Password Change

Joined
May 30, 2009
Messages
2,282
How do I stop receiving password change alerts?
My password here is actually one of the oldest ones I use, is not used anywhere else, and is unique.
 

Andy the Aussie

Platinum Member
Platinum Member
Joined
Jan 29, 2010
Messages
9,005
Normally if you are getting that it means that your PW has appeared on a site listing compromised PWs
 
Joined
May 30, 2009
Messages
2,282
Normally if you are getting that it means that your PW has appeared on a site listing compromised PWs
I've been to that site as recommended. It shows me on lists and on LinkIn. I've had this password way before I ever started on LinkIn. I haven't used the password I have on this site anywhere else in many years. I'm pretty sure that it is not compromised and it's definitely unique for me.
 
Joined
Feb 10, 2015
Messages
26,521
If you change your password to meet the new requirement you'll stop getting the alerts.
 

kreole

Gold Member
Joined
Jul 23, 2009
Messages
3,606
I've been to that site as recommended. It shows me on lists and on LinkIn. I've had this password way before I ever started on LinkIn. I haven't used the password I have on this site anywhere else in many years. I'm pretty sure that it is not compromised and it's definitely unique for me.
The fact you haven't used it recently really isn't relevant to its security, not that other people don't use the same password. Sites you don't go to anymore get hacked as well, and unless you deleted your account and they don't retain data for deleted accounts, the password is probably still there. Reusing the same password yourself on multiple sites even in the past is the security issue.

I believe Spark Spark said he integrated hibp with the forum. Rather than by account, you can check to see if the password itself (or hash) has been compromised on this page of theirs https://haveibeenpwned.com/Passwords. If it comes up, the password/hash has been compromised, and you really should change it everywhere.
 
Joined
May 30, 2009
Messages
2,282
The fact you haven't used it recently really isn't relevant to its security, not that other people don't use the same password. Sites you don't go to anymore get hacked as well, and unless you deleted your account and they don't retain data for deleted accounts, the password is probably still there. Reusing the same password yourself on multiple sites even in the past is the security issue.

I believe Spark Spark said he integrated hibp with the forum. Rather than by account, you can check to see if the password itself (or hash) has been compromised on this page of theirs https://haveibeenpwned.com/Passwords. If it comes up, the password/hash has been compromised, and you really should change it everywhere.
I went to the link you provided and typed in random words and phrases, also adding caps and punctuation, and got hits 10 times. No misses.
It does not show what user is associated with the password. Then it tries to sell you a password manager.


Ya know, I gotta say it. Great paranoia as to security might be overkill on a forum. What's gonna happen? An errant hacker might get on here and trash post in my name?
The only real worry as to forums being hacked is if you use the same passwords on more important sites like banking, etc..
I personally do as little as possible online financially, and what little I do has totally unrelated and unique passwords.
 

LMT66

Gold Member
Joined
Jun 18, 2008
Messages
10,886
I went to the link you provided and typed in random words and phrases, also adding caps and punctuation, and got hits 10 times. No misses.
It does not show what user is associated with the password. Then it tries to sell you a password manager.


Ya know, I gotta say it. Great paranoia as to security might be overkill on a forum. What's gonna happen? An errant hacker might get on here and trash post in my name?
The only real worry as to forums being hacked is if you use the same passwords on more important sites like banking, etc..
I personally do as little as possible online financially, and what little I do has totally unrelated and unique passwords.
What happens is you get locked out of your own account here then have to somehow prove to Spark that you are who you say you are. While that is happening, someone who now has control of your account starts posting multiple in-demand blades at reasonable prices and scams a bunch of people using your username because you failed to take a few minutes and update your old and unique password.

Don't mean to come off harsh but have you seen what's been going on here and on other forums? Also you SHOULD be changing your passwords at least 3 times a year unique or not.
Spark said somewhere here (GB&U?) of his frustration with account hacks here and seemed to be almost ready to require everyone here to change their passwords.

Just change it. It may save others members here from getting scammed. How would you feel if you jumped on a knife you want, send funds then find out the account of the user was hacked and you are out $$$.
 

kreole

Gold Member
Joined
Jul 23, 2009
Messages
3,606
I went to the link you provided and typed in random words and phrases, also adding caps and punctuation, and got hits 10 times. No misses.
It does not show what user is associated with the password. Then it tries to sell you a password manager.


Ya know, I gotta say it. Great paranoia as to security might be overkill on a forum. What's gonna happen? An errant hacker might get on here and trash post in my name?
The only real worry as to forums being hacked is if you use the same passwords on more important sites like banking, etc..
I personally do as little as possible online financially, and what little I do has totally unrelated and unique passwords.
If you don't trust the site, that's definitely reasonable. However, from that page (https://haveibeenpwned.com/Passwords, down in "Downloading the Pwned Passwords list"), you can download their whole set of password hashes and check them yourself against your own password. Then you'll know for sure if they're just always saying a password is "pwned" or if it's really in their database.

As LMT66 LMT66 mentioned, the reason this change was made is because accounts are getting taken over left and right, then used to scam folks out of money.
 
Joined
May 30, 2009
Messages
2,282
If you don't trust the site, that's definitely reasonable. However, from that page (https://haveibeenpwned.com/Passwords, down in "Downloading the Pwned Passwords list"), you can download their whole set of password hashes and check them yourself against your own password. Then you'll know for sure if they're just always saying a password is "pwned" or if it's really in their database.

As LMT66 LMT66 mentioned, the reason this change was made is because accounts are getting taken over left and right, then used to scam folks out of money.
I am very certain that my password is unique. It is a password which is so old that have not used it elsewhere in many years. Looking at the site and where I was supposed to be compromised, it is not the same password.

I just went and tried to change my password and was told the new one was too weak. It had a cap, a number, and a special character. It was 10 characters long. This is a little crazy at this point.

I'll try again. I don't want to have to use a password manager to log onto a forum.
 

Spark

HPIC - Hatas gonna Hate
Staff member
Administrator
Super Mod
Moderator
Joined
Oct 2, 1998
Messages
14,722
The password is set to medium strength, so try an uppercase letter too.
 
Top