Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
The leaning tower of Piezo

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.



Possible Data Breach

My Password Checker popped up a warning that there'd been a data breach on this site
  [vote for,

It monitors sites I log into and suggested that I change my password.
AusCan531, Oct 02 2020

Passwords even a US President can memorize https://xkcd.com/936/
[kdf, Oct 02 2020]


       Hadn't heard about that - worth repeating the Halfbakery's security advice though:

"We don't collect data for commercial purposes, and you aren't supposed to be able to download the list of accounts and passwords from us, but we make no guarantees about the security of this site or the data stored on it.

... the account passwords are stored in the clear in the current database, and they're transmitted in the clear when you log in, and backed-up in the clear to the halfbakery's password-protected backup account (on another commercial hosting service). The root user of this machine could in theory impersonate any of its users.

Absolutely do not use a password you also use for personal, high-security accounts. (You shouldn't reuse those in general.)"
hippo, Oct 02 2020

       I assumed everyone here uses a randomly generated 57-character password which they change twice a day?
pocmloc, Oct 02 2020

       I use RSA which changes every minute. (but not for here)...
RayfordSteele, Oct 02 2020

       While not worried, I’m curious what password checker reported a breach here.
kdf, Oct 02 2020

       I may have misunderstood the details, but the way I understand it, Google now plug into publicly available hacked username/password directories and compares the values held there against what it remembers in your browser settings for memorised passwords. If it finds a match, you get a warning.   

       So [AusCan531] it *may* be the case that if you use the same username/password here that you use somewhere else, and that *somewhere else* gets hacked, your identical credentials here might get flagged as being insecure. Equally, it may be the other way around - but that's not important - the fact that your username/password combination is now out-in-the-wild is the main deal. That's the way I read it anyway.
zen_tom, Oct 02 2020

       // memorised passwords //   

       Foolish, foolish ...
8th of 7, Oct 02 2020

       Maybe it should be Man Woman Person Camera TV...
RayfordSteele, Oct 02 2020


back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle