Got a credit card? use our Credit Card & Finance Calculators
Thanks to Rhyd6,eyeball08,Wondergirly,bofh,johnstevens77, for Donating to support the site
Chrome "Change your password" pop-up
-
- Lemon Slice
- Posts: 789
- Joined: November 4th, 2016, 12:12 pm
- Has thanked: 1554 times
- Been thanked: 876 times
Chrome "Change your password" pop-up
Using Chrome, I logged in to my HL account on my mobile a couple of days ago, only to be greeted by a pop-up stating the following:
"CHANGE YOUR PASSWORD
A data breach on a site or app exposed your password. Chrome recommends changing your password on online.hl.co.uk now"
While on the site, I changed both password and "security number" before logging out. Today, on my PC, I have logged in and received the same message again. I have found this ongoing thread discussing the issue (begun in December last year) on Google Chrome Help which has really left me none the wiser:
https://support.google.com/chrome/thread/23534509?hl=en
Both the original password and the new one used on this site were unique to it and have not been saved on Chrome.
Does anyone have any experience of this or any thoughts about it please?
(I have been thinking of changing browser for quite a while!)
"CHANGE YOUR PASSWORD
A data breach on a site or app exposed your password. Chrome recommends changing your password on online.hl.co.uk now"
While on the site, I changed both password and "security number" before logging out. Today, on my PC, I have logged in and received the same message again. I have found this ongoing thread discussing the issue (begun in December last year) on Google Chrome Help which has really left me none the wiser:
https://support.google.com/chrome/thread/23534509?hl=en
Both the original password and the new one used on this site were unique to it and have not been saved on Chrome.
Does anyone have any experience of this or any thoughts about it please?
(I have been thinking of changing browser for quite a while!)
-
- 2 Lemon pips
- Posts: 173
- Joined: July 16th, 2020, 1:34 pm
- Has thanked: 181 times
- Been thanked: 51 times
Re: Chrome "Change your password" pop-up
There was a discussion about this on the MSE forums, but I'm not allowed to post links. It's in the "Savings & Investments" section with title "Password breach warning on HL?"
Appeared to be a Chrome / Google warning, and not actually a data breach.
Appeared to be a Chrome / Google warning, and not actually a data breach.
-
- Lemon Quarter
- Posts: 4179
- Joined: November 4th, 2016, 9:42 pm
- Has thanked: 1001 times
- Been thanked: 1855 times
Re: Chrome "Change your password" pop-up
stacker512 wrote:There was a discussion about this on the MSE forums, but I'm not allowed to post links. It's in the "Savings & Investments" section with title "Password breach warning on HL?"
Appeared to be a Chrome / Google warning, and not actually a data breach.
You need to have made a few more posts before you can post links. I've found the link and can post it for you....
https://forums.moneysavingexpert.com/di ... ning-on-hl
-
- 2 Lemon pips
- Posts: 173
- Joined: July 16th, 2020, 1:34 pm
- Has thanked: 181 times
- Been thanked: 51 times
Re: Chrome "Change your password" pop-up
Correct, that's the one. Thanks for posting the full link.
I've not had any such warnings so far on Firefox - I suspect there was a bug or a mistake with how Chrome was handling the warning for HL, but I admit that I don't know much about how it all works.
It's prudent to make sure the password used for HL was unique and perhaps even change the password if one is concerned about the password being already leaked - I know one of my old passwords was leaked after I discovered it in the haveibeenpwned website (totally legit website run by a well-respected security researcher).
I've not had any such warnings so far on Firefox - I suspect there was a bug or a mistake with how Chrome was handling the warning for HL, but I admit that I don't know much about how it all works.
It's prudent to make sure the password used for HL was unique and perhaps even change the password if one is concerned about the password being already leaked - I know one of my old passwords was leaked after I discovered it in the haveibeenpwned website (totally legit website run by a well-respected security researcher).
