maxreish (OP)
|
|
October 03, 2019, 03:25:14 PM |
|
This is it, Google make a way to secure our log in credentials and passwords to prevent data breaches. There is a called, "Password check up". To access and check it, you can try it in passwords.google.com. It was available as an extension that Google can access. I managed to be able to try it. Seems I have 11 websites that I have log in and can check up my passwords.
Find more here.
|
|
|
|
|
|
|
Transactions must be included in a block to be properly completed. When you send a transaction, it is broadcast to miners. Miners can then optionally include it in their next blocks. Miners will be more inclined to include your transaction if it has a higher transaction fee.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
mk4
Legendary
Offline
Activity: 2758
Merit: 3830
Paldo.io 🤖
|
Alternatively, you can also use https://haveibeenpwned.com/They even have a notification service whereas you would be notified if one of the websites your certain email is registered on is hacked/compromised, so you can change your password on that website as soon as possible to prevent problems with your account.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 2968
Merit: 2145
|
This requires you to save your password in your Google account which sounds like a bad idea from both privacy and security standpoints. Google has proven many times that they can't be trusted with personal data, and you also create more surface for attackers who'd want to compromise your accounts - instead of just one device, all of your devices that are connected to Google could be used to steal your passwords. Alternatively, you can also use https://haveibeenpwned.com/They even have a notification service whereas you would be notified if one of the websites your certain email is registered on is hacked/compromised, so you can change your password on that website as soon as possible to prevent problems with your account. Haveibeenpwned uses cryptography to guarantee users that they don't collect their submitted plaintext passwords - but we don't know how passwords.google.com works, and if they give us any guarantees, so it's better to avoid it.
|
|
|
|
dragonvslinux
Legendary
Offline
Activity: 1666
Merit: 2204
Crypto Swap Exchange
|
|
October 03, 2019, 08:37:16 PM Last edit: September 10, 2023, 02:55:06 PM by dragonvslinux |
|
This requires you to save your password in your Google account which sounds like a bad idea from both privacy and security standpoints. Google has proven many times that they can't be trusted with personal data, and you also create more surface for attackers who'd want to compromise your accounts - instead of just one device, all of your devices that are connected to Google could be used to steal your passwords. They are offering a service to check whether they have leaked your passwords or not, you just have to give them your passwords for them to check. Makes total sense, as long as they don't leak them yet again What you want to see at this link is something like this:
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3668
Merit: 6376
Looking for campaign manager? Contact icopress!
|
|
October 04, 2019, 09:33:16 AM Last edit: May 14, 2023, 03:29:02 PM by NeuroticFish |
|
They are offering a service to check whether they have leaked your passwords or not, you just have to give them your passwords for them to check.
I don't see any reason to give anybody my passwords, no matter what they claim. Imho the healthiest way over the internet is: trust no one. However, it's a good way to check how good is their password manager implemented
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
dragonvslinux
Legendary
Offline
Activity: 1666
Merit: 2204
Crypto Swap Exchange
|
|
October 04, 2019, 12:54:30 PM Last edit: September 10, 2023, 02:54:56 PM by dragonvslinux |
|
They are offering a service to check whether they have leaked your passwords or not, you just have to give them your passwords for them to check.
I don't see any reason to give anybody my passwords, no matter what they claim. Imho the healthiest way over the internet is: trust no one. However, it's a good way to check how good is their password manager implemented Do you mind me asking are you using chome? I'm wondering why google doesn't even recognize I'm using an chromium-based keyring to encrypt passwords Probably something Brave did so Google can't recognize jack shit. It's good to see their password manager works to keep themselves out though, that's useful!
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3668
Merit: 6376
Looking for campaign manager? Contact icopress!
|
|
October 04, 2019, 01:22:08 PM |
|
Do you mind me asking are you using chome?
Yes, I'm using Chrome. Somehow I was too lazy to change to Brave, I still don't like Opera and I still find Firefox unconvincing in making me return to it.
