|
Page 1 of 1 |
|
Posted: Fri, 15th Apr 2022 12:06 Post subject: nfohump dataleak ? |
|
 |
Curious, in my chrome password manager it lists nfohump was in a dataleak one month ago? Anyone else see this in their chrome password manager aswel ? Or its not specifically tied to a site, but merely the login/password combination ? Not to worried about it as its a low effort combination but didnt notice it before amongst the other dozen sites listed
|
|
Back to top |
|
 |
|
|
Back to top |
|
 |
|
Posted: Fri, 15th Apr 2022 14:21 Post subject: |
|
 |
I guess the google chrome password thingy is just saying the combination of that login n password was leaked somewhere, even though my login dont think i used it that much before. Kinda bummer google chrome dont clearly state from were it was leaked ?
|
|
Back to top |
|
 |
DXWarlock
VIP Member
Posts: 11422
Location: Florida, USA
|
Posted: Fri, 15th Apr 2022 14:38 Post subject: |
|
 |
Probably leaked somewhere else and it just saying "this password of yours, is known" if you used it places other than here.
NEVER use the same password twice. Making 'custom' passwords to remember is a bitch, so make a naming convention that only you know so each is unique but obvious to you.
99.9% of the time passwords are leaked and tried. No person actually tries the password. It's a bot trying 1000's of different user and password combinations it has in its list on other sites to see if they work. If not its discarded as 'useful'. So having one that seems, to you, to be a pattern doesnt matter. As no person ever compares or looks at it to find patterns they only care if bot flags it as working on other sites. They want easy 'bot found this dude used the same at 20 sites...keep it and use those".
So for example to make it easy to grasp: Pick your first name 3 letters, last name 3 letters, site 'nickname', password revision, and some special characters.
Say your Name was Robert Smith, and login for google: 'RobSmiGoogv1!@#'
Only works on one site, when its breached and someone's bot uses it and sees it only works on one site, and you change that one to a new revision number 'RobSmiGoogv2!@#' it will be trashed on their end.
And doesn't have to be First Name last name..or the order I said. Could be name of your dog, random special characters, revision #, color of your car, sitenick: 'Woofv1#@!RedGoog'
Or anything you can think, as many as you want to add of each so it's easy for YOU to remember but never the same for any logins.
-We don't control what happens to us in life, but we control how we respond to what happens in life.
-Hard times create strong men, strong men create good times, good times create weak men, and weak men create hard times. -G. Michael Hopf
Disclaimer: Post made by me are of my own creation. A delusional mind relayed in text form.
|
|
Back to top |
|
 |
|
|
Back to top |
|
 |
DXWarlock
VIP Member
Posts: 11422
Location: Florida, USA
|
Posted: Fri, 15th Apr 2022 18:01 Post subject: |
|
 |
I like knowing what mine is, I use lastpass but only because I dont want to type it all the time.
But I prefer generating my own so if one is leaked, I know EXACTLY where it came from.
Or the rare occasion I need to login from my phone, or my tablet, (I dont have any password managers on them, I rarely use them for anything other than an actual phone, or an e-reader) or someone else's device..I can.
-We don't control what happens to us in life, but we control how we respond to what happens in life.
-Hard times create strong men, strong men create good times, good times create weak men, and weak men create hard times. -G. Michael Hopf
Disclaimer: Post made by me are of my own creation. A delusional mind relayed in text form.
|
|
Back to top |
|
 |
|
Posted: Fri, 15th Apr 2022 23:34 Post subject: |
|
 |
Kinda hard to remember 650+ unique accounts though no? Keepassxc is supported on all major device/distros, i don't automate anything, open app, search ctrl c for pw. Sync the database across devices with syncthing so you don't have to store all your data on someone else's servers. Use yubikey if you want more than a pw based auth.
Tried those browser extension paid tools like dashlane? Password1, lastpass.. i don't like then, there's more attack surface, also ugly UI and UX.
|
|
Back to top |
|
 |
DXWarlock
VIP Member
Posts: 11422
Location: Florida, USA
|
Posted: Sat, 16th Apr 2022 02:42 Post subject: |
|
 |
AmpegV4 wrote: | Kinda hard to remember 650+ unique accounts though no? |
No ask me any site I use, or have used in the last 10 years. I can tell you the password since its a standard formulaic naming convention of my own making like above.
There is no chance of me losing them: all my HDs fail, my phone breaks, my database backup drive shits the bed and my online repo I forget how to get into? I still know each one.
And I personally know them all vs random generated one I never knew to start with.
Made up example here (not going to give mine out )
You could remember 1000's of them if they all used this:
[Abbreviation of Brand of first car][4 special characters to pass requirement][5 letter site nickname][revision number][color of your house]
So like nfohump: Merc$#@!NHUMPv1Brick
Google: Merc$#@!GOOGLv2Brick
Sure someone COULD see the pattern if they manually got a few of mine and worked it out. But as I said, password leaks are bot tested by force to see which sites the one they have of yours works elsewhere. No one manually goes over 100,000's of passwords in a leak they are using by hand. If someone manually has my password that was human failure, no manager or local sync will stop that, I gave it to them. And even then they would need more than 1 to know its not just random words in that one for all they know.
None of mine work elsewhere and onced leaked I know exactly where it was leaked, and where to change revision number. Which isnt a HUGE deal to remember, so far I have never had to go past v2. on any one particular one.
-We don't control what happens to us in life, but we control how we respond to what happens in life.
-Hard times create strong men, strong men create good times, good times create weak men, and weak men create hard times. -G. Michael Hopf
Disclaimer: Post made by me are of my own creation. A delusional mind relayed in text form.
|
|
Back to top |
|
 |
|
|
Back to top |
|
 |
DXWarlock
VIP Member
Posts: 11422
Location: Florida, USA
|
Posted: Sat, 16th Apr 2022 03:21 Post subject: |
|
 |
If I fall for a malicious link you deserve my password
IF someone links something in a post or reply somewhere. I go search google with the advanced search syntax for the site its suppose to be on and keywords to find the article they are linking me.
I dont click ANYTHING in emails. It wants to send me to a login. I go to that site and login, not the link. Attachment on an email? well whatever you sent me goes to the trash with the email.
At least for me, I never have emails that have attachments that I need for anything. Even work, want to send me/us something? Thats what our FTP is for upload it to your folder and let the server its on scan it for me.
So far its worked for me, never had an account compromised. Passwords leaked sure, we all have. But never had an account stolen or accessed.
Now not saying its the best. But 'best' to me, and waaaay better than the people that use the same one for many sites because they want one they can remember.
I know I will get shit for this too, but I dont use a firewall (I even got windows firewall service hard off), antivirus, network monitor/blocker, or any of that. And never had a virus or Trojan/backdoor in 15+ years, and only once since I started using PC in..1996(?) And that was me doing something dumb I knew was dumb and risky..and did it anyway...
I just dont do/click/open dumb or iffy shit online if i DO need to run shady stuff I got a little dell work server with VSphere snapshots to test it on first.
-We don't control what happens to us in life, but we control how we respond to what happens in life.
-Hard times create strong men, strong men create good times, good times create weak men, and weak men create hard times. -G. Michael Hopf
Disclaimer: Post made by me are of my own creation. A delusional mind relayed in text form.
|
|
Back to top |
|
 |
Page 1 of 1 |
All times are GMT + 1 Hour |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group
|
|
 |
|