Google security saying password compromised

Discuss site matters here

Moderators: FishPants, ooRip

Post Reply
User avatar
Montag
Posts: 2810
Joined: Wed Nov 03, 2004 2:14 pm
Location: Indianapolis

Google security saying password compromised

Post by Montag »

Got an alert from Google saying my Octopus Overlords and Gaming Trends passwords were compromised. It does appear to be a legit warning as it is via my Google account profile stuff. Anybody else get an alert?
words
User avatar
TheMix
Posts: 10885
Joined: Thu Oct 14, 2004 5:19 pm
Location: Broomfield, Colorado

Re: Google security saying password compromised

Post by TheMix »

I did not. Not that I can find.

Black Lives Matter

Isgrimnur - Facebook makes you hate your friends and family. LinkedIn makes you hate you co-workers. NextDoor makes you hate your neighbors.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Google security saying password compromised

Post by FishPants »

Neither did I.
No.
User avatar
Daehawk
Posts: 63435
Joined: Sat Jan 01, 2005 1:11 am

Re: Google security saying password compromised

Post by Daehawk »

Nothing.
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
gilraen
Posts: 4301
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: Google security saying password compromised

Post by gilraen »

Is it a password you use for other websites? Google will just alert you if the password itself is compromised, not necessarily through OO or GamingTrends, but that it shows up on their database of known breaches.

I think Google routinely tells me that I have 24 saved passwords that are compromised - they are not password to websites that I care enough about to change :)
User avatar
wonderpug
Posts: 10340
Joined: Tue Oct 19, 2004 4:38 pm
Location: Albuquerque, NM

Re: Google security saying password compromised

Post by wonderpug »

Montag wrote: Wed Jan 27, 2021 6:42 pm Got an alert from Google saying my Octopus Overlords and Gaming Trends passwords were compromised. It does appear to be a legit warning as it is via my Google account profile stuff. Anybody else get an alert?
Just a thought, but if you're using Google as a password manager, maybe that same password got compromised at some other site you frequent and Google's trying to warn you of all the other sites that you have set to use the same one?

edit: gilraen!
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Google security saying password compromised

Post by FishPants »

Just go type in your email and/or password into https://haveibeenpwned.com/, good way to see what's what and how it was compromised (at least the originating source).
No.
User avatar
Daehawk
Posts: 63435
Joined: Sat Jan 01, 2005 1:11 am

Re: Google security saying password compromised

Post by Daehawk »

ive used that before. My passes have been comp'd at least a dozen times each...mostly from breakins to other sites and they are on lists somewhere. Dont give a rats ass. Not the passwords I use on good sites. Also they are all old .
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
Anonymous Bosch
Posts: 10502
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Google security saying password compromised

Post by Anonymous Bosch »

wonderpug wrote: Wed Jan 27, 2021 7:08 pm
Montag wrote: Wed Jan 27, 2021 6:42 pm Got an alert from Google saying my Octopus Overlords and Gaming Trends passwords were compromised. It does appear to be a legit warning as it is via my Google account profile stuff. Anybody else get an alert?
Just a thought, but if you're using Google as a password manager, maybe that same password got compromised at some other site you frequent and Google's trying to warn you of all the other sites that you have set to use the same one?

edit: gilraen!
More importantly, I'd recommend using a FOSS (Free & Open-Source Software) secure passphrase manager, such as Bitwarden or KeePass, instead of your web browser or Google’s Smart Lock.

To quote The Wirecutter from the NYT:

Why You Need a Password Manager. Yes, You.
nytimes.com wrote:You probably know that it’s not a good idea to use “password” as a password, or your pet’s name, or your birthday. But the worst thing you can do with your passwords—and something that more than 50 percent of people are doing, according to a recent Virginia Tech study—is to reuse the same ones across multiple sites. If even one of those accounts is compromised in a data breach, it doesn’t matter how strong your password is—hackers can easily use it to get into your other accounts.

But even though I should know better, up until a few months ago I was still reusing the same dozen or so passwords across all of my everything (though at least I had turned on two-factor authentication where I could). It’s just too difficult to come up with (and remember) unique, strong passwords for dozens of sites. That’s why, after much cajoling from co-workers, I started using a password manager—and it’s why you should be using one, too. Aside from using two-factor authentication and keeping your operating system and Web browser up to date, it’s the most important thing you can do to protect yourself online.

Why you need a password manager
A password manager is a secure, automated, all-digital replacement for the little notepad that you might have all of your passwords scribbled down in now, but it’s also more than that. Password managers generate strong new passwords when you create accounts or change a password, and they store all of your passwords—and, in many cases, your credit card numbers, addresses, bank accounts, and other information—in one place, protecting them with a single strong master password. If you remember your master password, your password manager will remember everything else, filling in your username and password for you whenever you log in to a site or app on your phone or computer.