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
MichaelX
Newbie
Offline
Activity: 27
Merit: 27
|
|
October 04, 2019, 01:30:28 PM |
|
I don't use Chrome. I don't use Google except for a personal Gmail account that has no other purpose.
I wouldn't want to save any passwords with Google, what if they are the ones that get hacked?
My personal tip, use a brand new email for every new website you need to create an account with, if they require an email address. You can easily make one even using gmail and any old android phone.
For passwords, well, everyone has a wallet right? My passwords look like bitcoin addresses or private keys. Use a password manager or even some notepad on your desktop.
|
|
|
|
dragonvslinux
Legendary
Offline
Activity: 1666
Merit: 2204
Crypto Swap Exchange
|
|
October 04, 2019, 01:40:12 PM Last edit: October 08, 2019, 10:09:48 AM by dragonvslinux |
|
Do you mind me asking are you using chome?
Yes, I'm using Chrome. Somehow I was too lazy to change to Brave, I still don't like Opera and I still find Firefox unconvincing in making me return to it. It's OK I found my answer: Google accounts integration (" GAIA") is disabled. That'd be why Changing from Chrome to a Chromium-fork is more or less unnoticeable imo. Bare in mind that Chrome has 100+ vulnerabilities per year, Brave hasn't had one yet in 2019. Just saying Correction: Here
|
|
|
|
wwzsocki
Legendary
Offline
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
|
|
October 04, 2019, 04:52:52 PM Last edit: October 05, 2019, 02:26:40 AM by wwzsocki |
|
I don't see any reason to give anybody my passwords, no matter what they claim... I didn't know that such a possibility exists in Google Chrome and when I saw this post started to figure out how to set up a passphrase in google account to encrypt my passwords. It took me a while but finally, I managed to do this and here is the full set up. I think this could be useful for other members who will be interested in protecting their passwords with encryption in the Google Chrome browser.
|
|
|
|
nakamura12
|
|
October 04, 2019, 09:28:04 PM |
|
I also didn't know there's encryption option within Google's password manager.
While it might help you protect your password again hacker, but i doubt your password is safe against Google itself.
I'm also thinking the same way. I never saved my passwords on google at all. It is because google have many problems that's why I don't save my passwords in google. Just like their playstore letting those scammers to add their scam apps in there play store which is not good crypto enthusiast. Even though it's encrypted, I still don't want to save my password.
|
| | | | | | | ███▄▀██▄▄ ░░▄████▄▀████ ▄▄▄ ░░████▄▄▄▄░░█▀▀ ███ ██████▄▄▀█▌ ░▄░░███▀████ ░▐█░░███░██▄▄ ░░▄▀░████▄▄▄▀█ ░█░▄███▀████ ▐█ ▀▄▄███▀▄██▄ ░░▄██▌░░██▀ ░▐█▀████ ▀██ ░░█▌██████ ▀▀██▄ ░░▀███ | | ▄▄██▀▄███ ▄▄▄████▀▄████▄░░ ▀▀█░░▄▄▄▄████░░ ▐█▀▄▄█████████ ████▀███░░▄░ ▄▄██░███░░█▌░ █▀▄▄▄████░▀▄░░ █▌████▀███▄░█░ ▄██▄▀███▄▄▀ ▀██░░▐██▄░░ ██▀████▀█▌░ ▄██▀▀██████▐█░░ ███▀░░ | | | | |
|
|
|
Bountyhonter
|
|
October 04, 2019, 11:00:21 PM |
|
My personal tip, use a brand new email for every new website you need to create an account with
If i have been using new emails for every site i signed up on i would be having hundreds of emails already and that's a very bad idea, i would even be having the issue of trying to remember which email i used for which site.
