This is a most excellent place for technology news and articles.
Use the "passwords" feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They'll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
God fucking dammit, I fucking hate seeing people self-censor themselves on the internet.
Possibly related question. Layely I've been getting email 'replies' from various businesses and services (all over the country, USA) all about an 'inquiry' that I never made. Apparently someone just got my email address and is using that for -- what ? A couple questions:
** What is that someone up to, why doing that?
** Should I do something about that?
** What could I do? Don't want to change email address.
That's just your email address being sold by information brokers. Not illegal, not a reason to change your email address. Block, delete & move on.
Probably unrelated, domain spoofing is common, but miss-configured mail servers will accept those emails and process auto replies. They can also abuse input forms to try and send out emails, but that typically does not have much control over content.
If you are getting more emails than you can deal with, than can be used to try and mask other emails by burying them in a large email volume. In that case you should be looking for emails from important accounts you do own (eg banking.)
I got this email a few days ago. I don’t even know who these people are and why they have my details. But I’ve had to change my Google account passwords anyway.
Why did you censor yourself in the title?
Pratchett fan
-ing hell, is it?
They'll censor "fucking", but still use the Lord's name in vain. smh.
Who cares about your invented god? Let people speak however they want
Probably because they primarily live in a censorship world, be it digital or in-person, and change is difficult for most people.
For me, if this happens, it has no impact since almost every page i sign up to has a unique password. The most important ones has mfa as well.
Use a password manager. Simple.
I use a password manager in my personal life but my job doesn't allow it so I have to keep the 10 or so passwords I have for various vendor sites in my notes. All my passwords are the same thing with slight variations to meet the different asinine password policies the different sites use. It's fucking stupid but I don't care if they're not going to give me a good way to keep all this shit straight.
Totally fair. I also dont care if company blocks things i need to do it right.
1Password and Bitwarden both work across multiple devices, os's and browsers. Work uses 1Password which i have on work computer and work phone. i use bitwarden across home desktop, laptop, phone, homelab, testing phones
How unique do passwords have to be in order to be considered safe? If they follow a pattern are they still safe or do these bots try alterations to the leaked passwords as well?
Like if your password to Reddit was reddit1234 and your password to Google was google1234, if the Reddit password leaked is your Google one still okay?
Probably not if it's a human but bots shouldn't be able to figure that out ya?
They are completely random strings for each site, so having one will not help crack the other.
But if people pick their own passwords, it tends to be some word like you wrote, and then a hacker could try and crack the others by guessing similar words.
That would be great if I only used one browser on one device with one operating system. Between my work laptop, my Macbook, my phone, and my gaming PC nothing syncs and it's very difficult to share storage between all of them.
You can install bitwarden on all those devices. Maybe im not fully understanding...
I also dont use just one computer and platform.
Yeah, just tell your work IT staff that you need admin rights to your workstation so you can "install the software you want to" (that they don't supply or support or update).
See how well that works. /s
Ah right. Sorry, I just always used Linux with admin rights since I work in IT.
Didn't mean to offend you (or anyone else).
I work in IT too (Windows) and have admin rights on my workstation. Even though I have the power to install any software, it's against policy to do so (and technically that's a good policy).
Also, I don't like the idea of anyone/anything but me having my passwords. I go with 2FA if something is important/certified based 2FA if it's really important.
I share my Bitwarden account among 4 browser profiles on 2 PC-s.
I don't think anyone just uses one device anymore, pretty sure there are workarounds.
Protip for the room: Use a password manager with a unique password for every service. Then when one leaks, it only affects that singular service, not large swaths of your digital life.
And an email alias.
I hate how many places don't allow for + aliases. I want to know who leaked my email.
I use my own domain with a catchall, works like a charm
Also 2FA. You'll still want to change passwords but it buys you time.
Don't forget unique email addresses. I've had two spam emails in the last 6 months, I could trace them to exactly which company I gave that email address to (one data breach, one I'm pretty sure was the company selling my data). I can block those addresses and move on with my life.
My old email address from before I started doing this still receives 10+ spam emails a day.
This is why my password is hunter2, no one can see what is says under the asterix,
for anyone who doesn't get the reference, it's an ancient Bash chatlog: https://knowyourmeme.com/memes/hunter2
(it's asterisk)
Are we supposed to pronounce the two "data"s differently when reading aloud? Asking for a friend...
One is like data from Ten Forward.
The first one is like Mister, the second one is like "that, uh...."
As someone who consults in the IT Security space, It's bad out there. Contractors and BYOD companies are downright sheepish in asking their outsourced employees to do anything security-related to their devices. The biggest attack vector is allowed unfettered remote access (and therefore the whole company and any bad actors are also granted unfettered remote access)
I still can't get over how quickly companies-at-large have abandoned VPN Servers (removing network trust from the list of options as well)
I'm down to managed browsers via IdP, and I just can't wait for the objections to that as well. People out here offering their faces to leopards. Certificate-based MFA on all the things IMO - passwords shouldnt matter (but six digit MFA codes aren't immune to fake landing pages and siphoned MFA tokens that don't expire)
