The 773 Million Record Collection #1 Data Breach
-
Right, so as an example; Let say tenforums is breached, then my mail address and password for tenforums is leaked. That's what this breach is all about? So Collection #1 then may have that mail address and password for tenforums on that list, correct? Sorry for all the questions, I'm just trying to make sense of this before puting on a tin foil hat.
-
-
Right, so as an example; Let say tenforums is breached, then my mail address and password for tenforums is leaked. That's what this breach is all about? So Collection #1 then may have that mail address and password for tenforums on that list, correct? Sorry for all the questions, I'm just trying to make sense of this before puting on a tin foil hat.
Correct.
Then both might get tested with Banks/Facebook/Twitter/your actual Email account and so on.
If one can then get into those accounts they can steal not only information, but steal your Identity!
-
Thanks the answers, and for putting my mind at ease Cliff. 
If the main password from Google or Microsoft ever get leaked, hopefully they will inform us about it. I also use two-ways security + code-chip for my most important stuff.
-
Unique passwords are good, but for any important site such as Paypal, Amazon, Email Provider etc. you should always enable Two-factor authentication if it's available, your email provider is the most important as if they can get in to that they can reset the password to all the sites you use that email for.
-
-
-
I just wrote this under Troy's video I posted above:
Microsoft should build in a Password Manager connected to HIBP & HIBP/Password, into Windows or Edge but it seems only bling bling and pretty icons, and taco hats & ninja cats are most important to them
-
Call me overly cautious, but I have some reservation about typing in my current password to a website, just for testing purposes.
-
Unique passwords are good, but for any important site such as Paypal, Amazon, Email Provider etc. you should always enable Two-factor authentication if it's available, your email provider is the most important as if they can get in to that they can reset the password to all the sites you use that email for.
Good advise, but...
Most of the 2FA rely on texting the PIN to a cell, that requires providing the cell number obviously. Some sites, especially the sites with their app on the cell, may use the GPS on the cell for advertisement purposes, like Facebook did. Others probably have not been caught as of yet... 
-
Good advise, but...
Most of the 2FA rely on texting the PIN to a cell, that requires providing the cell number obviously. Some sites, especially the sites with their app on the cell, may use the GPS on the cell for advertisement purposes, like Facebook did. Others probably have not been caught as of yet...
Most sites use a universal authenticator app such a google authenticator or Authy or hardware like a yubikey, not many use cell phone code these days.
-
-
Call me overly cautious, but I have some reservation about typing in my current password to a website, just for testing purposes.
When you search Pwned Passwords
The Pwned Passwords feature searches previous data breaches for the presence of a user-provided password. The password is hashed client-side with the SHA-1 algorithm then only the first 5 characters of the hash are sent to HIBP per the Cloudflare k-anonymity implementation. HIBP never receives the original password nor enough information to discover what the original password was.
Have I Been Pwned: Privacy
Quote