|
▂▂▂▂▂▂▂▂▂▂▂▂▂▃▅▆█ L E A D █▆▅▃▂▂▂▂▂▂▂▂▂▂▂▂ World's Simplest and Safest Decentralized Cryptocurrency Wallet! ▬▬▬▬▬▬▬ • STORE • SEND • SPEND • SWAP • STAKE • ▬▬▬▬▬▬
|
|
|
GreatArkansas
Legendary
Offline
Activity: 2296
Merit: 1345
Buy/Sell crypto at BestChange
|
|
October 05, 2019, 03:45:31 AM |
|
I am still curious on this website if this is really legit? Well, I tried some of my email addresses to check if I really get pawned or one of my email addresses is included on some website breaches. I want some advice or suggestion, if I entered my addresses and it says it is compromised or pawned, what should I do? Should I abandon that email address or maybe I can only change the password of my email address? Because I am worried that maybe that website is only collecting the email address of every user who entered their email addresses on their website.
|
|
|
|
masulum
Legendary
Offline
Activity: 2226
Merit: 1592
hmph..
|
|
October 05, 2019, 04:03:18 AM |
|
Well, I tried some of my email addresses to check if I really get pawned or one of my email addresses is included on some website breaches. I want some advice or suggestion, if I entered my addresses and it says it is compromised or pawned, what should I do? Should I abandon that email address or maybe I can only change the password of my email address?
Because I am worried that maybe that website is only collecting the email address of every user who entered their email addresses on their website.
Abandon your email may be the best way for you. But, if you think that email very important to you, change your passwords is the only options. About collecting data, based on their privacy page, they are saying not store any email data from users who submitted on check form. When you search for an email address Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never explicitly stored anywhere. But I think it's not guaranteed if something happen behind. DYOR
|
|
|
|
Strongkored
Legendary
Offline
Activity: 2772
Merit: 1112
Leading Crypto Sports Betting & Casino Platform
|
|
October 05, 2019, 04:24:41 AM |
|
My personal tip, use a brand new email for every new website you need to create an account with, if they require an email address. You can easily make one even using gmail and any old android phone.
I can't imagine how many emails you need, especially if you are an active person in online world
I feel I don''t need it all because when our passwords change, we are the first to get notofications via email and if that happens the next step is to immediately change the password. Account an exchange or an email easy to hack then it indicates that we are not enough to secure these accounts with additional security such as authy or anykind of seurity.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
MFahad
|
|
October 05, 2019, 05:09:32 AM |
|
I also didn't know there's encryption option within Google's password manager.
While it might help you protect your password again hacker, but i doubt your password is safe against Google itself.
I'm also thinking the same way. I never saved my passwords on google at all. It is because google have many problems that's why I don't save my passwords in google. Just like their playstore letting those scammers to add their scam apps in there play store which is not good crypto enthusiast. Even though it's encrypted, I still don't want to save my password. You can use KeyPass ( https://keepass.info/), a local application to store all your passwords if you do not trust the online password manager like this google password manager. My personal tip, use a brand new email for every new website you need to create an account with, if they require an email address. You can easily make one even using gmail and any old android phone.
We cannot use separate email for every website we register. First it will be hassle to create hundreds of emails as every email require you to verify it with the phone number and managing them is not an easy task. I personally have 3 email ids and they are enough for me.
|
▄▄████████▄▄ ▄▄████████████████▄▄ ▄██████████████████████▄ ▄█████████████████████████▄ ▄███████████████████████████▄
| ███████████████████▄████▄ █████████████████▄███████ ████████████████▄███████▀ ██████████▄▄███▄██████▀ ████████▄████▄█████▀▀ ██████▄██████████▀ ███▄▄████████████▄ ██▄███████████████ ░▄██████████████▀ ▄█████████████▀ █████████████ ███████████▀ ███████▀▀ | | | .
| | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ▀▀███████▀▀ | . ElonCoin.org | │ | | .
| │ | ████████▄▄███████▄▄ ███████▄████████████▌ ██████▐██▀███████▀▀██ ███████████████████▐█▌ ████▄▄▄▄▄▄▄▄▄▄██▄▄▄▄▄ ███▀░▐███▀▄█▄█▀▀█▄█▄▀ ██████████████▄██████▌ █████▐██▄██████▄████▐ █████████▀░▄▄▄▄▄ ███████▄█▄░▀█▄▄░▀ ███▄██▄▀███▄█████▄▀ ▄██████▄▀███████▀ ████████▄▀████▀█████▄▄ | . "I could either watch it happen or be a part of it" ▬▬▬▬▬ |
|
|
|
Departure
|
|
October 05, 2019, 06:21:45 AM |
|
There is a special telegram bot that is built to check your e-mail and across the Internet for compromise.
