How concerned with password leaks should I be? Didn't see any specifics of how they were leaked and practice pretty good hygiene.
Changing "everything" would take hours! ๐ญ
Discussion
It's almost as if private/public keys are a way better system
Yes... key rotation again seems like a useful thing I should understand better (and should be implemented more with nostr too, I hear)
Zero nsecs leaked. Your important account is safe ๐
Mostly concerned with Google and apple, those are still pretty crucial ones. Banking too, but I assume funds are safu (what little there is ๐คญ)
Change the important ones. Prioritize. E.g. I'm not too concerned about my old bit.ly account but will change the BIG ones that are always targeted. I leverage passkeys and 2FA everywhere I can, so not too concerned. A Yubikey is well worth the $20 - just like having a cold wallet.
Yeah, guess I'll do the key ones...sigh, what a pain. May be a good time to get a device like yubi or onekey...
If you're going to get a physical key/device - get two and have a backup!
Always have a backup ๐ซก
This. Get 2. Add both to every account you use it for. 1 with your seed and one for everyday use.
Make sure you can plug it into your phone. That can mean getting one with the right connector or a dongle.
Yup, we talked about these a while back. You liked onekey or something (I'll look it up later).
OnlyKey. Still like it and use it regularly. Worth going and reading my entire thing from before. I imagine I was more wordy and thorough.
Yes, I remember the pros of that device being the backup copies.
Gonna get that most likely
Might help. I was issued Yubikey for work. I work in a secure environment, so figured Iโd use Yubikey for all my personal stuff. But do your homework, compare. These are all great options and better than passwords alone. https://youtu.be/b2TdGVLXo58
I have a few. Mostly NFC enabled so I can tap to my phone. A few old USB3.0 and two USB-C. Thatโs most of my bases covered. I have them all mirrored so any one of them has everything the same.
I use a password manager that is secured using my Yubikey and which can also store Passkeys.
I may hit you guys up for tips later about best use for these. I like idea of securing pword manager with one (if I understand correctly what that means).
Use a password manager for most things, but keep a few offline due to paranoia.
Thanks
For sure, happy to share what works and my approach. Think in layers. For the most part, enable passkeys wherever available, 2FA where you can, (avoid text-based 2FA), and strong unique passwords.
I don't know what leak you are talking about but in general if you use a manager and unique passwords just changing the one should be fine.
The huge 16 billion password leak, biggest in history they're saying.
Yeah, I'm most reluctant to change my Google or Apple ones, as I don't even store those in my password manager...don't judge me
Didn't see that until just now. Rough. Every company on that list you'll want to change your passwords. Even if you had 2fa. Also every other place where you used the same password.
Anything less than that is asking for trouble.
nostr:note182sfugxxd22kv3eyg48mpu69z9z2tund2ju65tcqfdcwpfprgx0sp05kq4
Get your Bitcoin off the exchange
Reveal your porn & sexting history on your own terms
Is there anything else to worry about once these are covered?
Good on first count. Rest is the concern lol. Was hoping it only affected say those who stored passwords on Apple cloud or something but gonna play it safe
I believe everyone who's nice to me is in danger of being targeted with info leaks and stuff by the deep state.
You might get by because you're, let's say, "diplomatic"
But if you can't prepare by leaking your own secrets, make other preparations for whatever crazy civil war shit we might be heading for
I've often thought a good service would be a program that gave you cover by say crawling all sorts of "bad" things in background. Provide one with cover.
And hey, I am nice, not just "diplomatic", ahole
Tor kinda mixes all your traffic with all other possible traffic to give cover but idk how trustworthy it is these days. People should use it just so it has more users to make all the data harder to dig through
Here, take this just in case some hacker nerds try anything
Use a password manager
I do. Different words for each account. Still a pain to change my main ones, but will do.
Good time to step it up with something like yubikey.
I'm just irked by having to do the unpleasant chore for now
It's apparently a compilation of existing breached data. No reason to panic.
Not panicked. Was hoping I was "safe" and could do nothing, but was just wishful thinking
To be clear the data was from "stealer logs" which require the stealer malware to be installed on your device. It probably is not, but if it is changing your passwords just means the new ones will also likely get leaked.
I wouldn't worry at all and would just focus on using strong passwords everywhere with MFA on important accounts.
Ah, see, I didn't catch any details of how they were stolen. Thanks.
Probably a good time to change out regardless, been a bit longer than prudent. Thanks
As nostr:nprofile1qqs99d9qw67th0wr5xh05de4s9k0wjvnkxudkgptq8yg83vtulad30gprpmhxue69uhhyetvv9ujumn0wdmksetjv5hxxmmdqyg8wumn8ghj7mn0wd68ytnvv9hxgqg4waehxw309askwemj9ehx7um5wghxcctwvss2rp25 mentioned get a password manager if you don't have one already. BitWarden is ridiculously cheap at $10 / year and has everything you need.
Yes, saw that and have one. Conclusion is I was being hopeful/lazy with an otherwise decent setup. Time to do new words on important accounts anyway.
Will be adding a yubikey type thing as well while I'm thinking about this stuff (been meaning to).