You can generate, save, and auto-fill passwords with Google’s Smart Lock (in Chrome and Android) or Apple’s Keychain (in Safari and iOS), but a good password manager goes a lot further—it can proactively alert you when you’re reusing a password or when your passwords are weak and easy to guess or hack, and some password managers will even let you know when online accounts are hacked and your passwords have been exposed. For accounts that you need to share with family members, friends, or co-workers—a joint bank account or mortgage site, a shared Twitter account, or your insurance and medical records, for instance—many password managers offer family plans that make it simple to share strong, complex passwords without requiring multiple people to remember them or write them down.

Learning to use a password manager seems intimidating, but once you start using one to make strong random passwords that you’re not on the hook to remember, you’ll wonder how you lived without one. Usually, improving your digital security means making your devices more annoying to use; a password manager is a rare opportunity to make yourself more secure and less annoyed.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
gilraen
Posts: 4301
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: Google security saying password compromised

Post by gilraen »

wonderpug wrote: Wed Jan 27, 2021 7:08 pm
Montag wrote: Wed Jan 27, 2021 6:42 pm Got an alert from Google saying my Octopus Overlords and Gaming Trends passwords were compromised. It does appear to be a legit warning as it is via my Google account profile stuff. Anybody else get an alert?
Just a thought, but if you're using Google as a password manager, maybe that same password got compromised at some other site you frequent and Google's trying to warn you of all the other sites that you have set to use the same one?

edit: gilraen!
I don't use it as a password manager. The warning I see comes from Google Chrome because I let it remember my passwords. Maybe it's not the same thing as the warning that Montag got.

I do use KeePass for important stuff, but I'm terrible at keeping it up to date.
User avatar
Anonymous Bosch
Posts: 10502
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Google security saying password compromised

Post by Anonymous Bosch »

gilraen wrote: Wed Jan 27, 2021 8:36 pm I do use KeePass for important stuff, but I'm terrible at keeping it up to date.
FWIW, I find it easiest to just use the portable version. That way, whenever it notifies you of a new version, you simply download and extract the latest portable version of the software, and overwrite the files in the existing directory. Then you're all done and good to go, without needing to reinstall anything.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
gilraen
Posts: 4301
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: Google security saying password compromised

Post by gilraen »

Anonymous Bosch wrote: Wed Jan 27, 2021 8:43 pm
gilraen wrote: Wed Jan 27, 2021 8:36 pm I do use KeePass for important stuff, but I'm terrible at keeping it up to date.
FWIW, I find it easiest to just use the portable version. That way, whenever it notifies you of a new version, you simply download and extract the latest portable version of the software, and overwrite the files in the existing directory. Then you're all done and good to go, without needing to reinstall anything.
I don't mean keeping the software up to date. I mean putting passwords into the damn thing after I create them.
User avatar
Anonymous Bosch
Posts: 10502
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Google security saying password compromised

Post by Anonymous Bosch »

gilraen wrote: Wed Jan 27, 2021 8:45 pm
Anonymous Bosch wrote: Wed Jan 27, 2021 8:43 pm
gilraen wrote: Wed Jan 27, 2021 8:36 pm I do use KeePass for important stuff, but I'm terrible at keeping it up to date.
FWIW, I find it easiest to just use the portable version. That way, whenever it notifies you of a new version, you simply download and extract the latest portable version of the software, and overwrite the files in the existing directory. Then you're all done and good to go, without needing to reinstall anything.
I don't mean keeping the software up to date. I mean putting passwords into the damn thing after I create them.
D'oh! :doh:

It's funny, I've been using KeePass for so long that putting passwords into it has long since become indelibly ingrained into my noggin as the first thing I always do whenever creating a new passphrase/login.
Last edited by Anonymous Bosch on Wed Jan 27, 2021 9:15 pm, edited 1 time in total.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Montag
Posts: 2810
Joined: Wed Nov 03, 2004 2:14 pm
Location: Indianapolis

Re: Google security saying password compromised

Post by Montag »

I do not use a password manager. I do let the browser remember some passwords, but not on critical sites. I use Firefox. Just strange it was only on the two sites. No biggie. I am confident this is not a phishing attack either.
words
User avatar
Anonymous Bosch
Posts: 10502
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Google security saying password compromised

Post by Anonymous Bosch »

Montag wrote: Wed Jan 27, 2021 9:15 pm I do not use a password manager.
Well, given the reason you started this thread was specifically because passwords you're using have been compromised, perhaps that's a hint you ought to reconsider? ;)

As The Wirecutter observes above, besides using two-factor authentication and keeping your OS and web browser up to date, using a secure password manager is among the most important things you can do to protect yourself online. And using one really isn't difficult at all and needn't cost you a penny, either. For example, here's a video that demonstrates how easy it is to use the free Bitwarden password manager:

"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
Post Reply