I recently checked and saw that my e-mail with the old password was already several times freely accessible
Thank God that there was not a main password.
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1624
Merit: 1899
Amazon Prime Member #7
|
|
October 05, 2019, 07:25:09 AM |
|
Alternatively, you can also use https://haveibeenpwned.com/They even have a notification service whereas you would be notified if one of the websites your certain email is registered on is hacked/compromised, so you can change your password on that website as soon as possible to prevent problems with your account. Haveibeenpwned uses cryptography to guarantee users that they don't collect their submitted plaintext passwords - but we don't know how passwords.google.com works, and if they give us any guarantees, so it's better to avoid it. The last I checked, haveibeenpwned actually will only ask the end user to input the username/email and they will respond with any accounts associated with databases that have been compromised containing that email address or username.
|
|
|
|
Baronets
Member
Offline
Activity: 92
Merit: 15
Baronets is the Jet Cash domain management service
|
|
October 05, 2019, 07:40:12 AM |
|
We cannot use separate email for every website we register. First it will be hassle to create hundreds of emails as every email require you to verify it with the phone number and managing them is not an easy task. I personally have 3 email ids and they are enough for me.
Host your own mail server, and group the email addresses. This has the added benefit of allowing you to see who is selling your addresses.
|
Baronets is a private domain management service owned by Jet Cash.
|
|
|
hatshepsut93
Legendary
Offline
Activity: 2968
Merit: 2145
|
|
October 05, 2019, 02:42:45 PM |
|
The last I checked, haveibeenpwned actually will only ask the end user to input the username/email and they will respond with any accounts associated with databases that have been compromised containing that email address or username.
https://haveibeenpwned.com/PasswordsThis is a separate feature from their email watching service, it also notifies people if their password was leaked, but you only send them a small part (called suffix) at the start of the hash of your password, and they return all the hashes from their database that also start with the same suffix, and then the code on client's side looks if any of the hashes matches the original hash. By the way, haveibeenpwned accepts Bitcoin donations, which is a good example of Bitcoin's adoption and real use.
|
|
|
|
coin-investor
|
|
October 05, 2019, 03:56:24 PM |
|
Ok I go to the link you posted here and this is what it says Welcome to your Password Manager You have not saved any passwords in your Google Account. Add passwords from Chrome or Android to manage and check them for security issues. I'm glad I never saved any password or any of my family that uses my computer, it's a bad idea because we all know they can access all of it in Google chrome settings, try other ways to save your passwords but never use Google password setting at any time and tell your family to do the same
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1624
Merit: 1899
Amazon Prime Member #7
|
|
October 05, 2019, 04:29:08 PM |
|
The last I checked, haveibeenpwned actually will only ask the end user to input the username/email and they will respond with any accounts associated with databases that have been compromised containing that email address or username.
https://haveibeenpwned.com/PasswordsThis is a separate feature from their email watching service, it also notifies people if their password was leaked, but you only send them a small part (called suffix) at the start of the hash of your password, and they return all the hashes from their database that also start with the same suffix, and then the code on client's side looks if any of the hashes matches the original hash. By the way, haveibeenpwned accepts Bitcoin donations, which is a good example of Bitcoin's adoption and real use. You shouldn’t be reusing passwords anyway, so there shouldn’t be any value to use that service. The same is true for even part of your password. If you are using something very close to a random password, having one compromised should not affect your security on any other site and you can search by username to check if a database has been compromised
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 2968
Merit: 2145
|
|
October 05, 2019, 06:25:30 PM |
|
You shouldn’t be reusing passwords anyway, so there shouldn’t be any value to use that service. The same is true for even part of your password.
