• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

More passwords posted from the security breaches. Up now to 9.9 Billion PWs

esquared

esquared

Forum Director & Omnipotent Overlord
Forum Director
So yeah, there's a security forum I could have posted this in but it would only reach a small percentage of people.

There was another breach that was added to the MOAB of 8.4 Billion PWs. Adding another 1.5 Billion to the total. That's now at 9.9 Billion PWS.

Just reminding people if you're bothered by all this, it's probably time to change PWs.
Just a friendly PSA from the mods.



There's a link to check PWs in this article.
 
This shows how it's important to use different passwords for everything as well.

But yeah probably due to go around and change passwords for at least all the important stuff to be safe.
 
My 15 character(letters, numbers and symbols) password is randomly generated, what's the chances of it being in that list?
Some sites send a 5-6 code to my phone to verify its actually me. 😉
 
At some point there will be so many compromised passwords out there that it will be simpler and faster to just brute force attack stuff.
 
Pretty much all my passwords now are randomly generated strings that look like this:

#N)sh1bCu>L~r)im&AUFAiF0g3TPyov4O~05G60yM3>7e06

Sometimes I run into the odd site that don't like some of the special characters though. So dumb to have restrictions like that, everything is suppose to be hashed anyway so even if it's going into some weird archaic database system it shouldn't matter.

Then there's my credit card, they changed their site and the new login form doesn't allow to paste passwords. So dumb. I went with something a bit easier to type and have the browser remember it now, so it's not exactly the most secure thing, but if someone hacks my credit card account and wants to pay my bill they're more than welcome to. 😛
 
Red Squirrel said:
Then there's my credit card, they changed their site and the new login form doesn't allow to paste passwords. So dumb. I went with something a bit easier to type and have the browser remember it now, so it's not exactly the most secure thing, but if someone hacks my credit card account and wants to pay my bill they're more than welcome to. 😛
Click to expand...
You don't have to paste in passwords.
KeepPass has an auto type feature that gets around that easily. I'm sure other managers do as well.

I use as complicated a password as the site will allow. Except forums.
 
So they have a huge list of passwords, the article doesn't mention if they also got usernames. Kinda need both.
 
WilliamM2 said:
So they have a huge list of passwords, the article doesn't mention if they also got usernames. Kinda need both.
Click to expand...
That was implied I think. If you stole a password, I'm sure it was sitting there with the username, and organized by site by the thieves.
 
WilliamM2 said:
You don't have to paste in passwords.
KeepPass has an auto type feature that gets around that easily. I'm sure other managers do as well.

I use as complicated a password as the site will allow. Except forums.
Click to expand...

I wrote my own web based password manager since I wanted it to be hosted on a server I control and not rely on any specific device, browser, or computer, and be part of the backup routine. By nature it does mean I need to copy/paste though.
 
SKORPI0 said:
My 15 character(letters, numbers and symbols) password is randomly generated, what's the chances of it being in that list?
Some sites send a 5-6 code to my phone to verify its actually me. 😉
Click to expand...

Doesn't matter if the password database gets cracked. And in many instances it doesn't even need that (there's still "hacks" where they find passwords stored in unencrypted text files). All that nonsense did is stop brute force attacks, which aren't even the main way passwords are being pilfered now, so all that headache for nothing since people can't remember their passwords so they have to rely on multiple other means.

Also, with many modern systems forcing 2 factor authentication, they can't access your account just because they have the login info. But, other attacks, like SIM swapping is becoming more prevalent and there's not a damn thing you can do about that since it happens outside your control.

Also, this is shit that AI is going to far outstrip our abilities to defend against, and none of the AI occultist dumbfucks even considered that for a second. The host of one of the podcasts I listen to (Behind the Bastards) asked Google and OpenAI people at a tech symposium after they tried claiming that their AI stuff was gonna protect us from all these attacks. They didn't like when asked how many of the attacks are because of their AI in the first place, nor could they even answer it. Its all fucking bullshit. And they'll use AI to do social attacks (aka, they'll mimic your voice when calling in to get access or the like).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top