[Data Breach] Check if your passwords have been compromised - page 2.

PrimeNumber7

copper member

Activity: 1652

Merit: 1901

Amazon Prime Member #7

Quote from: hatshepsut93 on October 05, 2019, 09:42:45 AM

Quote from: PrimeNumber7 on October 05, 2019, 02:25:09 AM

The last I checked, haveibeenpwned actually will only ask the end user to input the username/email and they will respond with any accounts associated with databases that have been compromised containing that email address or username.

https://haveibeenpwned.com/Passwords

This is a separate feature from their email watching service, it also notifies people if their password was leaked, but you only send them a small part (called suffix) at the start of the hash of your password, and they return all the hashes from their database that also start with the same suffix, and then the code on client's side looks if any of the hashes matches the original hash.

By the way, haveibeenpwned accepts Bitcoin donations, which is a good example of Bitcoin's adoption and real use.

You shouldn’t be reusing passwords anyway, so there shouldn’t be any value to use that service. The same is true for even part of your password.

If you are using something very close to a random password, having one compromised should not affect your security on any other site and you can search by username to check if a database has been compromised

coin-investor

hero member

Activity: 2996

Merit: 598

Leading Crypto Sports Betting & Casino Platform

Ok I go to the link you posted here and this is what it says

Quote

Welcome to your Password Manager
You have not saved any passwords in your Google Account. Add passwords from Chrome or Android to manage and check them for security issues.

I'm glad I never saved any password or any of my family that uses my computer, it's a bad idea because we all know they can access all of it in Google chrome settings, try other ways to save your passwords but never use Google password setting at any time and tell your family to do the same

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: PrimeNumber7 on October 05, 2019, 02:25:09 AM

The last I checked, haveibeenpwned actually will only ask the end user to input the username/email and they will respond with any accounts associated with databases that have been compromised containing that email address or username.

https://haveibeenpwned.com/Passwords

This is a separate feature from their email watching service, it also notifies people if their password was leaked, but you only send them a small part (called suffix) at the start of the hash of your password, and they return all the hashes from their database that also start with the same suffix, and then the code on client's side looks if any of the hashes matches the original hash.

By the way, haveibeenpwned accepts Bitcoin donations, which is a good example of Bitcoin's adoption and real use.

Baronets

member

Activity: 92

Merit: 15

Baronets is the Jet Cash domain management service

Quote from: MFahad on October 05, 2019, 12:09:32 AM

We cannot use separate email for every website we register. First it will be hassle to create hundreds of emails as every email require you to verify it with the phone number and managing them is not an easy task. I personally have 3 email ids and they are enough for me.

Host your own mail server, and group the email addresses. This has the added benefit of allowing you to see who is selling your addresses.

PrimeNumber7

copper member

Activity: 1652

Merit: 1901

Amazon Prime Member #7

Quote from: hatshepsut93 on October 03, 2019, 03:10:57 PM

Quote from: mk4 on October 03, 2019, 11:46:39 AM

Alternatively, you can also use https://haveibeenpwned.com/

They even have a notification service whereas you would be notified if one of the websites your certain email is registered on is hacked/compromised, so you can change your password on that website as soon as possible to prevent problems with your account.

Haveibeenpwned uses cryptography to guarantee users that they don't collect their submitted plaintext passwords - but we don't know how passwords.google.com works, and if they give us any guarantees, so it's better to avoid it.

The last I checked, haveibeenpwned actually will only ask the end user to input the username/email and they will respond with any accounts associated with databases that have been compromised containing that email address or username.

Departure

sr. member

Activity: 1204

Merit: 288

There is a special telegram bot that is built to check your e-mail and across the Internet for compromise.

I recently checked and saw that my e-mail with the old password was already several times freely accessible

Thank God that there was not a main password.

MFahad

hero member

Activity: 2506

Merit: 645

Eloncoin.org - Mars, here we come!

Quote from: nakamura12 on October 04, 2019, 04:28:04 PM

Quote from: ?? on ??

I also didn't know there's encryption option within Google's password manager.

While it might help you protect your password again hacker, but i doubt your password is safe against Google itself.

