Page 1 of 1

Google security saying password compromised

Posted: Wed Jan 27, 2021 6:42 pm
by Montag
Got an alert from Google saying my Octopus Overlords and Gaming Trends passwords were compromised. It does appear to be a legit warning as it is via my Google account profile stuff. Anybody else get an alert?

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 6:44 pm
by TheMix
I did not. Not that I can find.

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 7:00 pm
by FishPants
Neither did I.

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 7:01 pm
by Daehawk
Nothing.

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 7:05 pm
by gilraen
Is it a password you use for other websites? Google will just alert you if the password itself is compromised, not necessarily through OO or GamingTrends, but that it shows up on their database of known breaches.

I think Google routinely tells me that I have 24 saved passwords that are compromised - they are not password to websites that I care enough about to change :)

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 7:08 pm
by wonderpug
Montag wrote: Wed Jan 27, 2021 6:42 pm Got an alert from Google saying my Octopus Overlords and Gaming Trends passwords were compromised. It does appear to be a legit warning as it is via my Google account profile stuff. Anybody else get an alert?
Just a thought, but if you're using Google as a password manager, maybe that same password got compromised at some other site you frequent and Google's trying to warn you of all the other sites that you have set to use the same one?

edit: gilraen!

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 7:33 pm
by FishPants
Just go type in your email and/or password into https://haveibeenpwned.com/, good way to see what's what and how it was compromised (at least the originating source).

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 7:51 pm
by Daehawk
ive used that before. My passes have been comp'd at least a dozen times each...mostly from breakins to other sites and they are on lists somewhere. Dont give a rats ass. Not the passwords I use on good sites. Also they are all old .

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 8:04 pm
by Anonymous Bosch
wonderpug wrote: Wed Jan 27, 2021 7:08 pm
Montag wrote: Wed Jan 27, 2021 6:42 pm Got an alert from Google saying my Octopus Overlords and Gaming Trends passwords were compromised. It does appear to be a legit warning as it is via my Google account profile stuff. Anybody else get an alert?
Just a thought, but if you're using Google as a password manager, maybe that same password got compromised at some other site you frequent and Google's trying to warn you of all the other sites that you have set to use the same one?

edit: gilraen!
More importantly, I'd recommend using a FOSS (Free & Open-Source Software) secure passphrase manager, such as Bitwarden or KeePass, instead of your web browser or Google’s Smart Lock.

To quote The Wirecutter from the NYT:

Why You Need a Password Manager. Yes, You.
nytimes.com wrote:You probably know that it’s not a good idea to use “password” as a password, or your pet’s name, or your birthday. But the worst thing you can do with your passwords—and something that more than 50 percent of people are doing, according to a recent Virginia Tech study—is to reuse the same ones across multiple sites. If even one of those accounts is compromised in a data breach, it doesn’t matter how strong your password is—hackers can easily use it to get into your other accounts.

But even though I should know better, up until a few months ago I was still reusing the same dozen or so passwords across all of my everything (though at least I had turned on two-factor authentication where I could). It’s just too difficult to come up with (and remember) unique, strong passwords for dozens of sites. That’s why, after much cajoling from co-workers, I started using a password manager—and it’s why you should be using one, too. Aside from using two-factor authentication and keeping your operating system and Web browser up to date, it’s the most important thing you can do to protect yourself online.

Why you need a password manager
A password manager is a secure, automated, all-digital replacement for the little notepad that you might have all of your passwords scribbled down in now, but it’s also more than that. Password managers generate strong new passwords when you create accounts or change a password, and they store all of your passwords—and, in many cases, your credit card numbers, addresses, bank accounts, and other information—in one place, protecting them with a single strong master password. If you remember your master password, your password manager will remember everything else, filling in your username and password for you whenever you log in to a site or app on your phone or computer.

