Skip to content
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Gizmodo)   "Collection #1" considered world's largest public data breach exposing 773 million e-mails, 21 million passwords. Article lets you check if you're part of this historic event   (gizmodo.com) divider line
    More: Scary, Authentication, Password, unique passwords, Computer security, largest public data breach, User, unique emails, Security token  
•       •       •

13178 clicks; posted to Main » on 17 Jan 2019 at 2:05 PM (22 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



200 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest


Oldest | « | 1 | 2 | 3 | 4 | » | Newest | Show all

 
2019-01-17 01:43:24 PM  
So, serious question - do any technical farkers have knowledge of password storage services? Any recommendations?

I've been wary of them because it seems to be a single point of failure, security wise (they get hacked and bad guys have *all* your logins/PWs)

Thx.
 
2019-01-17 01:51:30 PM  

GRCooper: So, serious question - do any technical farkers have knowledge of password storage services? Any recommendations?

I've been wary of them because it seems to be a single point of failure, security wise (they get hacked and bad guys have *all* your logins/PWs)

Thx.


There are some external options. Those are devices that look more like a cross between a blackberry and a calculator. The device itself is locked with one password. All you have to do is stash it away properly. Best option in my opinion: Can't get hacked if not connected to anything.
 
2019-01-17 01:58:30 PM  
img.fark.netView Full Size


Sonofabiatch!
 
2019-01-17 01:58:45 PM  
Breaches you were pwned in: 

A "breach" is an incident where data has been unintentionally exposed to the public. Using the 1Password password manager helps you ensure all your passwords are strong and unique such that a breach of one service doesn't put your other services at risk.
haveibeenpwned.comView Full Size

Gawker: In December 2010, Gawker was attacked by the hacker collective "Gnosis" in retaliation for what was reported to be a feud between Gawker and 4Chan. Information about Gawkers 1.3M users was published along with the data from Gawker's other web presences including Gizmodo and Lifehacker. Due to the prevalence of password reuse, many victims of the breach then had their Twitter accounts compromised to send Acai berry spam.
Compromised data: Email addresses, Passwords, Usernames


How's that for some farking irony gizmodo
 
2019-01-17 01:59:34 PM  
The site wants me to just...put in my passwords to see if they've been viewed? That doesn't seem like it would be accurate, or even remotely safe for me to do.

How about a list of the compromised emails that I can just CTRL-F, so I don't have to enter any form data on a shady-looking website?
 
2019-01-17 02:04:34 PM  

NeedlesslyCanadian: The site wants me to just...put in my passwords to see if they've been viewed? That doesn't seem like it would be accurate, or even remotely safe for me to do.

How about a list of the compromised emails that I can just CTRL-F, so I don't have to enter any form data on a shady-looking website?



Found a better option, on the guy's site but not given as the recommendation by Gizmodo. Right on the guy's front page:
https://haveibeenpwned.com/
 
2019-01-17 02:05:53 PM  

NeedlesslyCanadian: The site wants me to just...put in my passwords to see if they've been viewed? That doesn't seem like it would be accurate, or even remotely safe for me to do.

How about a list of the compromised emails that I can just CTRL-F, so I don't have to enter any form data on a shady-looking website?


If you dig you can download the whole list. I feel the same way and am unwilling to enter my passwords into a form online.
The file is something like 11Gigs, so this might take a few minutes.
 
2019-01-17 02:07:31 PM  
What's the point anymore? Passwords are hacked, data is stolen and sold....this happens all the time. I use two-factor where possible but at some point everyone will have their info compromised.
 
2019-01-17 02:08:36 PM  
OK, so I entered my e-mail and the password I used for Fark and it says I was never hacked.  sdgkhsdlghlcnnzl

DONALD TRUMP IS THE BEST PRECEDENT EVER


Well..... shoot
 
2019-01-17 02:09:01 PM  
A reminder to turn on 2 factor authentication for your email, at the very least.

And change your password to something better.  I could easily remember my old email password that was simply the first letters taken from a weird sentence thanks to this comic:

imgs.xkcd.comView Full Size
 
2019-01-17 02:10:05 PM  
Hooray, more sextoration emails.
 