I'm also thinking the same way. I never saved my passwords on google at all. It is because google have many problems that's why I don't save my passwords in google. Just like their playstore letting those scammers to add their scam apps in there play store which is not good crypto enthusiast. Even though it's encrypted, I still don't want to save my password.

You can use KeyPass (https://keepass.info/), a local application to store all your passwords if you do not trust the online password manager like this google password manager.

Quote from: MichaelX on October 04, 2019, 08:30:28 AM

My personal tip, use a brand new email for every new website you need to create an account with, if they require an email address. You can easily make one even using gmail and any old android phone.

We cannot use separate email for every website we register. First it will be hassle to create hundreds of emails as every email require you to verify it with the phone number and managing them is not an easy task. I personally have 3 email ids and they are enough for me.

Strongkored

legendary

Activity: 2814

Merit: 1112

Leading Crypto Sports Betting & Casino Platform

Quote from: MichaelX on October 04, 2019, 08:30:28 AM

My personal tip, use a brand new email for every new website you need to create an account with, if they require an email address. You can easily make one even using gmail and any old android phone.

I can't imagine how many emails you need, especially if you are an active person in online world

I feel I don''t need it all because when our passwords change, we are the first to get notofications via email and if that happens the next step is to immediately change the password.
Account an exchange or an email easy to hack then it indicates that we are not enough to secure these accounts with additional security such as authy or anykind of seurity.

masulum

legendary

Activity: 2324

Merit: 1604

hmph..

Quote from: GreatArkansas on October 04, 2019, 10:45:31 PM

Well, I tried some of my email addresses to check if I really get pawned or one of my email addresses is included on some website breaches.
I want some advice or suggestion, if I entered my addresses and it says it is compromised or pawned, what should I do?
Should I abandon that email address or maybe I can only change the password of my email address?

Because I am worried that maybe that website is only collecting the email address of every user who entered their email addresses on their website.

Abandon your email may be the best way for you. But, if you think that email very important to you, change your passwords is the only options. About collecting data, based on their privacy page, they are saying not store any email data from users who submitted on check form.

Quote from: https://haveibeenpwned.com/Privacy

When you search for an email address
Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never explicitly stored anywhere.

But I think it's not guaranteed if something happen behind. DYOR

GreatArkansas

legendary

Activity: 2506

Merit: 1394

Quote from: mk4 on October 03, 2019, 11:46:39 AM

Alternatively, you can also use https://haveibeenpwned.com/

I am still curious on this website if this is really legit?
Well, I tried some of my email addresses to check if I really get pawned or one of my email addresses is included on some website breaches.
I want some advice or suggestion, if I entered my addresses and it says it is compromised or pawned, what should I do?
Should I abandon that email address or maybe I can only change the password of my email address?

Because I am worried that maybe that website is only collecting the email address of every user who entered their email addresses on their website.

Bountyhonter

member

Activity: 406

Merit: 10

Quote from: MichaelX on October 04, 2019, 08:30:28 AM

My personal tip, use a brand new email for every new website you need to create an account with

If i have been using new emails for every site i signed up on i would be having hundreds of emails already and that's a very bad idea, i would even be having the issue of trying to remember which email i used for which site.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

Quote from: ?? on ??

I also didn't know there's encryption option within Google's password manager.

While it might help you protect your password again hacker, but i doubt your password is safe against Google itself.

I'm also thinking the same way. I never saved my passwords on google at all. It is because google have many problems that's why I don't save my passwords in google. Just like their playstore letting those scammers to add their scam apps in there play store which is not good crypto enthusiast. Even though it's encrypted, I still don't want to save my password.

wwzsocki

legendary

Activity: 2744

Merit: 1708

First 100% Liquid Stablecoin Backed by Gold

Quote from: NeuroticFish on October 04, 2019, 04:33:16 AM

I don't see any reason to give anybody my passwords, no matter what they claim...

I didn't know that such a possibility exists in Google Chrome and when I saw this post started to figure out how to set up a passphrase in google account to encrypt my passwords.

It took me a while but finally, I managed to do this and here is the full set up.