-
- Lemon Slice
- Posts: 497
- Joined: November 22nd, 2016, 3:30 pm
- Has thanked: 219 times
- Been thanked: 228 times
Re: Chrome "Change your password" pop-up
I had the same message and was inclined to ignore it, but took the safety first approach and changed the passwords.....and I still get the same pop up message
MM
MM
-
- Lemon Quarter
- Posts: 4489
- Joined: November 4th, 2016, 2:25 pm
- Has thanked: 648 times
- Been thanked: 1266 times
Re: Chrome "Change your password" pop-up
I wonder if the issue here is that Chrome is suggesting changing the passwords of any site that has had a data breach (like HL), rather than specific plain text/unencrypted password breaches + accounts?
Whilst plain text passwords have been exposed there's also a lot of encrypted stuff floating around out there on the dark web which isn't associated with any accounts and ultimately isn't of any real use to criminals unless they can un-encrypt it and tie it to the specific user accounts (which is where social engineering/phishing et al becomes dangerous).
When you see the gross numbers on sites like HIBP it can be scary until you realise there's a lot of duplication of data sets, part of the ruse with selling it on the dark web is the opacity of what's actually in it.
It's not like you are going to get a refund when it turns out to be useless...
Whilst plain text passwords have been exposed there's also a lot of encrypted stuff floating around out there on the dark web which isn't associated with any accounts and ultimately isn't of any real use to criminals unless they can un-encrypt it and tie it to the specific user accounts (which is where social engineering/phishing et al becomes dangerous).
When you see the gross numbers on sites like HIBP it can be scary until you realise there's a lot of duplication of data sets, part of the ruse with selling it on the dark web is the opacity of what's actually in it.
It's not like you are going to get a refund when it turns out to be useless...
-
- Lemon Quarter
- Posts: 1340
- Joined: March 27th, 2017, 11:41 am
- Has thanked: 600 times
- Been thanked: 587 times
Re: Chrome "Change your password" pop-up
The reason you are getting the warning is because your password appears somewhere in one of the many leaks of compromised passwords.
In itself thats not too great a risk, an attacker could have those lists of millions of compromised passwords, but they would still have to try a lot of combinations to find the one associated with your login.
What is more of a concern is that someone somewhere managed to pick exactly the same password as you did - that is a very strong indication that you are using a password which is not strong enough.
In 2020 you should be using a password which is at least 15 characters long and not containing any dictionary words
e.g. something like EVvrcWZKSIuBsyZk9z7l
Good passwords are impossible to remember, so use a password manager to do that for you.
In itself thats not too great a risk, an attacker could have those lists of millions of compromised passwords, but they would still have to try a lot of combinations to find the one associated with your login.
What is more of a concern is that someone somewhere managed to pick exactly the same password as you did - that is a very strong indication that you are using a password which is not strong enough.
In 2020 you should be using a password which is at least 15 characters long and not containing any dictionary words
e.g. something like EVvrcWZKSIuBsyZk9z7l
Good passwords are impossible to remember, so use a password manager to do that for you.
-
- Lemon Slice
- Posts: 829
- Joined: November 4th, 2016, 6:29 pm
- Has thanked: 152 times
- Been thanked: 208 times
Re: Chrome "Change your password" pop-up
Infrasonic wrote:I wonder if the issue here is that Chrome is suggesting changing the passwords of any site that has had a data breach (like HL), rather than specific plain text/unencrypted password breaches + accounts?
I don't think so. I access HL using Chrome and have never had the warning.
-
- The full Lemon
- Posts: 10813
- Joined: November 4th, 2016, 8:17 pm
- Has thanked: 1471 times
- Been thanked: 3005 times
Re: Chrome "Change your password" pop-up
Stompa wrote:Infrasonic wrote:I wonder if the issue here is that Chrome is suggesting changing the passwords of any site that has had a data breach (like HL), rather than specific plain text/unencrypted password breaches + accounts?
I don't think so. I access HL using Chrome and have never had the warning.
Likewise.
It may depend on how much chrome knows about you, the user. If it knows who you are (low privacy settings), then it can match you to databases of leaked passwords and issue a warning. But so long as the leak wasn't H-L themselves[1], nothing to worry about unless you're so dumb as to re-use the same password elsewhere. Chrome doesn't know that.
[1] If H-L had leaked, I expect we'd have heard about it.
Return to “Technology - Computers, TV, Phones etc.”
Who is online
Users browsing this forum: No registered users and 36 guests