-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
My Internet Security Is Fu*ked
- Thread starter yumms
- Start date
How do you live?
Edit: you know sometimes when a website asks you to make a username and password it's possible to skip that part.
Edit2:
Edit: you know sometimes when a website asks you to make a username and password it's possible to skip that part.
Edit2:
No
Look into using a password manager like Bitwarden or Keepass.
Edit- you might want to see where you have been compromised here:
haveibeenpwned.com
Edit- you might want to see where you have been compromised here:
Have I Been Pwned: Check if your email has been compromised in a data breach
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
Last edited:
And that's why your internet security is fucked. You gotta dedicate the time to rotate your passwords. Get a good password vault (like Bitwarden or One Password), have unique passwords for everything, and turn 2FA on wherever it's available. It will be a pain in the ass to set up, but once you get it setup, maintenance is minimal.
How.... how do you have... does 414 mean that there are 414 instances of one or more password being reused? Or 414 passwords that have been reused elsewhere?
How do you even have 414 places to use a password in???
How do you even have 414 places to use a password in???
Get a password manager. I use LastPass and love it though I know others prefer other ones too, there's usually a solid password manager thread every few months with good recommendations in it. LastPass has made some weird decisions around their subscription models the last 1 or 2 years, but now I'm kinda in bed with the software and it's tough to drop. From the recommendations of others like super-famicom Bitwarden seems like a great option too.
Google's built in password manager in chrome isn't bad either if you commit to it, and if you're a chrome user on mobile then it all syncs up. I'd say it's probably best to have a 3rd party one that's not contingent on your browser, but others might prefer the convenience.
I was in a similar situation 10 years ago or whenever I started using lastpass, and then ocne every couple months I take their security challenge and go tohrough the backlog of cleanup. I'll never get a "100% Secure!" rating or anything, but I'm up around ~90% or so in their security challenge, with a lot of the "insecure" passwords are for services or sites that are private or I can't control (old client websites, work stuff that is out of my hands for internal/non-public, and then some personal stuff that I don't give a shit about or can't change)
Most of the "48" warnings are junk, and a handful are actually insecure but they're one-time use things that I generally don't give a shit about and that a hacker couldn't do anything with, and it'd be a pain in the ass to change them. I should probably just delete them form LAstPass.
It means the same password is used on 414 sites/log-ins. That's pretty common.
I don't think 414 is a huge number if you've been using the internet for a long time. I've got about 550 sites/services/apps/etc saved in LastPass.
Google's built in password manager in chrome isn't bad either if you commit to it, and if you're a chrome user on mobile then it all syncs up. I'd say it's probably best to have a 3rd party one that's not contingent on your browser, but others might prefer the convenience.
I was in a similar situation 10 years ago or whenever I started using lastpass, and then ocne every couple months I take their security challenge and go tohrough the backlog of cleanup. I'll never get a "100% Secure!" rating or anything, but I'm up around ~90% or so in their security challenge, with a lot of the "insecure" passwords are for services or sites that are private or I can't control (old client websites, work stuff that is out of my hands for internal/non-public, and then some personal stuff that I don't give a shit about or can't change)
Most of the "48" warnings are junk, and a handful are actually insecure but they're one-time use things that I generally don't give a shit about and that a hacker couldn't do anything with, and it'd be a pain in the ass to change them. I should probably just delete them form LAstPass.
It means the same password is used on 414 sites/log-ins. That's pretty common.
I don't think 414 is a huge number if you've been using the internet for a long time. I've got about 550 sites/services/apps/etc saved in LastPass.
Last edited:
I swapped to a password manager last week after years of putting it off: took only about an hour or so of scrying though my logins and deciding what i really wanted, you'll just need to put in that time
I used LastPass Premium for around 4 years, but switched to Bitwarden after LastPass made dumb changes to their sub model. Migrating everything over was incredibly simple to do and I'm glad I made the switch.
When they say compromised, they just mean they have showed up on breech list. Not that they have actually been logged into. Just go back and start changing your passwords. Let your password manager choose something strong for you. AS for password managers, just make sure you choose something thats both on your computer and phone. I switch over to Bitwarden last year and love it.
Take a day and go and delete accounts you don't use. I do this every year to cut down on crap sitting out there using similar passwords and breadcrumbs.
You aren't forced to reset; you can just add the log in info as is. But I usually change the passwords for very important things (bank, credit card, etc) every 6 months. And I use Authy for 2FA.
What's the best way of doing that? I am curious about setting one up now.
Ok, this thread has sold me on finally getting a password manager. Which is the best one to easily/ automatically change password on my websites where they are reused, or do I have to change passwords manually and store them?
Oh interesting, I'll have to check that out if I want to switch. Thanks for the rec.
I have an oooold subscription that I thikn I've been grandfathered in to the new models, at least my use cases haven't been disrupted so I'm good for now.
That's what OP is using. Seems they just too lazy to change the password :P
Like everyone here is saying, get a password manager. I reccommend Bitwarden as it does absolutely every you'd need a password manager to do in its free tier.