I think this could be useful for other members who will be interested in protecting their passwords with encryption in the Google Chrome browser.

dragonvslinux

legendary

Activity: 1722

Merit: 2213

Quote from: NeuroticFish on October 04, 2019, 08:22:08 AM

Quote from: dragonvslinux on October 04, 2019, 07:54:30 AM

Do you mind me asking are you using chome?

Yes, I'm using Chrome. Somehow I was too lazy to change to Brave, I still don't like Opera and I still find Firefox unconvincing in making me return to it.

It's OK I found my answer: Google accounts integration ("GAIA") is disabled. That'd be why

Changing from Chrome to a Chromium-fork is more or less unnoticeable imo.
Bare in mind that Chrome has 100+ vulnerabilities per year, Brave hasn't had one yet in 2019. Just saying Grin

Correction: Here

MichaelX

newbie

Activity: 27

Merit: 27

I don't use Chrome.
I don't use Google except for a personal Gmail account that has no other purpose.

I wouldn't want to save any passwords with Google, what if they are the ones that get hacked?

My personal tip, use a brand new email for every new website you need to create an account with, if they require an email address. You can easily make one even using gmail and any old android phone.

For passwords, well, everyone has a wallet right? My passwords look like bitcoin addresses or private keys. Use a password manager or even some notepad on your desktop.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: dragonvslinux on October 04, 2019, 07:54:30 AM

Do you mind me asking are you using chome?

Yes, I'm using Chrome. Somehow I was too lazy to change to Brave, I still don't like Opera and I still find Firefox unconvincing in making me return to it.

dragonvslinux

legendary

Activity: 1722

Merit: 2213

Quote from: NeuroticFish on October 04, 2019, 04:33:16 AM

Quote from: dragonvslinux on October 03, 2019, 03:37:16 PM

They are offering a service to check whether they have leaked your passwords or not, you just have to give them your passwords for them to check.

I don't see any reason to give anybody my passwords, no matter what they claim.
Imho the healthiest way over the internet is: trust no one.
However, it's a good way to check how good is their password manager implemented Grin

Do you mind me asking are you using chome? I'm wondering why google doesn't even recognize I'm using an chromium-based keyring to encrypt passwords Grin

Probably something Brave did so Google can't recognize jack shit. It's good to see their password manager works to keep themselves out though, that's useful!

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: dragonvslinux on October 03, 2019, 03:37:16 PM

They are offering a service to check whether they have leaked your passwords or not, you just have to give them your passwords for them to check.

I don't see any reason to give anybody my passwords, no matter what they claim.
Imho the healthiest way over the internet is: trust no one.
However, it's a good way to check how good is their password manager implemented Grin

dragonvslinux

legendary

Activity: 1722

Merit: 2213

Quote from: hatshepsut93 on October 03, 2019, 03:10:57 PM

This requires you to save your password in your Google account which sounds like a bad idea from both privacy and security standpoints. Google has proven many times that they can't be trusted with personal data, and you also create more surface for attackers who'd want to compromise your accounts - instead of just one device, all of your devices that are connected to Google could be used to steal your passwords.

They are offering a service to check whether they have leaked your passwords or not, you just have to give them your passwords for them to check.
Makes total sense, as long as they don't leak them yet again Tongue

What you want to see at this link is something like this:

hatshepsut93

legendary

Activity: 3024

Merit: 2148

This requires you to save your password in your Google account which sounds like a bad idea from both privacy and security standpoints. Google has proven many times that they can't be trusted with personal data, and you also create more surface for attackers who'd want to compromise your accounts - instead of just one device, all of your devices that are connected to Google could be used to steal your passwords.

Quote from: mk4 on October 03, 2019, 11:46:39 AM

Alternatively, you can also use https://haveibeenpwned.com/

They even have a notification service whereas you would be notified if one of the websites your certain email is registered on is hacked/compromised, so you can change your password on that website as soon as possible to prevent problems with your account.

Haveibeenpwned uses cryptography to guarantee users that they don't collect their submitted plaintext passwords - but we don't know how passwords.google.com works, and if they give us any guarantees, so it's better to avoid it.

Topic: [Data Breach] Check if your passwords have been compromised - page 2. (Read 805 times)