pretty much between two others, one not very secure, one very not secure.
One good reason to despise online retailers that force you to create an account rather than allowing checkout as guest
Amen, brother. Especially the ones that make you choose some mentally long alphanumeric/special character/mixed case combination to, I dunno, buy a toilet brush.
I've got a few flagged, all of them seem to be sites that no longer exist (which is kind of good news). I do need to have a clear out though as it looks like I've a massive list of sites that I have accounts that I no longer use and could probably do with killing the account (if possible).
One good reason...
Not really.
If you want to check out as 'guest' then it's probably a one-time purchase in which case it doesn't matter if you don't remember the password. If that's not the case, use a password manager. There's a couple of good suggestions here and there's likely one literally baked into your browser. I don't know what probably two thirds of my website passwords are.
Especially the ones that make you choose some mentally long alphanumeric/special character/mixed case combination to, I dunno, buy a toilet brush.
"I'mBuyingAToiletBrush!" would be a fantastic password.
(Ruined it now though, sorry)
I went through this recently and discovered I had passwords stored for sites I had no memory of ever visiting. I cleared / reset them and now just use WCAPassword£ for all websites
Especially the ones that make you choose some mentally long alphanumeric/special character/mixed case combination
Yeah, always a hassle logging in when I can’t remember whether it is password, Password, Password1 or Password1! Life has just got so complicated 🙁
One good reason to despise online retailers that force you to create an account rather than allowing checkout as guest 😡
Even the ones offering Paypal which still insist on you manually entering an address even thuogh they have to use the one PP gives them.
Then there's the ones which insist on you filling in the County, WTF - utterly pointless.
So many cray shop front designs in circulation.
I just use PP for everything, if the site doesn't take PP, they don't get my custom (bar Amazon).
SAme position - 60ish I think at last count and been burying my head in the sand... Guess I need to sign up to 1password or something. Any other recommendations for something that works across laptop and iPhone??
@Cougar - as above, I use the one now built into Chrome. The only one I really need to remember is the one for Chrome itself which is an eleven, err, thirteen, err, err, .....
The only site I don't use it for is for banking and I then use the provided PIN sentry device. There's also a few, like HMRC, that use 2-factor authentication, so password and second device.
Ultimately the weakest link in all of this is us.
Any other recommendations for something that works across laptop and iPhone??
I’ve just gone through this. If you use Chrome on the laptop and iPhone then you can use Chrome to manage passwords on both. It’s a faff going through and changing passwords (using chrome to suggest new ones) but now it’s set up it’s easy & seems to be working well.
@cougar - yeah but when you go back a couple of years later and have no recollection of using them before.. so customers just end up using the one password they can remember...
Of course it’s a pain if you decide to use a different browser to access one of those services.
If you're on iOS, you can use Chrome as one of your password stores (in addition to the one baked into iCloud).
I use KeePass & Chrome and put 2fa on anything that supports it. Someone opened a PayPal credit card in my name and although it had nothing to do with my (then patchy) approach to passwords etc, it spooked me sufficiently to take action.
Which reminds me, might be time to back up my phone. In case there's a problem with Google drive...
The master password for KeePass (though mostly I use thumbprint) and the backup codes printouts are in a notebook in my safe.
Well on the back of this I trawled through all the passwords in Keychain Manager, reset a fair few and deleted some accounts I didn't even know I had.