773 Million Credentials Leaked

[Vya Domus]

This is no BS site. The fact so many of you havent heard of it, to me is honestly stunning, more so than your thoughts of its legitimacy or purpose.

Site is legit, go it. Point is, every time something asks to write down your password it's good to instinctively not do it. I find it stunning that this isn't the first thought people get. It's absurd to suggest that we should read the source code and all that.

 

[Solaris17]

Pretty sure that site is bollocks. No matter what random string you write, it will either say its safe or not, but never that it doesn't exist.

This site is not "bollocks" nor is it "some random site".

woops didnt see page 2 beating a dead horse.

 

[Vayra86]

Site is legit, go it. Point is, every time something asks to write down your password it's good to instinctively not do it. I find it stunning that this isn't the first thought people get. It's absurd to suggest that we should read the source code and all that.

Yeah well. There are lots of services that save passwords in plaintext, whatcha gonna do about that? If your securing is through obscurity you are living an illusion.

The site still cannot associate your passwords to anything but an email address and any service TODAY that does not offer 2FA should be on your shitlist anyway.

What you SHOULD use the password check for is to see whether its a strong password or not. Security means making any breach a 'too much effort' affair, so strong passwords are a nice first line of defense, nothing more and nothing less. They secure you against the most basic level of attacks. After that its up to 2FA.

 

[Vya Domus]

There are lots of services that save passwords in plaintext

As I said previously, if you can, don't take unnecessary risks. Even if your password is stored somewhere in a notepad, you didn't have control over that.

 

[Vayra86]

As I said previously, if you can, don't take unnecessary risks. Even if your password is stored somewhere in a notepad, you didn't have control over that.

So don't take unnecessary risks, and before you change your password on a service, check whether its a safe one that is frequently used in breaches. Or try five of them... I mean, its not hard to get your obscurity back.

You guys act like there are sweat shops full of sweaty nerds sitting there manually typing in passwords. This stuff happens by the large numbers, not individual accounts. And the top passwords tried are those most frequently used - not the ones people may or may not use for their email address on a trusted website.

Seriously, its like I went back in time 10 years over here in this topic. Some of you really haven't got the slightest clue how security and hacks have changed over the past decade. Its all about big data. Even this very topic is entirely about a massive data leak. Not individual accounts, but a massive scoop up of millions of them. Its the numbers that determine the success rate, even if you hack 1% you're sitting on a goldmine.

 

[Vya Domus]

check whether its a safe one that is frequently used in breaches.

Sorry but that's an absolutely terrible advice. Rather than checking somewhere if your password was used or not in a breach, do yourself a favor and use a new one.

 

[Vayra86]

Sorry but that's an absolutely terrible advice. Rather than checking somewhere if your password was used or not, do yourself a favor and use a new one.

Mate, there are no safe passwords. Just varying degrees of how quickly they are breached. So if you find one that hasn't been breached yet in known hacks, you've got the highest assurance you can have that its safe. That is why companies deploy 2FA.

Like I edited in previous post, you have a security mindset of ten years ago.

 

[Vya Domus]

You could have checked your password a million times, that wont decrease the chances it will find it's way into the next breach one bit.

 

[Vayra86]

You could have checked your password a million times, that wont decrease the chances it will find it's way into the next breach one bit.

Depends on what breach you speak of. If its one of data mined or hacked credentials then no. But if its about working with known frequently used ones, then for sure the checker is decreasing your chances. But most of all its for entertainment purposes. Was your 'original' password really that original? Pretty interesting for that.

It also doesn't defeat the point I was making. Passwords are not a guarantee of security ever, anywhere.

 

[Vya Domus]

But if its about working with known frequently used ones, then for sure the checker is decreasing your chances.

If you've gotten to the point where you need to check that, you've already got a problem. If anything by insisting to use the same passwords, even if they are safe up until now, you're just increasing the number of places from which breaches can occur.

This is a solution to an already ill-posed problem. Breaches are out of your control, best you can do is use new passwords and multi-factor authentications as you said.

 

[Vayra86]

If you've gotten to the point where you need to check that, you've already got a problem.

In my personal case, I never knew my stuff was compromised until I put in my email address on the website. Then I found the news articles about Evony and DDO breaches in which my data was contained.

The main goal here I think is awareness.

 

[95Viper]

Take the effort to click on a few tabs on that site and you get indepth API info, code to use and implement, etc. Ive seen my share of scammy sites but this is not how those tend to look. Spotless English clearly written by a native speaker, and accurate results one can recognize without exceptions. The API works.

This is no BS site. The fact so many of you havent heard of it, to me is honestly stunning, more so than your thoughts of its legitimacy or purpose.

Due diligence pls? Click around a bit and see for yourself ...

Oh its half a decade, I see...
https://en.m.wikipedia.org/wiki/Have_I_Been_Pwned?

I already did my due diligence. This was before I formed my own opinion. I had, already, read up on Troy Hunt and, the company he joined with (He actually purchased the 1password subscription service); and, I still have my same conclusion and opinion of it.

I have not stated anything as fact, just my personal opinion.
And, you are free to have/express your opinion on the topic, too.

 

[Lorec]

Looks like my passwords are ok

good for You did You even read whole thread?