[CoachKandSportsguy]

🚨 PSA: An enormous password leak of about 9.9 billion passwords was just posted on hacker forums. This could give the bad guys a massive advantage. 🚨

What do to:

1) Change your passwords

2) Use unique passwords across each account

3) Setup app-driven 2FA wherever possible

[Altavia]

Password Managers are your friend.

Security through obscurity?

"I know this might sound funny, but what's an extra 1.5 billion passwords?” Daniel Card, a self-proclaimed Cyber Ninja Warrior and founder of the PwnDefend security consultancy, said.

He has a point: once such databases reach a tipping point regarding unique password size, it makes precious little difference how many new ones get added.

“When we look at how people create passwords,” Card said, “is that going to change the world? Probably not.

I don't think this changes the threat actors’ capability in any meaningful way.”


New Security Alert: Hacker Uploads 10 Billion Passwords To Crime Forum—Report

[OrangeBlossomBaby]

Looks like I'll have to come up with a new system of password creation. Every 3 months, a dozen accounts demand that I change the password. I can't remember that many changes. So I have to enter them into a database that I created. The database is also "locked" with a password, and not loaded into the cloud or available on the internet at all. It's on a microchip and a thumb drive. But it stores around 120 accounts for stores, credit card info, library card, drivers license number, medical insurance group number, etc. And those rewards programs that giver you discounts if you enter your phone number and password when you buy something at a store.

I'll look tomorrow and spend a couple of hours re-creating my system. It's easy enough for me to remember them all as long as I stick with my system.

[Maker]

One of the best password managers is KeePass. Perhaps it is the best out there.
Free. Donate if you want (I did).
Can generate passwords of any length, character types, or complexity.
Filters to configure passwords to not use certain characters like 1 l L i I 0 o O
Use different ID and password for every site. Whatever you want.
Community reviewed and no security flaws.
One master password encrypts the entire database. Pick a long passphrase and it is not crackable (even by the NSA) if stolen.
You have exclusive control over your database. Safe to store on your cloud for multiple devices to access.
No single place for hackers to extract private information.
Able to store and URLs. Never click a link sent to your email, always go to the known trusted site.
Integrates into browsers to launch a URL, then send credentials, without wasting time with copy\paste. Uses an encrypted process to be safe from key loggers.
Hundreds of add-ins to make things work in custom ways.
Notes area to store account info or other important info.
Fields can be used for any text\numbers you want.

[OrangeBlossomBaby]

Quote:

Originally Posted by Maker

One of the best password managers is KeePass. Perhaps it is the best out there.
Free. Donate if you want (I did).
Can generate passwords of any length, character types, or complexity.
Filters to configure passwords to not use certain characters like 1 l L i I 0 o O
Use different ID and password for every site. Whatever you want.
Community reviewed and no security flaws.
One master password encrypts the entire database. Pick a long passphrase and it is not crackable (even by the NSA) if stolen.
You have exclusive control over your database. Safe to store on your cloud for multiple devices to access.
No single place for hackers to extract private information.
Able to store and URLs. Never click a link sent to your email, always go to the known trusted site.
Integrates into browsers to launch a URL, then send credentials, without wasting time with copy\paste. Uses an encrypted process to be safe from key loggers.
Hundreds of add-ins to make things work in custom ways.
Notes area to store account info or other important info.
Fields can be used for any text\numbers you want.

So what happens after 90 days, and one of your accounts requires you to change its password? You have to manually put in your account name and password, or it won't allow you to change it. And then it sends a text to your phone or an e-mail to the linked address, and you have to verify by putting in the 6-digit number it sends you. And THEN you can change the password.

You might have 4-20 different accounts that require you to do that. ADP (payroll) does it, so does my bank. And they're at different intervals so I have to change one of them, and then 20 days later I have to change the other one.

How do you do that with keypass, that lets you never have to remember your password?

[Maker]

Quote:

Originally Posted by OrangeBlossomBaby

So what happens after 90 days, and one of your accounts requires you to change its password? You have to manually put in your account name and password, or it won't allow you to change it. And then it sends a text to your phone or an e-mail to the linked address, and you have to verify by putting in the 6-digit number it sends you. And THEN you can change the password.

You might have 4-20 different accounts that require you to do that. ADP (payroll) does it, so does my bank. And they're at different intervals so I have to change one of them, and then 20 days later I have to change the other one.