If you are using something very close to a random password, having one compromised should not affect your security on any other site and you can search by username to check if a database has been compromised
And yet a lot of people do reuse their passwords, so this service can teach them how bad it is to reuse passwords with practical example. It also shows how easily weak passwords can be broken - even if your "password1" was never leaked on the site that you use, the same password could have been leaked on some different platform by different users. Don't discard something because it is useless to you, lots of other people aren't as knowledgeable.
|
|
|
|
mk4
Legendary
Offline
Activity: 2758
Merit: 3830
Paldo.io 🤖
|
|
October 06, 2019, 01:40:12 AM |
|
My personal tip, use a brand new email for every new website you need to create an account with, if they require an email address. You can easily make one even using gmail and any old android phone.
We cannot use separate email for every website we register. First it will be hassle to create hundreds of emails as every email require you to verify it with the phone number and managing them is not an easy task. I personally have 3 email ids and they are enough for me. Privacy-focused email services like Protonmail and Tutanota exists, and if you pay for their service, you can have email aliases, so you wouldn't need to create separate emails for different websites. You just create a new alias then you're good to go. Also, if you're just going to register on a website and you're going to use your account probably once(especially on shitty and shady websites), you can use burner emails through services like guerrillamail.com.
|
|
|
|
|
smyslov
|
|
October 06, 2019, 04:52:35 AM |
|
So far all my passwords are secured using all the tools posted here, all my emails need phone verification to open and every Gmail account holders should do the same, to avoid their account get compromised and always clean your cache, and install a good anti virus if you are involved in Cryptocurrency, security of your account should be high in your priority.
|
|
|
|
prix
|
|
October 06, 2019, 07:08:22 AM |
|
all my emails need phone verification to open and every Gmail account holders should do the same
It's better to use the something like Google Authenticator than a phone for protection due sim swapping. I have already met a number of such cases in crypto and in traditional banks sphere. This is a targeted attack, respectively, if you have significant amounts - you should think about it.
|
|
|
|
mk4
Legendary
Offline
Activity: 2758
Merit: 3830
Paldo.io 🤖
|
|
October 06, 2019, 07:08:37 AM |
|
and install a good anti virus if you are involved in Cryptocurrency, security of your account should be high in your priority.
Or better, learn to use Linux! Then you wouldn't even need to install an antivirus as long as you don't do something utterly careless like executing random commands you've found over the internet. Linux distros like Ubuntu and Linux Mint are honestly decently noob friendly now, compared to how they were 5 years ago.
|
|
|
|
dragonvslinux
Legendary
Offline
Activity: 1666
Merit: 2204
Crypto Swap Exchange
|
|
October 06, 2019, 09:11:23 AM Last edit: October 08, 2019, 10:08:55 AM by dragonvslinux |
|
I hear what you are saying, Brave is a fork of Chromium. True story. The vulnerability example you gave however effected Chrome, not Chromium. Chrome is based on Chromium, not the other way around, believe it or not. Hence Chromium also hasn't had a vulnerability this year either, which is why Brave hasn't, or any forks of Brave for that matter. Why Chrome takes open source software and modifies it to generate on average a vulnerability every other day is anyone's guess, but ultimately unrelated to this topic. It's corporate-owned proprietary software, of course it's vulnerable! You maybe right that this Chrome vulnerability did effect both Chromium and Brave, but without any documented evidence (CVE's), and without being a qualified programmer, I think it's far fetched to claim that this is the case. Please provide (actual) evidence to the contrary and I'd be happy to reconsider my opinion. The brave merge you referenced isn't tagged, labeled or referenced as a vulnerablity in any way, shape or form, as far as I can tell. It just confirms that when chromium updates it's stable branch, then brave follows suit, as you would hope and imagine. Now does it make sense why people use open-source software to stay safe and not proprietary closed-source software? Correction: Here
|
|
|
|
funsponge
|
|
October 06, 2019, 12:21:49 PM |
|
So far all my passwords are secured using all the tools posted here, all my emails need phone verification to open and every Gmail account holders should do the same, to avoid their account get compromised and always clean your cache, and install a good anti virus if you are involved in Cryptocurrency, security of your account should be high in your priority.