2019-01-17 02:10:11 PM  
It's like I say to my fellow young people: if you have to ask whether or not you've been pwned, then you've definitely been pwned.

/How about that new radio track that all us young people have been listening to?
 
2019-01-17 02:11:09 PM  

weddingsinger: A reminder to turn on 2 factor authentication for your email, at the very least.

And change your password to something better.  I could easily remember my old email password that was simply the first letters taken from a weird sentence thanks to this comic:

[imgs.xkcd.com image 740x601]


To clarify, I took the similar recommendation of 1st letter sentence password, so you invent a key phrase:

Its not news, its Fark!

And your password is:
InniF!

Now this example is bad because we need it longer and a number in there, but you get the idea... still capitalize the first word and still use punctuation to follow the other 2 common rules in passwords.
 
2019-01-17 02:11:28 PM  

Contrabulous Flabtraption: What's the point anymore? Passwords are hacked, data is stolen and sold....this happens all the time. I use two-factor where possible but at some point everyone will have their info compromised.


Always use 2 factor authentication and then it doesn't matter too terribly much if they have the password.  You can't be totally secure anymore (if you ever could) so why lose any sleep over it. Hell for most passwords who the hell cares if someone gets access to my log in information for a spam email account or a forum I rarely use.
 
2019-01-17 02:12:09 PM  
I use "password" as my password.   That way, if I forget what it is.... the computer says "remember password".  And I'm all like thank you computer!
 
2019-01-17 02:12:43 PM  
As long as websites still change your password to a string of asterisks when you type it out we should be fine.

******

See? Still works!
 
2019-01-17 02:12:51 PM  
Woohoo, still in the clear.
 
2019-01-17 02:13:05 PM  

weddingsinger: A reminder to turn on 2 factor authentication for your email, at the very least.

And change your password to something better.  I could easily remember my old email password that was simply the first letters taken from a weird sentence thanks to this comic:

[imgs.xkcd.com image 740x601]


Awesome! Thanks for the new password!
 
2019-01-17 02:13:24 PM  
LOL.... "give us your password to see if it has been compromised"

Not at all janky!! Seems very legit
 
2019-01-17 02:13:46 PM  

NeedlesslyCanadian: The site wants me to just...put in my passwords to see if they've been viewed? That doesn't seem like it would be accurate, or even remotely safe for me to do.

How about a list of the compromised emails that I can just CTRL-F, so I don't have to enter any form data on a shady-looking website?


yeah. I agree. Feels more like phishing

Not a super tech guy, but typing your password in that box reveals it, and submitting it would at least reveal your IP address.

That seems enough info to start with to get to my bank accounts.

Can someone who actually knows about this weigh in?  It almost seems too simple unless there is a great deal I do not know (voice over: "yes, a great deal")
 
2019-01-17 02:14:06 PM  
Is that a useful site, or an ad for 1Password? I can't decide.
 
2019-01-17 02:14:33 PM  
I can't even be breached when I'm expecting it.  Am I not pretty enough to breach?  Not rich enough?  I bet you breached Becky!
 
2019-01-17 02:15:12 PM  

Jelly Bean Raider: LOL.... "give us your password to see if it has been compromised"

Not at all janky!! Seems very legit


if you're too scared just type it into fark and I'll check for you
 
2019-01-17 02:15:38 PM  

tommyl66: As long as websites still change your password to a string of asterisks when you type it out we should be fine.

******

See? Still works!


And I oh so appreciate how Fark will put the asterisks if social security numbers are written out.

***-**-****

Such a great security feature to avoid someone making a mistake.
 
2019-01-17 02:15:58 PM  
Seems they only have a throwaway password I used on porn sites, and they probably immediately regretted having it.
 
2019-01-17 02:17:14 PM  

GRCooper: So, serious question - do any technical farkers have knowledge of password storage services? Any recommendations?

I've been wary of them because it seems to be a single point of failure, security wise (they get hacked and bad guys have *all* your logins/PWs)

Thx.


In a word? Don't. It's more secure to write the password down and magnet it to your fridge.

