No. Most were different passwords. They didn’t tell me the password, just that passwords used on that site had been compromised.
Password breach message. Anyone else on here had one?
- Thread starter Mottie
- Start date
Sponsored Links
This is the iPhone message, I believe:
FWIW, this is what I think it means in practice.
Say you use the password Password1 for diynot, and somebody else uses Password1 for screwfix.
Then screwfix gets hacked, and Password1 appears on a list of compromised passwords. As a result, you get a warning that your password has appeared in a data leak. But it doesn't necessarily mean that diynot has been hacked. Does anyone have a view?
FWIW, this is what I think it means in practice.
Say you use the password Password1 for diynot, and somebody else uses Password1 for screwfix.
Then screwfix gets hacked, and Password1 appears on a list of compromised passwords. As a result, you get a warning that your password has appeared in a data leak. But it doesn't necessarily mean that diynot has been hacked. Does anyone have a view?
Yes, I think that might be the one but I can’t find it any more.
- Joined
- 7 Sep 2022
- Messages
- 3,023
- Reaction score
- 797
- Country
Jonathan is correct
What it means is your phone knows that you use a password that is known to have been revealed to the Internet through some data breach.
It does not mean one of your accounts was involved, just that you have picked a password for some site that is already a known word to the hacker community
If you only ever used decent passwords like "ABDaIRkemIeSTRoboSpULEsquATiBlEV" and every site you use has a different password, and your phone told you that one had been involved in a breach then you'd be well advised not only to change it sharpish but carefully examine how they might have got it (virus on your PC? Compromise of their system and they don't store passwords salted and hashed)
If your phone is telling you you used "bbc123" for your player account and that was involved in a breach it's something you should change if you really care about the account it's on - eg if it's also your banking password, but it would be reasonable to assume that it wasn't necessarily your account or devices that were compromised
Consider using a password manager that generates good passwords and have just one decent master password for getting into - I like to use a line of lyrics from a song - length is more important than character variation
What it means is your phone knows that you use a password that is known to have been revealed to the Internet through some data breach.
It does not mean one of your accounts was involved, just that you have picked a password for some site that is already a known word to the hacker community
If you only ever used decent passwords like "ABDaIRkemIeSTRoboSpULEsquATiBlEV" and every site you use has a different password, and your phone told you that one had been involved in a breach then you'd be well advised not only to change it sharpish but carefully examine how they might have got it (virus on your PC? Compromise of their system and they don't store passwords salted and hashed)
If your phone is telling you you used "bbc123" for your player account and that was involved in a breach it's something you should change if you really care about the account it's on - eg if it's also your banking password, but it would be reasonable to assume that it wasn't necessarily your account or devices that were compromised
Consider using a password manager that generates good passwords and have just one decent master password for getting into - I like to use a line of lyrics from a song - length is more important than character variation
Sponsored Links
- Joined
- 22 Jan 2007
- Messages
- 16,581
- Reaction score
- 2,337
- Country
You can also check your email address on https://haveibeenpwned.com/.
- Joined
- 7 Sep 2022
- Messages
- 3,023
- Reaction score
- 797
- Country
Depends on the manager. A web based one like LastPass will have an app or browser extension; you sign into the app/extension then on sites you visit where it knows the password it offers to fill it in for you. You typically use the password manager to generate you new passwords when you sign up to things so every site has a different, secure password.
Other, more manual variations exist where you sign into the manager then use copy paste to put passwords etc in. Some managers, particularly on desktop PCs will type passwords as a way of getting them across so they work with anything (they literally raise the same set of internal events as you do when you press keys on the keyboard so the computer thinks it's you typing, so they'll type out the username one key at a time like a human would, "press" tab to move to the password field, type out the password, "press" return etc
Some password managers can be taught how to generate 2FA codes too so they become a one stop shop for your login requirements though that does bring with it some element of risk that it's no longer "2 factors" in 2FA
Naturally the access details to log into the password manager are critical to keep secure, so make the password for that a good one, use 2FA on it and ensure that you keep the recovery details secure. Also perhaps a good idea to tell a next of kin how to get into it