You don't need a antivirus if you take precautions while downloading and browsing the internet. Anti virus is just bloatware which can slow down your computer. Linux does not use a antivirus and many people on Windows who are taking caring while downloading software don't need it. Anti virus is only there for people who are not tech savvy.
|
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1624
Merit: 1899
Amazon Prime Member #7
|
|
October 06, 2019, 09:57:04 PM |
|
You shouldn’t be reusing passwords anyway, so there shouldn’t be any value to use that service. The same is true for even part of your password.
If you are using something very close to a random password, having one compromised should not affect your security on any other site and you can search by username to check if a database has been compromised
And yet a lot of people do reuse their passwords, so this service can teach them how bad it is to reuse passwords with practical example. It also shows how easily weak passwords can be broken - even if your "password1" was never leaked on the site that you use, the same password could have been leaked on some different platform by different users. Don't discard something because it is useless to you, lots of other people aren't as knowledgeable. A third party having their password leaked doesn’t affect the security of your password if you happen to use a similar password provided it is semi-random.
|
|
|
|
AverageGlabella
Legendary
Offline
Activity: 1232
Merit: 1080
|
|
October 06, 2019, 10:31:35 PM |
|
Alternatively, you can also use https://haveibeenpwned.com/They even have a notification service whereas you would be notified if one of the websites your certain email is registered on is hacked/compromised, so you can change your password on that website as soon as possible to prevent problems with your account. This is a major security risk too you could alternatively download exposed passwords (which haveibeenpwned does not distribute but they are usually from public leaks) and check it offline because you are still entering a password into a different site other than the ones its used for which is a security breach in itself unless you trust a third party with storing your password to check if its been "pwned". It would be easier for you to just change your password than to check if its been leaked and is recommended to change your password every 2 weeks.
|
|
|
|
mk4
Legendary
Offline
Activity: 2758
Merit: 3830
Paldo.io 🤖
|
|
October 07, 2019, 08:41:40 AM |
|
This is a major security risk too you could alternatively download exposed passwords (which haveibeenpwned does not distribute but they are usually from public leaks) and check it offline because you are still entering a password into a different site other than the ones its used for which is a security breach in itself unless you trust a third party with storing your password to check if its been "pwned". What are you talking about? How is using haveibeenpwned a security risk? You obviously don't enter your password on haveibeenpwned, only your email is required. Or did I misunderstood what you're trying to say here?
|
|
|
|
febriyana
Sr. Member
Offline
Activity: 432
Merit: 250
Febriyana Muhammad
|
|
October 07, 2019, 11:40:34 PM |
|
Checking password with Google is bad idea i think. We like giving away our password to them, who sell our privacy for ads. Also if some hacker can hack our email in the future, they can know what password you used.
|
|
|
|
masulum
Legendary
Offline
Activity: 2226
Merit: 1592
hmph..
|
|
October 08, 2019, 02:27:46 AM |
|
Checking password with Google is bad idea i think. We like giving away our password to them, who sell our privacy for ads. Also if some hacker can hack our email in the future, they can know what password you used.
Exactly, every password was synchronized with google account can be accessed from password manager pages. Very easy for hacker who already successfully hacked our account to open all of our password. For everyone who doesn't know before, you can check your saved password at https://passwords.google.com/ that's why, it will very easy for hackers know all of your passwords in case your email got hacked
|
|
|
|
dragonvslinux
Legendary
Offline
Activity: 1666
Merit: 2204
Crypto Swap Exchange
|
|
October 08, 2019, 10:04:02 AM |
|
Fair enough, I take it back, apologies! I did look at the link you provided, but to be fair it only documented the chrome bug (through the chromium list), there wasn't any documentation or testing there of it also affecting chromium, apart from the assumption based on software knowledge. Note the tests were through ./chrome not ./chromium. But, after thorough research (basically searching for the "CVE" and "chromium") it did confirm it was also a bug in chromium from Debian and Red Hat releases which I trust, even if they didn't specify why. Call me a fool, but the description is very misleading too, there is no mention of the CVE affecting chromium: Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Thanks for the additional links and info, I definitely won'y rely on any of the CVE databses to alert me of chromium/brave bugs in the future!! I do not know by what principle they relate CVE to which vendor. But as you can see above, the bug is declared and fixed in the chromium. So brave had this bug too.