I'd recommend Bitwarden. I switched over to them after using LastPass Premium for 4 years and couldn't be happier. You will need to log into your accounts to change the passwords, but Bitwarden or any other password manager can create a new password for you and auto fill it in.
See these threads for why many Era members switched to Bitwarden:
LastPass Free will only be available on one 'device type' (mobile or PC) starting March 16th
If I learned about Bitwarden earlier, I would have switched months ago. My issue is how terrible the UI is on LP for both mobile and the browser. The browser doesn't automatically update the vault if you update info and will randomly log out at times and the mobile app has periods where it will...
www.resetera.com
LTTP: Bitwarden
So yeah. I was a LastPass user for a long time, and I was weighing just paying for it when they swap over to their new one-device scheme, but I saw all the recommendations for Bitwarden here, and I'm glad I switched, as it's so much better! Transferring my LastPass database took literally...
www.resetera.com
Google password checkup is a joke anyways. When they say your password has been "compromised" it can mean anything, literally.
Sometimes it flags your password as compromised if the company reported a data breach in which nothing was even taken.
You should probably change the password just to be safe, especially if money is involved or a credit card stored. But honestly, 90% of the time that indicator is complete bullshit.
Sometimes it flags your password as compromised if the company reported a data breach in which nothing was even taken.
You should probably change the password just to be safe, especially if money is involved or a credit card stored. But honestly, 90% of the time that indicator is complete bullshit.
Auto changing is a feature on many of them, but it only works for certain sites, and even then it can be glitchy. I would recommend Bitwarden or One Password.
I literally posted an answer that's right above your post.
The password manager trusted by millions | Bitwarden
Bitwarden makes it easy for businesses and individuals to securely generate, store, and share passwords from any location, browser, or device. Create your free Bitwarden account today.
bitwarden.com
Update
Just do it like everyone did it: one password at a time, beginning by the most important accounts (your email account and every account linked to your credit card). And do it gradually, after your critical accounts are taken care off, don't try to change all of the rest the same day if it's overwhelming you.
Only works if you use the Google/Chrome Password Manager
To stay secure online, Password Checkup has your back
Password Checkup checks the strength and security of your saved passwords, tells you if they’ve been compromised, and gives you personalized recommendations.
I feel ya op. Although what I've done is change passwords on big sites first while letting the smaller sites that I never use to sit there. Might be a dumb decision but I've been relying on emails to notify me of "suspicious login attempts/logins" to which I go and change it.
I strongly recommend Bitwarden! All you need is a master password which you could physically write down on something and stash it away. I personally combined two unique shorter passwords I used in the past for it and have never messed up the password. Bitwarden creates customizable strings of password that you use for the site, then save on the app. It also saves things like credit cards if that's something you'd find convenient. I wasn't into the idea of having a password manager but this decision was so worth it.
I strongly recommend Bitwarden! All you need is a master password which you could physically write down on something and stash it away. I personally combined two unique shorter passwords I used in the past for it and have never messed up the password. Bitwarden creates customizable strings of password that you use for the site, then save on the app. It also saves things like credit cards if that's something you'd find convenient. I wasn't into the idea of having a password manager but this decision was so worth it.
Use a password manager, and make an effort to change 15-20 passwords a day. Over coffee in the morning, just do it bite sized. It will be fairly painless that way, and it won't feel insurmountable.
It's far better to do it at a pace you're comfortable with, than not doing it at all because you are overwhelmed by the task.
If your important accounts are protected by unique and solid passwords, temporarily losing your access to accounts from smaller websites will only be a minor inconvenience and not 'oops, I need to send a ton of papers to my bank to recoup the money someone spends after gaining access to my bank account via my [small website]'s account'.
I don't see any picture, just an error "?" where it should be. Maybe those people are in the same situation.
One use of a password manager is to make it easier not to use the same password on different sites.
Good point, thanks!
That's right, I appreciate two features for that purpose: a password vault review like the OP shows which tells you when you've got repeated passwords already stored, and a password generator that ideally would be integrated into browsers/OS UI and so appears automatically when signing up for things.
Much appreciation for haveibeenpwned.com over the years.
It does.
The point of a password manager is that you have one (local) password for your password manager, and each site has its own unique password generated by the manager.
If you somehow end up with 400+ duplicate passwords, you weren't using the password manager correctly.
You're supposed to use it to auto-fill the account creation form, so that it generates a unique random password for that site.
Personally I like 1Password for the family subscription.
I have it set up so that my family's accounts default to a vault that is shared between them and myself, rather than a personal vault.
That way, their accounts are private from each other, but I have access to everything (with their permission).
This makes it so much easier to help them out remotely, because I can be in a call with them and just do whatever they're asking for help with, rather than trying to talk them through it step-by-step without being able to see the page/information in front of me.
Wherever it is hosted does not support proper hotlinking. Here's a rehost:
