• WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required. There are many reviews of audio hardware and expert members to help answer your questions. Click here to have your audio equipment measured for free!

Warning: change your password please!

delfuego

Member
Joined
Dec 9, 2022
Messages
27
Likes
61
Most likely it's from breach data and/or "password spraying". Enable 2FA/MFA for your account people. It's easy and helps a lot ;)
 

L5730

Addicted to Fun and Learning
Joined
Oct 6, 2018
Messages
667
Likes
434
Location
East of England
I had one of those "your email account has been logged into from elsewhere" messages, and assumed it was a spam/phishing thing.
I went directly to that account, logged in and yes, indeed it had been recently logged into from an IP pertaining to Russia (but that could be spoofed anyway). It was an old email address and used only for a spam trap (website shop needs an email address to provide shipping info. so use that one so I can at least find out the costs. I actually transact with another email address, of course).
Needless to say, I changed the password on that account and haven't seen anything dodgy since.

Never used a password manager. The thought of keeping all of the passwords under one password has two issues for me (a) crack that one password and bingo (b) I'd forget that one password. My password manager is a spiral bound booklet with a list of the site, my email address used/username and password. Secure, no, but it's air gapped from the internet. Good luck to anyone 'hacking' physical paper and ink.
 

threni

Major Contributor
Joined
Oct 18, 2019
Messages
1,277
Likes
1,519
Location
/dev/null
I had one of those "your email account has been logged into from elsewhere" messages, and assumed it was a spam/phishing thing.
I went directly to that account, logged in and yes, indeed it had been recently logged into from an IP pertaining to Russia (but that could be spoofed anyway). It was an old email address and used only for a spam trap (website shop needs an email address to provide shipping info. so use that one so I can at least find out the costs. I actually transact with another email address, of course).
Needless to say, I changed the password on that account and haven't seen anything dodgy since.

Never used a password manager. The thought of keeping all of the passwords under one password has two issues for me (a) crack that one password and bingo (b) I'd forget that one password. My password manager is a spiral bound booklet with a list of the site, my email address used/username and password. Secure, no, but it's air gapped from the internet. Good luck to anyone 'hacking' physical paper and ink.
Most sites allow you to reset your password via a link sent to your email address, so in effect you do store all your passwords under one password, and you do have the risk of forgetting that password. 2fa makes things safer but some systems let you bypass that via the email as they'd rather not lose you as a customer. But it's good to enable 2fa on any site which offers it, especially if it lets you use authy/google authenticator/etc and not rely on a text (which you might not receive in all situations). If a site doesn't let you stay logged in you need to decide if the risk of a breach is worth the inconvenience. For most sites, where there's little at stake, probably not.

I use google chrome to store/sync my passwords, so each site has a crazy long/random password I never re-use (indeed, I don't know what 99% of my passwords are - I never type them in; they're auto filled). If you have a domain (about £10 per year) you have an infinite number of email addresses so you can also use one email address per website, seeing who's leaking your details to other businesses.

The only passwords I don't sync/store are anything to do with banks and other financial organisations. The risk/benefit ratio isn't right.
 

L5730

Addicted to Fun and Learning
Joined
Oct 6, 2018
Messages
667
Likes
434
Location
East of England
2FA is fine for transactions and important things, but for most stuff it is rather an inconvenience for me - someone still using a 2G Motorolla ROKR E1!
I use different email addresses for different sites, so there is that. Yeah, I understand what you are saying wrt passwords under one password, but it's a little different in that it would require more faffing about to do password recoveries and resets should the email security be compromised.

I have regular discussions about security and convenience as I volunteer at a non-profit in the US whilst living in the UK. Typically convenience wins, despite my more tinfoil hat approach. Sometimes things just have to be accessible and usable. Putting up barriers can end up making one's own life more troublesome.

If it's online it's at potential risk - but if it ain't online, it ain't online.

Interesting thoughts.
 
Top Bottom