Data Breach?

[thepureness]

I've been notified by my email provider that there was a data breach that effected one of my accounts and my password potentially leaked. 

When I visited my account manually (I do not click links on emails) it indicated that the data breach was on Britmodeller and it was my Britmodeller account that was potentially compromised. Do the admins know anything about this? 

[Greg B]

Nope, no indication in your account details of multiple attempts or weird IP addresses. Only potential I can see is the use of an android device, with the flubot going around thats a bit of a concern. But nothing flagging here.

 

Flagging your email on a check system shows its been breached - check here https://whatismyipaddress.com/breach-check

 

[thepureness]

Greg, did you just check my email address on Avast? 

I just got an email from them 

[alt-92]

I'm personally a big fan of https://haveibeenpwned.com/   - that service is also used by many providers by the way. 
 

[Duncan B]

Norton also provide a similar service as part of their 360 package.

 

Duncan B

[nheather]

Is this a report from a reputable source that the password you use for site XYZ is on a password leak list - I have seen this a few times.

 

It doesn’t necessarily mean that site XYZ has been hacked or is the source of the leak - this can happen because you use the same password for multiple sites and it was site ABC that was the cause of the leak.

 

Good sense is to use a different password for every site - sound sense but difficult to remember - I see relatives resort to a book of passwords that they keep by the side of their computer - doh!

 

I was guilty of using the same password and I should know better given the business that I work in.  I have now mostly swapped over to unique passwords that I can remember but I still have some of the old common passwords around and occasionally I get warnings.

 

Another method is to use digital keychains, but I find those are not so flexible if you switch between many devices (home PC, phone, ipad, work PC, etc.).

 

So I use an algorithm - this isn’t the one I use but to give you an idea - password is made up of

 

Some rememberable but unrelated words like Custard, Llama, Bread, Diver, Chair - you get the idea, put some capitalisation in

Some characters like @, #, £, &, +, avoid % and $ as they are used in database wildcarding so some developers won’t let you use in passwords because they can be used in script injection attacks

Some numbers

A few characters to identify the specific site, these are the only characters that make your password different to those of other sites, so for britmodeller you might choose BM or BRIT

 

String them together in the same order for each password and you get something like

 

BM#Frog283Custard@

 

You end up with a very strong password that is near impossible to hack, that is unique for each website and easy to remember.

 

Cheers,

 

Nigel

[alt-92]

.....or just use the password manager in your browser (or separate password manager app) and let that handle generating passwords. 

 

[spruecutter96]

Passwords are a curse. Necessary, yes, but still a curse. 

 

Chris. 

[Duncan B]

I used to be really bad for using the same or very similar passwords because I was lazy and stupid. I now use unique passwords for each and every log in I have (and change them every 6 months), it requires a tool to track them all but I feel much more secure now. The only time one of my passwords has turned up on a search of stolen data was actually an early attempt at a unique password but was not random enough, name of a ship plus a single digit, the data breach occurred on LinkedIn.

Passwords, a PITA but a necessary evil.

 

Duncan B

[nheather]

11 hours ago, alt-92 said:

.....or just use the password manager in your browser (or separate password manager app) and let that handle generating passwords. 

 

I mentioned those as an option.  The problem is if you use multiple browsers and multiple devices.

 

Cheers,

 

Nigel