h a l f b a k e r y0.5 and holding.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Possible Data Breach
My Password Checker popped up a warning that there'd been a data breach on this site | |
It monitors sites I log into and suggested that I change my
password.
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
|
Hadn't heard about that - worth repeating the
Halfbakery's security advice though:
"We
don't collect data for commercial purposes, and you
aren't supposed to be able to download the list of
accounts and passwords from us, but we make no
guarantees about the security of this site or the
data stored on it.
... the account passwords are stored in the clear
in the current database, and they're transmitted in
the clear when you log in, and backed-up in the
clear to the halfbakery's password-protected backup
account (on another commercial hosting service).
The root user of this machine could in theory
impersonate any of its users.
Absolutely do not use a password you also use for
personal, high-security accounts. (You shouldn't
reuse those in general.)" |
|
|
I assumed everyone here uses a randomly generated 57-character password which they change twice a day? |
|
|
I use RSA which changes every minute. (but not for here)... |
|
|
I may have misunderstood the details, but the way I
understand it, Google now plug into publicly
available hacked username/password directories and
compares the values held there against what it
remembers in your browser settings for memorised
passwords. If it finds a match, you get a warning. |
|
|
So [AusCan531] it *may* be the case that if you use
the same username/password here that you use
somewhere else, and that *somewhere else* gets
hacked, your identical credentials here might get
flagged as being insecure. Equally, it may be the
other way around - but that's not important - the
fact that your username/password combination is now
out-in-the-wild is the main deal. That's the way I
read it anyway. |
|
|
// memorised passwords // |
|
|
Maybe it should be Man Woman Person Camera TV... |
|
| |