/ Also, never ever use the services of a website that purports to check the "dark web" for haxored stuff
 
2019-01-17 02:17:16 PM  
im2.ezgif.comView Full Size
 
2019-01-17 02:17:30 PM  
I use a password manager and two-factor for anyone who'll let me. I never use the same password twice and change the important ones fairly often. The whole "change all your passwords regularly" thing, though, that's just not going to happen. If someone manages to guess my Fark password, well, they obviously need this free account more than I do.
 
2019-01-17 02:17:38 PM  
'password'

Oh no - pwned!
This password has been seen 3,645,804 times before
 
2019-01-17 02:18:03 PM  
img.fark.netView Full Size
 
2019-01-17 02:18:22 PM  

Donald_McRonald: Jelly Bean Raider: LOL.... "give us your password to see if it has been compromised"

Not at all janky!! Seems very legit

if you're too scared just type it into fark and I'll check for you


You seem very trustworthy... Since you're on Fark.

"That's amazing! I've got the same combination on my luggage!"
 
2019-01-17 02:18:38 PM  

devine: NeedlesslyCanadian: The site wants me to just...put in my passwords to see if they've been viewed? That doesn't seem like it would be accurate, or even remotely safe for me to do.

How about a list of the compromised emails that I can just CTRL-F, so I don't have to enter any form data on a shady-looking website?

If you dig you can download the whole list. I feel the same way and am unwilling to enter my passwords into a form online.
The file is something like 11Gigs, so this might take a few minutes.


Just a head up to the people trying to download the file, it is over 20Gigs uncompressed. Your going to need more than notepad to open and search it.
 
2019-01-17 02:18:40 PM  
How does that "Have I Been Pwned" site work? Do they just make stuff up?
Most of the sites I've never heard of or had an account for.

/also, stop saying "Pwned". It makes you sound stupid.
 
2019-01-17 02:19:10 PM  

Eddie Adams from Torrance: [img.fark.net image 850x478]

Sonofabiatch!


img.fark.netView Full Size
 
2019-01-17 02:19:18 PM  

Jelly Bean Raider: LOL.... "give us your password to see if it has been compromised"

Not at all janky!! Seems very legit


You think that they're going to enter it in to every site that needs a password in the hope that you're a member, even without knowing what your log in ID is?
 
2019-01-17 02:20:04 PM  
This reminds of that experian-lifelock scam where they will find out if your info is on the dark web. Of course it is, experian was breached hard and all your info is out there. All they have to do is look at there list of people who had experian credit history, which is pretty much everyone.
 
2019-01-17 02:20:49 PM  

GRCooper: So, serious question - do any technical farkers have knowledge of password storage services? Any recommendations?

I've been wary of them because it seems to be a single point of failure, security wise (they get hacked and bad guys have *all* your logins/PWs)

Thx.


My work uses the enterprise version of Keeper. I've been thinking of getting the family version for the rest of my family. But, Keeper has had it's share of troubles:
Password manager maker Keeper hit by another security snafu

One thing to keep in mind: Keeper (like 1Password which is pushed on the haveibeenpwnd website) is cloud-based and not stored locally. That's good for access anywhere but a number of people would rather have local only storage to reduce hackability.
 
2019-01-17 02:21:24 PM  

ParallelUniverseParking: GRCooper: So, serious question - do any technical farkers have knowledge of password storage services? Any recommendations?

I've been wary of them because it seems to be a single point of failure, security wise (they get hacked and bad guys have *all* your logins/PWs)

Thx.

There are some external options. Those are devices that look more like a cross between a blackberry and a calculator. The device itself is locked with one password. All you have to do is stash it away properly. Best option in my opinion: Can't get hacked if not connected to anything.



So it's air-gapped?
 
2019-01-17 02:21:40 PM  

HotWingConspiracy: Jelly Bean Raider: LOL.... "give us your password to see if it has been compromised"

Not at all janky!! Seems very legit

You think that they're going to enter it in to every site that needs a password in the hope that you're a member, even without knowing what your log in ID is?


I am sooo sooo sorry for making a joke. I was not aware you where here.
lol

"I'm sorry baby!"

"why"

"I'm sorry that bug your ass had to die!"
 