How do you do that with keypass, that lets you never have to remember your password?

It's still some manual work, but a lot easier. 2FA is annoying, but I want it to be as simple as possible.

Open website with KeePass - double click on URL
Select user id field with mouse
Right click entry in KeePass and select "perform auto-type" (logs you in)
Verify 2FA code sent to you
(if necessary...) Right click KeePass entry and send current password
Double click entry in KeePass. Click icon to generate new random password. Send to website.
Save database (with new password for your site.

[Sandy and Ed]

It will never happen and admittedly does sound extreme but……would love to see identity theft added to the list of capital offenses. How much angst, time and fortune is wasted on this crime??

[thevillager1988]

IMHO 2-factor authentication is the answer. For every account. Should be offered for every account. Fortunately it is for financials.

[golfing eagles]

What I'd like to know is how this clown accumulated 9 billion passwords in the first place?

[Cuervo]

I don't understand why people use password managers in the first place.
It seems that hackers with enough effort will break into anything.
To save worries use pen and paper and keep all your password in a drawer.
Other than the information I am forced to divulge to conduct business I store everything in a backup drive.

[spinner1001]

Quote:

Originally Posted by CoachKandSportsguy

🚨

What do to:

1) Change your passwords

2) Use unique passwords across each account

3) Setup app-driven 2FA wherever possible

1) Use passwords that are complex. (Changing to simpler passwords does help much to address the referenced event of posting billions of passwords online because simpler passwords are likely on that list.)

Complex passwords push people to use password managers, which I use. Choose your password manager wisely.

2) and 3) are good advice.

[spinner1001]

Quote:

Originally Posted by Cuervo

I don't understand why people use password managers in the first place.
It seems that hackers with enough effort will break into anything.
To save worries use pen and paper and keep all your password in a drawer.
Other than the information I am forced to divulge to conduct business I store everything in a backup drive.

Read two times.

ChatGPT

[ronjon309]

Quote:

Originally Posted by CoachKandSportsguy

🚨 PSA: An enormous password leak of about 9.9 billion passwords was just posted on hacker forums. This could give the bad guys a massive advantage. 🚨

What do to:

1) Change your passwords

2) Use unique passwords across each account

3) Setup app-driven 2FA wherever possible

Additionally, FREEZE YOUR CREDIT REPORTS at all three credit reporting agencies so no one can open accounts with your info!

[MikePgh]

Quote:

Originally Posted by OrangeBlossomBaby

Looks like I'll have to come up with a new system of password creation. Every 3 months, a dozen accounts demand that I change the password. I can't remember that many changes. So I have to enter them into a database that I created. The database is also "locked" with a password, and not loaded into the cloud or available on the internet at all. It's on a microchip and a thumb drive. But it stores around 120 accounts for stores, credit card info, library card, drivers license number, medical insurance group number, etc. And those rewards programs that giver you discounts if you enter your phone number and password when you buy something at a store.

I'll look tomorrow and spend a couple of hours re-creating my system. It's easy enough for me to remember them all as long as I stick with my system.

Look into a password manager app for your phone. I use Keeper for my personal stuff and our business uses Last Pass. Both are pretty secure. They also sync across devices. So I have Keeper on my phone and iPad as well as my wife’s devices. Last Pass is on my phone and laptop.
I have the master password set to biometric so you need my face to gain access to the app. All passwords generated are 12 or 16 characters long.

[JRcorvette]

Quote:

Originally Posted by Maker

One of the best password managers is KeePass. Perhaps it is the best out there.
Free. Donate if you want (I did).
Can generate passwords of any length, character types, or complexity.
Filters to configure passwords to not use certain characters like 1 l L i I 0 o O
Use different ID and password for every site. Whatever you want.
Community reviewed and no security flaws.
One master password encrypts the entire database. Pick a long passphrase and it is not crackable (even by the NSA) if stolen.
You have exclusive control over your database. Safe to store on your cloud for multiple devices to access.
No single place for hackers to extract private information.
Able to store and URLs. Never click a link sent to your email, always go to the known trusted site.
Integrates into browsers to launch a URL, then send credentials, without wasting time with copy\paste. Uses an encrypted process to be safe from key loggers.
Hundreds of add-ins to make things work in custom ways.
Notes area to store account info or other important info.
Fields can be used for any text\numbers you want.

You should give a course on how to set up and use this. I have tried several password management systems and they are too complicated.