Jump to content
 
Sign in to follow this  
Jedi2155

Have you been pwned?

Recommended Posts

https://haveibeenpwned.com/PwnedWebsites

 

Luckily my company work policy forces me to have a new password every 90 days, and I cannot reuse the past 21 passwords. This forced me into a habit of creating new passwords regularly and tracking which accounts I've forgotten to update. I recommend everyone do the same and check to see if any of your old services/social media has been hacked.

 

Funny enough jedi2155 was only pwned on Battlefield Heroes....I thought I did pretty well in that game.

Share this post


Link to post
Share on other sites

A work relevant topic yay.

 

....check to see if any of your old services/social media has been hacked.

 

This isn't exactly correct. The criteria for something being listed on that site is that a public dump has been made of at least the email addresses of the users. In some cases, passwords were not leaked, so the account could not be logged in to but there was still a database of names, emails, etc. It's more about information privacy than anything, knowing if your information is "out there". There is also no guarantee that the leaked information has even been used by anyone. Sometimes the groups post dumps just as proof of success.

 

Of course, password policies and management of multiple complex passwords is an important point to always be vigilant about. Here is a short, 3 page PDF document from the SANS institute with some good policies: https://www.sans.org/security-resources/policies/general/pdf/password-construction-guidelines

 

For your highest security accounts, you really want to shoot for >15 characters and have them be unique to each website/system.

Share this post


Link to post
Share on other sites

A couple of the more recent hacks that were announced such as LinkedIn said that their user/pw database in 2012 was hacked and it was just announced now....

 

The passwords were SHA1 hashed but unsalted. A couple of people in EVE has been complaining their online game accounts have been hacked to steal their assets and they even turned on their two factor authentication to lock the original user out.

Share this post


Link to post
Share on other sites

Trivia: Since SHA1 has been weak for years, both Microsoft and Google have announced publicly that they will start penalizing sites using SSL certificates still signed with SHA1.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...