Got a credit card? use our Credit Card & Finance Calculators
Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site
Asked to change TLF password
-
- Lemon Slice
- Posts: 609
- Joined: November 4th, 2016, 8:51 pm
- Has thanked: 61 times
- Been thanked: 137 times
Asked to change TLF password
I went to log onto TLF from my iPhone yesterday and got a message suggesting I change my password due to a possible 'data leakage'. I think those were the words. Anyone else get this?
-
- Lemon Half
- Posts: 6139
- Joined: November 4th, 2016, 1:12 pm
- Has thanked: 1589 times
- Been thanked: 1801 times
Re: Asked to change TLF password
Fluke wrote:I went to log onto TLF from my iPhone yesterday and got a message suggesting I change my password due to a possible 'data leakage'. I think those were the words. Anyone else get this?
I don't usually log-out but have down that just now and then logged in manually. No warning message on my iPhone.
Maybe you need to state which iPhone model and age and whether your phone's system is up to date. Possibly this is a question better suited for the Computers, TVs & Phones board as it may not be TLF specific.
-
- Lemon Slice
- Posts: 609
- Joined: November 4th, 2016, 8:51 pm
- Has thanked: 61 times
- Been thanked: 137 times
Re: Asked to change TLF password
It’s an iphone 7 running ios 14.2. I didn’t get the message when i logged on with my laptop (macbook pro) The message I’m pretty sure was specific to this site, ie ‘you need to change your password for this site due to a recent data leakage’ or words to that effect, and it came up when i tried to log onto tlf. I went in and changed the password anyway just in case. It’s not a problem but thought it was worth reporting.
-
- 2 Lemon pips
- Posts: 247
- Joined: November 14th, 2016, 5:14 pm
- Has thanked: 2 times
- Been thanked: 131 times
Re: Asked to change TLF password
Fluke wrote:It’s an iphone 7 running ios 14.2. I didn’t get the message when i logged on with my laptop (macbook pro) The message I’m pretty sure was specific to this site, ie ‘you need to change your password for this site due to a recent data leakage’ or words to that effect, and it came up when i tried to log onto tlf. I went in and changed the password anyway just in case. It’s not a problem but thought it was worth reporting.
iOS 14 checks passwords/sites for historic breaches if using icloud keychain to store the password, see https://9to5mac.com/2020/07/04/ios-14-i ... ords-more/
If you have used the same password on multiple sites and one had a breach/data leak then I presume you would be informed when the potentially leaked password was re-used for another site. I'm not sure if the same feature is in MacOS which may be why it was not reported when using it to access TLF.
-
- Lemon Half
- Posts: 9129
- Joined: November 4th, 2016, 1:16 pm
- Has thanked: 4140 times
- Been thanked: 10023 times
Re: Asked to change TLF password
kyu66 wrote:
If you have used the same password on multiple sites and one had a breach/data leak then I presume you would be informed when the potentially leaked password was re-used for another site.
I very much suspect that this is the aspect afflicting the OP in this case....
Cheers,
Itsallaguess
-
- Lemon Quarter
- Posts: 2059
- Joined: November 4th, 2016, 9:40 am
- Has thanked: 1032 times
- Been thanked: 824 times
Re: Asked to change TLF password
Well wouldn’t it be sensible if Apple told him which site had had a data breach & to change the password on that one as well?
-
- Lemon Slice
- Posts: 609
- Joined: November 4th, 2016, 8:51 pm
- Has thanked: 61 times
- Been thanked: 137 times
Re: Asked to change TLF password
Itsallaguess wrote:kyu66 wrote:
If you have used the same password on multiple sites and one had a breach/data leak then I presume you would be informed when the potentially leaked password was re-used for another site.
I very much suspect that this is the aspect afflicting the OP in this case....
Cheers,
Itsallaguess
That's a useful link kyu66, thanks:
Here are some examples of security alerts provided by iCloud Keychain on iOS 14:
Many people use this password, which makes it easy to guess.
This password is easy to guess.
This password uses a sequence, “123”. Using commom patterns makes passwords easy to guess.
The message I got was none of these although it was a weak password by todays standards (I haven't changed it since registering). The message wasn't about it being a weak password though, it alluded to a security breach which I took to mean in relation to TLF, I only glanced at it and so can't remember the exact wording. No I have not used the password elsewhere.
-
- 2 Lemon pips
- Posts: 247
- Joined: November 14th, 2016, 5:14 pm
- Has thanked: 2 times
- Been thanked: 131 times
Re: Asked to change TLF password
Fluke wrote:Itsallaguess wrote:kyu66 wrote:
If you have used the same password on multiple sites and one had a breach/data leak then I presume you would be informed when the potentially leaked password was re-used for another site.
I very much suspect that this is the aspect afflicting the OP in this case....