By the way, they paid $ 3,000 for this bug.
My only thought why it isn't listed as a CVE for Chromium/Brave if they only list the CVE from the vendor that publishes it. As this was Chrome, as oppose to Chromium (which didn't even mention it on their blog as far as I could find), then I guess it doesn't additionally get listed as a Chromium/Brave bug. Even though the CVE's lists all the affected versions, so it's very bizarre not actually listing all the affecting products. This also makes it very hard to identify chrome bugs that do/don't affect chromium imo. It's good to know they donated $3,000 for this bug at least.
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1624
Merit: 1899
Amazon Prime Member #7
|
|
October 16, 2019, 04:06:46 AM |
|
This is a major security risk too you could alternatively download exposed passwords (which haveibeenpwned does not distribute but they are usually from public leaks) and check it offline because you are still entering a password into a different site other than the ones its used for which is a security breach in itself unless you trust a third party with storing your password to check if its been "pwned". What are you talking about? How is using haveibeenpwned a security risk? You obviously don't enter your password on haveibeenpwned, only your email is required. Or did I misunderstood what you're trying to say here? He was probably talking about this: https://haveibeenpwned.com/PasswordsThis is a separate feature from their email watching service, it also notifies people if their password was leaked, but you only send them a small part (called suffix) at the start of the hash of your password, and they return all the hashes from their database that also start with the same suffix, and then the code on client's side looks if any of the hashes matches the original hash.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2758
Merit: 7132
|
|
October 16, 2019, 07:34:45 AM |
|
Someone posted a while back that https://haveibeenpwned.com/ could be a good way for whoever created the site to check which emails and accounts are still active and have any importance to their users. If you search for your email on that site that means that it has some importance to you, it does make sense.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
Saint-loup
Legendary
Offline
Activity: 2604
Merit: 2353
|
|
October 16, 2019, 09:45:30 AM Last edit: October 21, 2019, 09:28:28 AM by Saint-loup |
|
Someone posted a while back that https://haveibeenpwned.com/ could be a good way for whoever created the site to check which emails and accounts are still active and have any importance to their users. If you search for your email on that site that means that it has some importance to you, it does make sense. No I don't think it's the goal of haveibeenpwned, personally I've checked mail addresses that I'm not really using anymore. Moreover there is a feature that let you use hashes of your passwords instead of your raw passwords, so it's highly unlikely to be a honey pot.
|
|
|
|
panganib999
|
|
October 18, 2019, 05:13:38 PM |
|
They are offering a service to check whether they have leaked your passwords or not, you just have to give them your passwords for them to check.
I don't see any reason to give anybody my passwords, no matter what they claim. Imho the healthiest way over the internet is: trust no one. However, it's a good way to check how good is their password manager implemented Do you mind me asking are you using chome? I'm wondering why google doesn't even recognize I'm using an chromium-based keyring to encrypt passwords Probably something Brave did so Google can't recognize jack shit. It's good to see their password manager works to keep themselves out though, that's useful! I can't understand what is the essense of having your password checked by an online platform, letting them check if changes are done, if it was hacked or was attempted to be hacked will require to give them access to it, meaning your password which is supposed to be private and only known by you will be given to the chrome which obviously not a good thing to do when talking about privacy. Although google chrome is a trusted and kniwn website, having anyone know your password aside from you is a very risky thing and is highly unrecommended.
|
|
|
|
MichaelX
Newbie
Offline
Activity: 27
Merit: 27
|
|
October 23, 2019, 02:54:05 PM |
|
If you haven't changed your password here in Bitcointalk since around May 2015, you should change it. Make sure it is random and secure and longer than 12 characters.
|
|
|
|
|