Got something to say or just want fewer pesky ads? Join us... 😊
[Technology] Compromised Passwords
- Thread starter Bodian
- Start date
Nope.
Means your password is out there though in some stolen database. Dont think hackers and scammers etc are going to use it on your NSC account but if you have more important accounts with the same password you should definitely change them.
studio150
Well-known member
No.
But have just been advised I need to change my virgin hub password to at least something that is 12 characters long.
But have just been advised I need to change my virgin hub password to at least something that is 12 characters long.
I had that. It's a real pain having to type: 'jamesbondgoldfingerpussygaloreblofeldoddjobmoneypennyMQjaws006elektravesper' every time.
Got the same but they only recommended 8 characters. Chose snowwhiteandthesevendwarves.
...locked me out after three attempts, FFS.
- Thread starter
- #6
'more important' than NSC?!?
AmexRuislip
Trainee Spy 🕵️♂️
AmexRuislip
Trainee Spy 🕵️♂️
Did you type that? And by "you" I mean 'you'
I bet yr password has a Guinness variation.......
BBassic
I changed this.
- Jul 28, 2011
- 12,337
Can't recommend signing up to this enough: https://haveibeenpwned.com/
Troy Hunt, cyber security superstar, set this up. You can pop your email address in and it'll let you know if your data has been involved in a breach and what type of data was stolen. You can then sign up for an email list that'll let you know automatically.
It's a pain in the backside getting those emails because it means you've been pwned, as it were, and you're then looking at a bit of time changing all your passwords. Worth it though.
Troy Hunt, cyber security superstar, set this up. You can pop your email address in and it'll let you know if your data has been involved in a breach and what type of data was stolen. You can then sign up for an email list that'll let you know automatically.
It's a pain in the backside getting those emails because it means you've been pwned, as it were, and you're then looking at a bit of time changing all your passwords. Worth it though.
dadams2k11
ID10T Error
I guarantee that at least one member of NSC uses either Summer21/2021 or Sussex21/2021 for a password for an account.
When I password spray, I always use Summer, Winter, Autumn, or Spring with 20, 21, 2020, 2021 at the end. I have own then Domain with Summer2019 as a password.
When I password spray, I always use Summer, Winter, Autumn, or Spring with 20, 21, 2020, 2021 at the end. I have own then Domain with Summer2019 as a password.
Excellent advice. But to add to it: use a password manager. There's some good ones out there. If you're unwilling to pay, there are free options. The one built into Chrome is getting better all the time. It's not the best option out there, but it is better than nothing. Just make sure that the password you use for your password manager is something with very high strength and that you have never, ever, used anywhere else. In theory it's the only password you should actually need to have committed to memory (which is a bonus - make it long, make it complex, make it memorable for yourself). The downside is that it becomes a single point of entry into everything - but if you've protected yourself by having a strong password for the password manager (and when available use 2-factor auth) then that risk is easily minimised.
schmunk
"Members"
I have *ahem* 89 compromised passwords, but none of them is NSC.
Do you use the same username/password on another site? Perhaps that site was compromised but you've already changed that password, so it's not showing?
- Thread starter
- #14
Thanks all. Busy changing passwords via the chrome password-checker - didn't know it existed.
Thought the denigration of Potter was a bit unfair on the NSC questions for a new password - is his name now blocked and replaced with asterisks!
Thought the denigration of Potter was a bit unfair on the NSC questions for a new password - is his name now blocked and replaced with asterisks!
BBassic
I changed this.
- Jul 28, 2011
- 12,337
Yep, agree with all that.
I use LastPass but am thinking of changing because their free offering is no longer multi device. Have to upgrade to the 'Pro' version. Which is a bit shit because the 'Pro' version is what I'd been happily using for years.
maltaseagull
Well-known member
- Apr 19, 2018
- 1,874
I get that on one website. It's a financial one where username, password, date of birth etc are put in over multiple screens in hidden text fields. I don't see how my username and password are being linked by this alert system but even when I choose the random Google generated passwords I still get it so I think it's flagging my DOB link to my username somehow rather than password.