The password you just used was found in a data breach.

[sapator]

I use chrome occasionally because I can delete all data and check some of our apps that cache stuff.
Occasionally I open vbforums from there and I say this message:

"The password you just used was found in a data breach. google password manager recommends to change the password now."

Mind you it only shows on chrome.
What I can make out is that the password was stolen not necessarily from this forum,me or from my web usage but it's on a stolen database somewhere.
Just noting it if anyone else sees that.

[Steve R Jones]

Chrome Password Breach Warning: How to Check and Fix ASAP

https://www.maketecheasier.com/fix-c...our%20password.

[wqweto]

It always does the same here with my habitual 123456 password, wonder why. . . LOL

Mind that "your" password might be breached from some other username on some other website. Just stop using common passwords and it will go away.

cheers,
</wqw>

[sapator]

Yep that is what I've said.
To be fair the only "common" password I have is in vbforums as in 2006 that I registered, I was just an admin wannabe turd.

[techgnome]

This is why I use a password manager, and different pass phrases for everything. I've had a couple compromised, but at least then the damage is limited.

-tg

[techgnome]

Then there's this...
https://www.youtube.com/watch?v=z_HmDP3lKMI


-tg

[wes4dbt]

This is why I use a password manager, and different pass phrases for everything. I've had a couple compromised, but at least then the damage is limited.

-tg

I going to have to look into a password manager. Some site make you change your password every few month and now I have a ridiculous number of different passwords. Right now I just keep them in a word document.

I actually wrote a simple program to store my passwords and the link to the site but never bothered to enter the data. So maybe a password manager wouldn't help. lol

[techgnome]

I use BitWarden --
What I like about it:
* Has a desktop and a mobile version that sync with each other.
* Browser integration - syncs with the above versions. -- when I login into a site for the first time, it'll ask if I want to save it to BW ... this is where 75% of my entries come from.
* application awareness -- IE, on my phone, if I open an app that I have to login to, say my bank for instance, it asks if I want to fill it in from BW. If there isn't a direct match, I can search from the saved entries, and select from an existing one... when I do that, it will ask if I want to add that app to the list for that entry.
* It's free. There is a paid version but I don't need the features of the paid.
* In a matter of a couple of clicks, I can generate a new password, fill it in, and save it.

The other popular one is 1Pass


-tg

[wes4dbt]

I use BitWarden --
What I like about it:
* Has a desktop and a mobile version that sync with each other.
* Browser integration - syncs with the above versions. -- when I login into a site for the first time, it'll ask if I want to save it to BW ... this is where 75% of my entries come from.
* application awareness -- IE, on my phone, if I open an app that I have to login to, say my bank for instance, it asks if I want to fill it in from BW. If there isn't a direct match, I can search from the saved entries, and select from an existing one... when I do that, it will ask if I want to add that app to the list for that entry.
* It's free. There is a paid version but I don't need the features of the paid.
* In a matter of a couple of clicks, I can generate a new password, fill it in, and save it.

The other popular one is 1Pass


-tg

Thanks,

Where is the information saved, locally or on the net?

[techgnome]

Thanks,

Where is the information saved, locally or on the net?

Yes. Both... there's a local cache, you can control when/how often it syncs ... and also up in "the cloud" on their serves ... if you sync.

Everything is protected by a master password/biometric

-tg

[yereverluvinuncleber]

18 character password combinations here, strange symbols, uppercase and lower. No relationship to any information you might dig into and 'mine' from knowing my life yet I can recreate my previous passwords at will. Stored within an encrypted tool with a master password, locked up in a computer in a deserted building down inside a basement with no stairs with a sign stating "Beware of the Tiger".

Fairly secure I think.

P.S. In a hole, in the dark with an owl.

[sapator]

Well, ye, sorry to rain on your parade but if they want to get your passwords they will get your passwords.
Unless your PC is offline or on a closed network that is also offline.

[wqweto]

Btw, just ported a tiny VB6 implementation of LessPass for Win7 and above: https://github.com/wqweto/VbLessPass (there is a compiled executable in Releases tab)

Will have to polish UX a bit before becoming usable but the underlying crypto source translation is complete (in a dedicated module).

The main idea of the LessPass is that a single (strong) master password can be used to generate derivative passwords for unlimited number of sites based on the site domain name and your username there.

This way you have to remember only a single master password and your username for each site -- your password for the particular site can be generated algorithmically (remembered) by LessPass using this input only.

cheers,
</wqw>

[yereverluvinuncleber]

Palemoon still uses (or used up until recently) an encryption method for the master password that was a handover from the Mozilla Firefox code days. It used an encryption method that was quite strong originally but with the capabilities of modern CPUs was now breakable within an acceptable period of time (for an intended attack).

Rather than upgrading the encryption method, the developer suggested that all use a very long (12-15 chars plus) and jumbled password with non alphanumeric characters to decrease the vulnerability and extend the brute force detection time to a period of years rather than hours/days.

If the perpetrator can gain access to your lappie (lost or stolen) then they may have the time.