ha_banos Posted June 19 Posted June 19 16 billion username and passwords seem to have been captured and leaked. As I relight my RASS for the umpteenth time I feel like I should be changing all my important passwords instead. Would be a better use of my time... I think we're pretty savvy around here. You can check your email here for an idea of your credentials have been spotted in leaks https://haveibeenpwned.com/ and chances are differ some have. If you use the same credentials for multiple sites/services it's a risk. 2FA is a must these days. But if your main password account has been compromised that's a big headache. The advice is change your passwords. Use big ones and use different ones for EVERYTHING. Fab5 uses an interesting system. No passwords, they send you so one time login code. But lesser services don't. This is big. Don't underestimate. It's a hard ask for a most people. Use a decent password manager. But what if that's compromised? Do use an authenticator app on your phone. Do generate recovery codes. Use a hardware key of available. M&S over here recently compromised. Experian not too long ago. The IT industry is behind the curve. Beware more than ever of phishing attacks. Go look it up. Feels like there's no perfect solution. Do you feel lucky punk? https://www.independent.co.uk/tech/data-breach-apple-facebook-google-password-leaks-b2773462.html As we sit here enjoying a cigar creeps are busy working on stealing your crypto, hacking your accounts, stealing money, ordering goods as a gift from you. If it's not your cards it's your digital ID. 2 2
wjs Posted June 19 Posted June 19 3 of my 4 addresses showed leaks. The main two were 1 & 0, but still
El Presidente Posted June 19 Posted June 19 1 hour ago, ha_banos said: 16 billion username and passwords seem to have been captured and leaked. As I relight my RASS for the umpteenth time I feel like I should be changing all my important passwords instead. Would be a better use of my time... I think we're pretty savvy around here. You can check your email here for an idea of your credentials have been spotted in leaks https://haveibeenpwned.com/ and chances are differ some have. If you use the same credentials for multiple sites/services it's a risk. 2FA is a must these days. But if your main password account has been compromised that's a big headache. The advice is change your passwords. Use big ones and use different ones for EVERYTHING. Fab5 uses an interesting system. No passwords, they send you so one time login code. But lesser services don't. This is big. Don't underestimate. It's a hard ask for a most people. Use a decent password manager. But what if that's compromised? Do use an authenticator app on your phone. Do generate recovery codes. Use a hardware key of available. M&S over here recently compromised. Experian not too long ago. The IT industry is behind the curve. Beware more than ever of phishing attacks. Go look it up. Feels like there's no perfect solution. Do you feel lucky punk? https://www.independent.co.uk/tech/data-breach-apple-facebook-google-password-leaks-b2773462.html As we sit here enjoying a cigar creeps are busy working on stealing your crypto, hacking your accounts, stealing money, ordering goods as a gift from you. If it's not your cards it's your digital ID. What Password Manager to you use? How do you integrate it into your daily work life? How do we best protect while minimising the pain in the arse continuous change process?
ha_banos Posted June 20 Author Posted June 20 On 6/20/2025 at 12:31 AM, El Presidente said: What Password Manager to you use? How do you integrate it into your daily work life? How do we best protect while minimising the pain in the arse continuous change process? Well to be honest. I was using Last pass. That didn't go well. So I'm now trusting Google. I mean they have my phone. I'm in the ecosystem. They report if any of my stored passwords are in the compromised databases... I use the phones password manager and Chrome so all the stored passwords are automatically filled in for any sites it knows about or apps for that matter so it's pretty automated with it's auto fill. But occasionally I do have to bring up the password manager and select copy paste the right values. But small price to pay... Is that any safe bet? Don't trust it. So I have different email addresses and passwords for anything important. And two factor authentication turned on for anything I can. Which means I either have to use an authenticator app on my phone to generate an additional passcode, or a text message or my fingerprint or email to access any services that support multi factor authentication. What does this mean? Well I can use multiple passwords, one different long generated random one which my phone/Google manages and auto fills in. Plus and additional on demand method to log into banking, anything important. Even non critical systems where they support it. My main Google account notifies me of any logins from new browsers or devices. It's about as safe as we can get these days. It's still important, critical to be aware of what apps your installing, what websites you're browsing, what emails and phonecalls you're responding to. In these days of genAI crooks are becoming very sophisticated. I've drilled into my wife to check anything with me. She won't even trust shopping sites any more. That's a bonus! 😁 So basically a password manager and multi factor authentication is key these days. Your phone has become your identity verification. Your email also, so perfect them. Don't give out your details indiscriminately. Be weary. Hell I use a free VPN (proton VPN) when I'm on foreign WiFi. I know this sounds a bit scaremongery but its for awareness as much as anything. I can't suggest a stand alone password manager as I don't use one. I expect people will chime in. Use whatever is well regarded and fits into you level of tolerance of how well it integrates into your daily life. I tend toward open source solutions of it's not good my phone ecosystem. If you use apple I presume they have the same. Change passwords at least once a year or when you hear of a breach. Stay safe out there. Hope this helps someone. Let's see what comes out here. B. 3
jhalischuk Posted June 20 Posted June 20 I've been using Express VPN, you get the VPN and a password manager along with it. You can use it across multiple devices and have everything synced. 2
ha_banos Posted June 21 Author Posted June 21 So these are not all going to be new passwords. I was reading less sensationalist articles taking about this is an aggregation of a lot of stolen credentials databases into one easy to consume, saleable package effectively. I've been watching for Google to report to me new password breaches, but have seen nothing new yet which is a good sign. 1 3
CrazyIvan Posted June 21 Posted June 21 Change your passwords anywhere you go and enable multi-factor authentication where-ever you can.
BrightonCorgi Posted Monday at 02:18 PM Posted Monday at 02:18 PM An easy update to your list of regular passwords is to put a series of special characters on the front and end, so you don't need to think of new passwords, per se.
JavierCorona Posted Monday at 03:07 PM Posted Monday at 03:07 PM Proton offers a really good and secure password manager. Used LastPass for quite a time and then switched over to Proton and like the experience so far. Agree with others posts, 2FA a must now days with all data breaches and hacks in the world.
BrightonCorgi Posted Monday at 05:12 PM Posted Monday at 05:12 PM 2 hours ago, JavierCorona said: Proton offers a really good and secure password manager. Used LastPass for quite a time and then switched over to Proton and like the experience so far. Agree with others posts, 2FA a must now days with all data breaches and hacks in the world. Also a Proton for business user. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now