Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Too many passwords

13»

Comments

  • Registered Users, Registered Users 2 Posts: 4,094 ✭✭✭TaurenDruid


    "Please... please... delete my browser history!" 🤣



  • Registered Users, Registered Users 2 Posts: 3,612 ✭✭✭HBC08


    But what does that mean? The only details of my account that were apparently leaked on just one occasion is the email address itself,not the password.

    I just don't see how anything has been compromised by people seeing what my email address is.Now if they had my password or access to my account obviously that would be a different story.



  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    There has been a data breach. When this happens, data is sold on illegally. Sometimes the companies who were breeched publish what was exposed and sometimes security researcher and the like come across the stolen data and publish it.

    haveibeenpwned.com is telling you that *as far as they know* your email was leaked for one particular service. That doesn't mean the passwords weren't also leaked, its just that they don't know.

    Regardless a website or service that you use was hacked and your information is available. It might be email and some basic personal info, might be passwords, who knows. Howe much of a risk yo you this is, only you can know based on how often you share these credentials and what the actual website was.



  • Registered Users, Registered Users 2 Posts: 3,612 ✭✭✭HBC08


    I appreciate the reply but I'm just not following.

    On one hand you're saying there's a data breach on my email address because haveibeenpwned have said so.Then you say there may have been a (much more serious breach) with regards to my password,even though they say there hasn't been according to them.

    If somebody sold on my email address then I'm not bothered in the slightest,it's not much good to anyone without the password surely.I don't get a lot of spam so where's the issue?



  • Registered Users, Registered Users 2 Posts: 4,094 ✭✭✭TaurenDruid


    even though they say there hasn't been according to them.

    They don't say that.

    They say your email address has been compromised, i.e., there was a data breach and as part of that breach, some of your details, including but not necessarily limited to your email address, are "out there." It could just be your email address. It could be that, and account details from the compromised site - what you were looking at, who you'd swiped right on, what you'd bought - depending on the nature of the site. It could include your password, either hashed or in plain text. They didn't say any of the latter, because they don't know. All they've seen "in the wild" is your email address.



  • Registered Users, Registered Users 2 Posts: 29,779 ✭✭✭✭AndrewJRenko


    They don't say 'there hasn't been a breach of your password'. They say 'they don't have any record of a breach of your password'.

    The people who will breach your password don't line up at HIBP every day with lists of the passwords they've breached. Some password breaches come into the public domain, through security researchers. Some don't.

    The fact that your password isn't showing as breached should not give you reassurance that it hasn't been breached. It just means there is no record that has come into the public domain that your password has been breached.



  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    Yeah as others say, the problem is there are two separate system. Password checking and email/phone checking.

    Think of them as both being separate, and crucially, incomplete.


    They might know an email is out there, but don't know what went with it.

    If they say they have no record of password leaked, then that's all. They have no record.



  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    The upshot of any of this this: security is hard. It's hard to implement and it's hard to understand.

    Most people just want to "get s*it done" and that's perfectly understandable.

    But that's why the advice is always to use a password manager.

    Any other system you can come up truth is probably going to dangerous for reasons you don't know because all of this is hard. Good password managers generally make this easy (browser plugins, phone apps etc). They should be set up and used with 2fa.



  • Registered Users Posts: 36 Pissarro


    I use the following for all except gmail and financial institutions- those are written down and memorises

    *Think of a short expression or song title e.g. Happy Days

    *add the last three letters before the .com or .ie

    *add a date or time e.g. 1916 or @7.10

    So boards.ie will be: HappyDaysrds1916 or HappyDaysrds@7.10 You'll only ever have to change the three letters.

    The very rare site will not accept the @ or the . in a password. I had to come up with a system because I visit so many competition sites but I don't have to worry about hacking - e.g. that someone will access what I told Denny was my favourite sambo!!



  • Registered Users, Registered Users 2 Posts: 8,184 ✭✭✭riclad


    I use a simple password for basic websites eg userNo14celt not my real password, if some hacker wants to see what podcasts I like to listen I don't care, for Gmail etc I use complex passwords , if it's too much get a password manager, I don't use social media or any banking finance apps. I don't care if someone knows my password or newser usanews I random website last time I checked I get maybe a few spam emails a month which I don't read

    The problem is some people use 1 password on YouTube Gmail Facebook insta etc which leaves them wide open to hackers if someone can read all your banking emails or work emails they could use it to carry out I'd theft i got a email from Google last week change your password on adverts ie it may have been compromised

    For banking work apps you should have 2 factor authentafication on

    eg if someone trys to login in from a random pc device on a finance work app it ll send a pin code one time use to your phone by txt this pin code changes everyday randomly eg is this you login in using code sent to your phone



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 141 ✭✭DeconSheridan


    I came to like Enpass password manager it has a lot of features cross OS (Wins,OSX,Linux) and mobile compatible and most important for me was cloud (Google, Onedrive) connectivity to link all your devices.



  • Registered Users, Registered Users 2 Posts: 2,308 ✭✭✭Irish Stones


    I compared all the password managers thay you and other users have suggested me so far, and they all look rather good.

    The only thing that keeps me from signing up with them is what would happen if the service I chose discontinues its service? Would I be locked out from all my accounts because the safe and long passwords generated are all unknown to me?



  • Registered Users, Registered Users 2 Posts: 29,779 ✭✭✭✭AndrewJRenko


    Almost certainly, you'd have some time to export to your passwords and switch to another service.

    In a worst case scenario where it closes with no notice, you'd go through the password change facility for each account, which would be a bit of a pain, but you'd get there. Just make sure you know your email address anyway.



  • Registered Users, Registered Users 2 Posts: 4,094 ✭✭✭TaurenDruid



    As Andrew says, you'd have notice. When any sort of online service is announced as being discontinued (like eircom.net's free email or Yahoo's Groups disappearing) you get literally months of notice - and they were free services. So for a paid service, you'd get even longer. And passwords manager services aren't going anywhere - quite the opposite, they're getting more popular/needed, and generating more revenue for their shareholders. Again, agreeing with Andrew, the only other password I actually remember is my main email account's password, 'cos that's the key for one for password recovery for everything else.



  • Registered Users, Registered Users 2 Posts: 141 ✭✭DeconSheridan


    Enpass will backup / store your vault database locally to your pc as well so you always have access to your password manager and accounts. The purpose of linking to a cloud storage is to sync your devices with enpass installed and cloud synced so you don't have to manually update other devices when adding a new item to the manager.

    If the cloud is unavailable the app still works as the app itself is not in or delivered from the cloud. If a machine or hard drive crashes you never lose your vault database as its accessible through the cloud or from on another device and when you repair your crashed one you just install enpass tell it where to connect to your google or icloud and all is back again in seconds.

    A strong cloud storage acc password and 2FA turn on is recommended if using these features.



Advertisement