You can generate, save, and auto-fill passwords with Google’s Smart Lock (in Chrome and Android) or Apple’s Keychain (in Safari and iOS), but a good password manager goes a lot further—it can proactively alert you when you’re reusing a password or when your passwords are weak and easy to guess or hack, and some password managers will even let you know when online accounts are hacked and your passwords have been exposed. For accounts that you need to share with family members, friends, or co-workers—a joint bank account or mortgage site, a shared Twitter account, or your insurance and medical records, for instance—many password managers offer family plans that make it simple to share strong, complex passwords without requiring multiple people to remember them or write them down.

Learning to use a password manager seems intimidating, but once you start using one to make strong random passwords that you’re not on the hook to remember, you’ll wonder how you lived without one. Usually, improving your digital security means making your devices more annoying to use; a password manager is a rare opportunity to make yourself more secure and less annoyed.

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 8:36 pm
by gilraen
wonderpug wrote: Wed Jan 27, 2021 7:08 pm
Montag wrote: Wed Jan 27, 2021 6:42 pm Got an alert from Google saying my Octopus Overlords and Gaming Trends passwords were compromised. It does appear to be a legit warning as it is via my Google account profile stuff. Anybody else get an alert?
Just a thought, but if you're using Google as a password manager, maybe that same password got compromised at some other site you frequent and Google's trying to warn you of all the other sites that you have set to use the same one?

edit: gilraen!
I don't use it as a password manager. The warning I see comes from Google Chrome because I let it remember my passwords. Maybe it's not the same thing as the warning that Montag got.

I do use KeePass for important stuff, but I'm terrible at keeping it up to date.

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 8:43 pm
by Anonymous Bosch
gilraen wrote: Wed Jan 27, 2021 8:36 pm I do use KeePass for important stuff, but I'm terrible at keeping it up to date.
FWIW, I find it easiest to just use the portable version. That way, whenever it notifies you of a new version, you simply download and extract the latest portable version of the software, and overwrite the files in the existing directory. Then you're all done and good to go, without needing to reinstall anything.

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 8:45 pm
by gilraen
Anonymous Bosch wrote: Wed Jan 27, 2021 8:43 pm
gilraen wrote: Wed Jan 27, 2021 8:36 pm I do use KeePass for important stuff, but I'm terrible at keeping it up to date.
FWIW, I find it easiest to just use the portable version. That way, whenever it notifies you of a new version, you simply download and extract the latest portable version of the software, and overwrite the files in the existing directory. Then you're all done and good to go, without needing to reinstall anything.
I don't mean keeping the software up to date. I mean putting passwords into the damn thing after I create them.

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 8:54 pm
by Anonymous Bosch
gilraen wrote: Wed Jan 27, 2021 8:45 pm
Anonymous Bosch wrote: Wed Jan 27, 2021 8:43 pm
gilraen wrote: Wed Jan 27, 2021 8:36 pm I do use KeePass for important stuff, but I'm terrible at keeping it up to date.
FWIW, I find it easiest to just use the portable version. That way, whenever it notifies you of a new version, you simply download and extract the latest portable version of the software, and overwrite the files in the existing directory. Then you're all done and good to go, without needing to reinstall anything.
I don't mean keeping the software up to date. I mean putting passwords into the damn thing after I create them.
D'oh! :doh:

It's funny, I've been using KeePass for so long that putting passwords into it has long since become indelibly ingrained into my noggin as the first thing I always do whenever creating a new passphrase/login.

Re: Google security saying password compromised

Posted: Wed Jan 27, 2021 9:15 pm
by Montag
I do not use a password manager. I do let the browser remember some passwords, but not on critical sites. I use Firefox. Just strange it was only on the two sites. No biggie. I am confident this is not a phishing attack either.

Re: Google security saying password compromised

Posted: Thu Jan 28, 2021 12:42 am
by Anonymous Bosch
Montag wrote: Wed Jan 27, 2021 9:15 pm I do not use a password manager.
Well, given the reason you started this thread was specifically because passwords you're using have been compromised, perhaps that's a hint you ought to reconsider? ;)

As The Wirecutter observes above, besides using two-factor authentication and keeping your OS and web browser up to date, using a secure password manager is among the most important things you can do to protect yourself online. And using one really isn't difficult at all and needn't cost you a penny, either. For example, here's a video that demonstrates how easy it is to use the free Bitwarden password manager: