Password Change

D

davek14

Joined
May 30, 2009
Messages
2,398
How do I stop receiving password change alerts?
My password here is actually one of the oldest ones I use, is not used anywhere else, and is unique.
 
Normally if you are getting that it means that your PW has appeared on a site listing compromised PWs
 
Andy the Aussie said:
Normally if you are getting that it means that your PW has appeared on a site listing compromised PWs
Click to expand...
I've been to that site as recommended. It shows me on lists and on LinkIn. I've had this password way before I ever started on LinkIn. I haven't used the password I have on this site anywhere else in many years. I'm pretty sure that it is not compromised and it's definitely unique for me.
 
If you change your password to meet the new requirement you'll stop getting the alerts.
 
davek14 said:
I've been to that site as recommended. It shows me on lists and on LinkIn. I've had this password way before I ever started on LinkIn. I haven't used the password I have on this site anywhere else in many years. I'm pretty sure that it is not compromised and it's definitely unique for me.
Click to expand...
The fact you haven't used it recently really isn't relevant to its security, not that other people don't use the same password. Sites you don't go to anymore get hacked as well, and unless you deleted your account and they don't retain data for deleted accounts, the password is probably still there. Reusing the same password yourself on multiple sites even in the past is the security issue.

I believe Spark Spark said he integrated hibp with the forum. Rather than by account, you can check to see if the password itself (or hash) has been compromised on this page of theirs https://haveibeenpwned.com/Passwords. If it comes up, the password/hash has been compromised, and you really should change it everywhere.
 
kreole said:
The fact you haven't used it recently really isn't relevant to its security, not that other people don't use the same password. Sites you don't go to anymore get hacked as well, and unless you deleted your account and they don't retain data for deleted accounts, the password is probably still there. Reusing the same password yourself on multiple sites even in the past is the security issue.

I believe Spark Spark said he integrated hibp with the forum. Rather than by account, you can check to see if the password itself (or hash) has been compromised on this page of theirs https://haveibeenpwned.com/Passwords. If it comes up, the password/hash has been compromised, and you really should change it everywhere.
Click to expand...
I went to the link you provided and typed in random words and phrases, also adding caps and punctuation, and got hits 10 times. No misses.
It does not show what user is associated with the password. Then it tries to sell you a password manager.


Ya know, I gotta say it. Great paranoia as to security might be overkill on a forum. What's gonna happen? An errant hacker might get on here and trash post in my name?
The only real worry as to forums being hacked is if you use the same passwords on more important sites like banking, etc..
I personally do as little as possible online financially, and what little I do has totally unrelated and unique passwords.
 
davek14 said:
I went to the link you provided and typed in random words and phrases, also adding caps and punctuation, and got hits 10 times. No misses.
It does not show what user is associated with the password. Then it tries to sell you a password manager.


Ya know, I gotta say it. Great paranoia as to security might be overkill on a forum. What's gonna happen? An errant hacker might get on here and trash post in my name?
The only real worry as to forums being hacked is if you use the same passwords on more important sites like banking, etc..
I personally do as little as possible online financially, and what little I do has totally unrelated and unique passwords.
Click to expand...
What happens is you get locked out of your own account here then have to somehow prove to Spark that you are who you say you are. While that is happening, someone who now has control of your account starts posting multiple in-demand blades at reasonable prices and scams a bunch of people using your username because you failed to take a few minutes and update your old and unique password.

Don't mean to come off harsh but have you seen what's been going on here and on other forums? Also you SHOULD be changing your passwords at least 3 times a year unique or not.
Spark said somewhere here (GB&U?) of his frustration with account hacks here and seemed to be almost ready to require everyone here to change their passwords.

Just change it. It may save others members here from getting scammed. How would you feel if you jumped on a knife you want, send funds then find out the account of the user was hacked and you are out $$$.
 
davek14 said:
I went to the link you provided and typed in random words and phrases, also adding caps and punctuation, and got hits 10 times. No misses.
It does not show what user is associated with the password. Then it tries to sell you a password manager.


Ya know, I gotta say it. Great paranoia as to security might be overkill on a forum. What's gonna happen? An errant hacker might get on here and trash post in my name?
The only real worry as to forums being hacked is if you use the same passwords on more important sites like banking, etc..
I personally do as little as possible online financially, and what little I do has totally unrelated and unique passwords.
Click to expand...
If you don't trust the site, that's definitely reasonable. However, from that page (https://haveibeenpwned.com/Passwords, down in "Downloading the Pwned Passwords list"), you can download their whole set of password hashes and check them yourself against your own password. Then you'll know for sure if they're just always saying a password is "pwned" or if it's really in their database.

As LMT66 LMT66 mentioned, the reason this change was made is because accounts are getting taken over left and right, then used to scam folks out of money.
 
kreole said:
If you don't trust the site, that's definitely reasonable. However, from that page (https://haveibeenpwned.com/Passwords, down in "Downloading the Pwned Passwords list"), you can download their whole set of password hashes and check them yourself against your own password. Then you'll know for sure if they're just always saying a password is "pwned" or if it's really in their database.

As LMT66 LMT66 mentioned, the reason this change was made is because accounts are getting taken over left and right, then used to scam folks out of money.
Click to expand...
I am very certain that my password is unique. It is a password which is so old that have not used it elsewhere in many years. Looking at the site and where I was supposed to be compromised, it is not the same password.

I just went and tried to change my password and was told the new one was too weak. It had a cap, a number, and a special character. It was 10 characters long. This is a little crazy at this point.

I'll try again. I don't want to have to use a password manager to log onto a forum.
 
The password is set to medium strength, so try an uppercase letter too.
 
You must log in or register to reply here.
Back
Top