2019-01-17 02:21:54 PM  
I checked a few of mine but I feel relatively safe because I'm using a co-worker's computer, at work.

While not impregnable, it would be a lot of effort to connect that to me.

none of mine were compromised.
 
2019-01-17 02:22:05 PM  

abhorrent1: How does that "Have I Been Pwned" site work? Do they just make stuff up?
Most of the sites I've never heard of or had an account for.

/also, stop saying "Pwned". It makes you sound stupid.


It makes you sound Pwned.
 
2019-01-17 02:22:29 PM  
Makes perfect sense. If you enter your password, the site has seen your password, so you should change it. Might as well skip a step, not bother with the site, and just change your password.
 
2019-01-17 02:22:49 PM  
But... what if haveibeenpwned.com keeps a list of all the e-mails and passwords people search for on the site?
 
2019-01-17 02:23:08 PM  
i.pinimg.comView Full Size
 
2019-01-17 02:23:25 PM  

GRCooper: So, serious question - do any technical farkers have knowledge of password storage services? Any recommendations?

I've been wary of them because it seems to be a single point of failure, security wise (they get hacked and bad guys have *all* your logins/PWs)

Thx.


Use one. LastPass is a good one.
 
2019-01-17 02:24:34 PM  
Thankfully my info was breached by government incompetence (OPM breech) so at least I have free identity theft protection and insurance for at least 10 years and probably more.  Bad news is China, Russia, or who knows how many foreign governments have my vital history and information from 20 years ago.
 
2019-01-17 02:25:12 PM  

GRCooper: So, serious question - do any technical farkers have knowledge of password storage services? Any recommendations?

I've been wary of them because it seems to be a single point of failure, security wise (they get hacked and bad guys have *all* your logins/PWs)

Thx.


Also, if they get hacked, the bad guys do not have all yoru logins/pwds. Password management services only have an encrypted version of your credentials, and with a sufficiently strong password to encrypt your password collection, for all intents and purposes even physical access to their datastore doesn't compromise your passwords.
 
2019-01-17 02:25:22 PM  

Jelly Bean Raider: HotWingConspiracy: Jelly Bean Raider: LOL.... "give us your password to see if it has been compromised"

Not at all janky!! Seems very legit

You think that they're going to enter it in to every site that needs a password in the hope that you're a member, even without knowing what your log in ID is?

I am sooo sooo sorry for making a joke. I was not aware you where here.
lol

"I'm sorry baby!"

"why"

"I'm sorry that bug your ass had to die!"


Oh where I'm from jokes are funny. I'm sure you can see how these things happen.
 
2019-01-17 02:25:46 PM  

cowgirl toffee: I use "password" as my password.   That way, if I forget what it is.... the computer says "remember password".  And I'm all like thank you computer!


That's funny, I use "incorrect". That way if I get it wrong it says "password incorrect"

/ I also use 1,2,3,4,5 on my luggage.
 
2019-01-17 02:25:53 PM  

iheartscotch: GRCooper: So, serious question - do any technical farkers have knowledge of password storage services? Any recommendations?

I've been wary of them because it seems to be a single point of failure, security wise (they get hacked and bad guys have *all* your logins/PWs)

Thx.

In a word? Don't. It's more secure to write the password down and magnet it to your fridge.

/ Also, never ever use the services of a website that purports to check the "dark web" for haxored stuff


That's kind of been my philosophy.  I have a couple of long strings of alphanumerics (no words) that I memorized to use in "important" sites, and one that I use in sites where I care little about any breach (e.g., no card on file).  I've seen that one come up in "we have found your password!" lists before, but, really, should I care if someone has my old slashdot login and password?

For the really important stuff (bank, paypal, steam!), I use two factor anyway.

/steam mainly because someone tried for brute-force their way into my account last year, but since that uses one of the "important" strings, they were unsuccessful.
//Steam was really great about notifying me ("we noticed a new IP has tried to access your account") - sad that a game site has better fraud protection than my bank.
 
Displayed 50 of 200 comments


Oldest | « | 1 | 2 | 3 | 4 | » | Newest | Show all


View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking





On Twitter




In Other Media
Top Commented
Javascript is required to view headlines in widget.
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report