Password Change

davek14 · May 22, 2022

How do I stop receiving password change alerts?
My password here is actually one of the oldest ones I use, is not used anywhere else, and is unique.

Andy the Aussie · May 22, 2022

Normally if you are getting that it means that your PW has appeared on a site listing compromised PWs

davek14 · May 22, 2022

Andy the Aussie said:
Normally if you are getting that it means that your PW has appeared on a site listing compromised PWs

I've been to that site as recommended. It shows me on lists and on LinkIn. I've had this password way before I ever started on LinkIn. I haven't used the password I have on this site anywhere else in many years. I'm pretty sure that it is not compromised and it's definitely unique for me.

Danke42 · May 22, 2022

If you change your password to meet the new requirement you'll stop getting the alerts.

kreole · May 22, 2022

davek14 said:
I've been to that site as recommended. It shows me on lists and on LinkIn. I've had this password way before I ever started on LinkIn. I haven't used the password I have on this site anywhere else in many years. I'm pretty sure that it is not compromised and it's definitely unique for me.

The fact you haven't used it recently really isn't relevant to its security, not that other people don't use the same password. Sites you don't go to anymore get hacked as well, and unless you deleted your account and they don't retain data for deleted accounts, the password is probably still there. Reusing the same password yourself on multiple sites even in the past is the security issue.

I believe

Spark said he integrated hibp with the forum. Rather than by account, you can check to see if the password itself (or hash) has been compromised on this page of theirs https://haveibeenpwned.com/Passwords. If it comes up, the password/hash has been compromised, and you really should change it everywhere.

davek14 · May 23, 2022

kreole said:
The fact you haven't used it recently really isn't relevant to its security, not that other people don't use the same password. Sites you don't go to anymore get hacked as well, and unless you deleted your account and they don't retain data for deleted accounts, the password is probably still there. Reusing the same password yourself on multiple sites even in the past is the security issue.

I believe Spark said he integrated hibp with the forum. Rather than by account, you can check to see if the password itself (or hash) has been compromised on this page of theirs https://haveibeenpwned.com/Passwords. If it comes up, the password/hash has been compromised, and you really should change it everywhere.

I went to the link you provided and typed in random words and phrases, also adding caps and punctuation, and got hits 10 times. No misses.
It does not show what user is associated with the password. Then it tries to sell you a password manager.

Ya know, I gotta say it. Great paranoia as to security might be overkill on a forum. What's gonna happen? An errant hacker might get on here and trash post in my name?
The only real worry as to forums being hacked is if you use the same passwords on more important sites like banking, etc..
I personally do as little as possible online financially, and what little I do has totally unrelated and unique passwords.

LMT66 · May 23, 2022

davek14 said:
I went to the link you provided and typed in random words and phrases, also adding caps and punctuation, and got hits 10 times. No misses.
It does not show what user is associated with the password. Then it tries to sell you a password manager.

Ya know, I gotta say it. Great paranoia as to security might be overkill on a forum. What's gonna happen? An errant hacker might get on here and trash post in my name?
The only real worry as to forums being hacked is if you use the same passwords on more important sites like banking, etc..
I personally do as little as possible online financially, and what little I do has totally unrelated and unique passwords.

What happens is you get locked out of your own account here then have to somehow prove to Spark that you are who you say you are. While that is happening, someone who now has control of your account starts posting multiple in-demand blades at reasonable prices and scams a bunch of people using your username because you failed to take a few minutes and update your old and unique password.

Don't mean to come off harsh but have you seen what's been going on here and on other forums? Also you SHOULD be changing your passwords at least 3 times a year unique or not.
Spark said somewhere here (GB&U?) of his frustration with account hacks here and seemed to be almost ready to require everyone here to change their passwords.

Just change it. It may save others members here from getting scammed. How would you feel if you jumped on a knife you want, send funds then find out the account of the user was hacked and you are out $$$.

kreole · May 25, 2022

davek14 said:
I went to the link you provided and typed in random words and phrases, also adding caps and punctuation, and got hits 10 times. No misses.
It does not show what user is associated with the password. Then it tries to sell you a password manager.

Ya know, I gotta say it. Great paranoia as to security might be overkill on a forum. What's gonna happen? An errant hacker might get on here and trash post in my name?
The only real worry as to forums being hacked is if you use the same passwords on more important sites like banking, etc..
I personally do as little as possible online financially, and what little I do has totally unrelated and unique passwords.

If you don't trust the site, that's definitely reasonable. However, from that page (https://haveibeenpwned.com/Passwords, down in "Downloading the Pwned Passwords list"), you can download their whole set of password hashes and check them yourself against your own password. Then you'll know for sure if they're just always saying a password is "pwned" or if it's really in their database.

As

LMT66 mentioned, the reason this change was made is because accounts are getting taken over left and right, then used to scam folks out of money.

davek14 · Jun 14, 2022

kreole said:
If you don't trust the site, that's definitely reasonable. However, from that page (https://haveibeenpwned.com/Passwords, down in "Downloading the Pwned Passwords list"), you can download their whole set of password hashes and check them yourself against your own password. Then you'll know for sure if they're just always saying a password is "pwned" or if it's really in their database.

As LMT66 mentioned, the reason this change was made is because accounts are getting taken over left and right, then used to scam folks out of money.

I am very certain that my password is unique. It is a password which is so old that have not used it elsewhere in many years. Looking at the site and where I was supposed to be compromised, it is not the same password.

I just went and tried to change my password and was told the new one was too weak. It had a cap, a number, and a special character. It was 10 characters long. This is a little crazy at this point.

I'll try again. I don't want to have to use a password manager to log onto a forum.

Spark · Jun 14, 2022

The password is set to medium strength, so try an uppercase letter too.

Password Change

davek14

Andy the Aussie

Platinum Member

davek14

Danke42

kreole

davek14

LMT66

kreole

davek14

Spark

HPIC - Hatas gonna Hate