Cheers,
Itsallaguess
That's a useful link kyu66, thanks:Here are some examples of security alerts provided by iCloud Keychain on iOS 14:
Many people use this password, which makes it easy to guess.
This password is easy to guess.
This password uses a sequence, “123”. Using commom patterns makes passwords easy to guess.
The message I got was none of these although it was a weak password by todays standards (I haven't changed it since registering). The message wasn't about it being a weak password though, it alluded to a security breach which I took to mean in relation to TLF, I only glanced at it and so can't remember the exact wording. No I have not used the password elsewhere.
Maybe worth delving a bit deeper into the reason for the alert, it could just be that the password was common enough to be used by someone else and had occurred in a breach.
see https://www.iphonetricks.org/how-to-fix ... on-iphone/
-
- Lemon Slice
- Posts: 256
- Joined: November 5th, 2016, 9:53 am
- Has thanked: 1207 times
- Been thanked: 108 times
Re: Asked to change TLF password
There’s a computer boffin who runs the https://haveibeenpwned.com/ website, who monitors the so-called ‘dark web’ for data breaches and password lists changing hands. You can search your email address on his site and it returns which specific data breach your name and password was compromised (e.g. Talk Talk, MyFitnessPal and so on). As others suggested, iOS will warn you if you are using login credentials that are present on such lists. It does not mean the site you are logging into right now has been breached (necessarily) but if you are reusing passwords you are at risk. I’m told that the first thing hackers do when they have a valid email address and password combination is to rush round all popular websites and try to log in using the same because they just know that some folks reuse the same details across multiple sites.
-
- Lemon Quarter
- Posts: 2059
- Joined: November 4th, 2016, 9:40 am
- Has thanked: 1032 times
- Been thanked: 824 times
Re: Asked to change TLF password
I’ve just got an email from musicbrainz; a site I’d long since forgotten I’d ever created an account for (must be >12 years ago). They’re saying they’ve had a data breach and my ‘details’ are in the wild. Well, OK, my email address may be, but I never reuse passwords. So then I looked on the haveIbeenpwnd site and see three hits (no mention of musicbrainz).. oddly named sites: cit0day, Nov 2020; collection #1, Jan 2019 & online spambot, Aug 2017. I have yet to see a problem from them, not even (to my knowledge) an increase in spam. It is worrying though, if the attackers are ever able to root fundamental systems, there would be chaos.
-
- Lemon Slice
- Posts: 609
- Joined: November 4th, 2016, 8:51 pm
- Has thanked: 61 times
- Been thanked: 137 times
Re: Asked to change TLF password
kyu66 wrote:Maybe worth delving a bit deeper into the reason for the alert, it could just be that the password was common enough to be used by someone else and had occurred in a breach.
see https://www.iphonetricks.org/how-to-fix ... on-iphone/
Thanks again kyu66, from your link I followed these instructions:
how to find compromised Keychain passwords on iPhone
1. Open the Settings app on your iPhone or iPad.
2. Scroll for Passwords and authenticate with Face ID, Touch ID or iPhone passcode depending on what iOS / iPadOS device you’re using.
3. Tap on Security Recommendations, available in the upper part of the Passwords home screen.
Tip: Next to the label you have the number of exposed passwords as well as the risk level. If your iPhone displays ‘Urgent security risks’ you should change your passwords as soon as possible.
and was presented with a list of 53 accounts! some long forgotten, all of which had either weak or compromised passwords. This is the wording of the message I couldn't quite remember:
This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately.
On further inspection many of these accounts no longer exists, e.g. the one for fool.co.uk. But many do so I’m now going through them and either changing the password, requesting the account be closed and/or deleting the entry from my iPhone/keychain.
This has prompted another question relating to the 1Password app, I store all my passwords in it, plus all the answers to related security questions etc, is this a good idea? Hold that thought I'll start another thread!
-
- Lemon Half
- Posts: 6139
- Joined: November 4th, 2016, 1:12 pm
- Has thanked: 1589 times
- Been thanked: 1801 times
Re: Asked to change TLF password
Fluke wrote:...
This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately.
On further inspection many of these accounts no longer exists, e.g. the one for fool.co.uk. But many do so I’m now going through them and either changing the password, requesting the account be closed and/or deleting the entry from my iPhone/keychain.
I'm glad the experts have once again come to the rescue.
As an aside, your old (weak?) TMF UK password would still be active at at https://boards.fool.com/.
You may wish to amend that one and perhaps, should you so wish, edit your "Info" over the pond (assuming that is you, which appears to be a distinct possibility):
https://boards.fool.com/profile/Fluke/info.aspx
Return to “Technology - Computers, TV, Phones etc.”
Who is online
Users browsing this forum: No registered users and 8 guests