Password breach warning on HL?

Swipe

dunstonh said:

dunroving said:

MaxiRobriguez said:

It's a valid warning. It's not saying you've done anything wrong but that at some point, somewhere on the internet, someone has used the username/password combination as an authentication to a site, and that site leaked that authentication data to a malicious actor.

Whilst your HL account is unlikely to be accessed, you should still change your password as it is a risk that you can mitigate easily. Use a random generator for your next password.

Thank Chrome for the service rather than ignore it!

The problem with completely randomly generated passwords is you have to write them down somewhere. I use passwords nobody would guess, but I have a system to remember. As per your advice, I'll change my password (again). 

Look up bitwarden.   https://bitwarden.com/
There are others (such as LastPass, dashlane etc).  

This is the best advice anyone can offer you. I really don't understand anyone who doesn't use a password manager in this day and age. And write down your master password somewhere safe.

dunroving

Swipe said:

dunstonh said:

dunroving said:

MaxiRobriguez said:

It's a valid warning. It's not saying you've done anything wrong but that at some point, somewhere on the internet, someone has used the username/password combination as an authentication to a site, and that site leaked that authentication data to a malicious actor.

Whilst your HL account is unlikely to be accessed, you should still change your password as it is a risk that you can mitigate easily. Use a random generator for your next password.

Thank Chrome for the service rather than ignore it!

The problem with completely randomly generated passwords is you have to write them down somewhere. I use passwords nobody would guess, but I have a system to remember. As per your advice, I'll change my password (again). 

Look up bitwarden.   https://bitwarden.com/
There are others (such as LastPass, dashlane etc).  

This is the best advice anyone can offer you. I really don't understand anyone who doesn't use a password manager in this day and age. And write down your master password somewhere safe.

I always wonder, though - if other passwords can be somehow hacked, what's to stop the master password for a password manager being hacked in the same way? (Genuine question)

masonic

dunroving said:

Swipe said:

dunstonh said:

dunroving said:

MaxiRobriguez said:

It's a valid warning. It's not saying you've done anything wrong but that at some point, somewhere on the internet, someone has used the username/password combination as an authentication to a site, and that site leaked that authentication data to a malicious actor.

Whilst your HL account is unlikely to be accessed, you should still change your password as it is a risk that you can mitigate easily. Use a random generator for your next password.

Thank Chrome for the service rather than ignore it!

The problem with completely randomly generated passwords is you have to write them down somewhere. I use passwords nobody would guess, but I have a system to remember. As per your advice, I'll change my password (again). 

Look up bitwarden.   https://bitwarden.com/
There are others (such as LastPass, dashlane etc).  

This is the best advice anyone can offer you. I really don't understand anyone who doesn't use a password manager in this day and age. And write down your master password somewhere safe.

I always wonder, though - if other passwords can be somehow hacked, what's to stop the master password for a password manager being hacked in the same way? (Genuine question)

It's not passwords that are hacked, it's companies storing passwords in a way that allows said company to access them. If you are the only one who knows your password, and it isn't guessable, then it won't be hacked. If you want to be really sure, don't use a service that stores anything online. Never, use a password manager with the ability to recover a lost master password.

ChesterDog

Just happened to me too.
My passwords are all unique, not word-based and so on.
It's looking like some sort of Chrome/HL glitch to me.

ChesterDog

...especially as it's also warning me with my fresh password.

masonic

ChesterDog said:

Just happened to me too.
My passwords are all unique, not word-based and so on.
It's looking like some sort of Chrome/HL glitch to me.

Sometimes when sites ask you to enter things like your date of birth and random digits from a password, those can be mistaken for username and password. I'd imagine a 6 digit number username and single character password would be quite likely to trigger an alert.

veryintrigued

Happened to me yesterday too.

Logged on today and nothing.

I've done nothing in between

barnstar2077

I don't trust password generators.  I write sixteen character jumbled passwords in a little book.  I write it out normally, but they are all useless unless you know that the third character is always an x regardless of what it says in the book.  It means that they are not stored electronically by me, and they are useless to anyone that might see the book (which is also hidden obviously.)

Edit:  Also, I use one email for my banking and important stuff, and another that I use on everything else and give to people.  Plenty of people have been caught out because they use the same email / password on poorly secured sites that they do for online banking, Amazon etc.

ANGLICANPAT

Ive changed both my security number and Password again  now  (3rd time)   and this one is an  absolutely random mixture of  caps and  lower case letters , digits, and allowed symbols  - 15 in all ,  and Im still getting the same Chrome message. Surely must be a glitch .

sebtomato

Same warning for me, on both PC and smartphone (Chrome browser on Android).
Changed my password, and still getting the same warning, so must be a glitch. However, you would expect HL to put some banner on their website to advise people using Chrome but of course nothing.