Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

Asked to change TLF password

Seek assistance with all types of tech. - computer, phone, TV, heating controls etc.
Fluke
Lemon Slice
Posts: 609
Joined: November 4th, 2016, 8:51 pm
Has thanked: 61 times
Been thanked: 137 times

Asked to change TLF password

#366936

Postby Fluke » December 17th, 2020, 9:23 am

I went to log onto TLF from my iPhone yesterday and got a message suggesting I change my password due to a possible 'data leakage'. I think those were the words. Anyone else get this?

PinkDalek
Lemon Half
Posts: 6139
Joined: November 4th, 2016, 1:12 pm
Has thanked: 1589 times
Been thanked: 1801 times

Re: Asked to change TLF password

#366967

Postby PinkDalek » December 17th, 2020, 11:01 am

Fluke wrote:I went to log onto TLF from my iPhone yesterday and got a message suggesting I change my password due to a possible 'data leakage'. I think those were the words. Anyone else get this?


I don't usually log-out but have down that just now and then logged in manually. No warning message on my iPhone.

Maybe you need to state which iPhone model and age and whether your phone's system is up to date. Possibly this is a question better suited for the Computers, TVs & Phones board as it may not be TLF specific.

Fluke
Lemon Slice
Posts: 609
Joined: November 4th, 2016, 8:51 pm
Has thanked: 61 times
Been thanked: 137 times

Re: Asked to change TLF password

#366977

Postby Fluke » December 17th, 2020, 11:34 am

It’s an iphone 7 running ios 14.2. I didn’t get the message when i logged on with my laptop (macbook pro) The message I’m pretty sure was specific to this site, ie ‘you need to change your password for this site due to a recent data leakage’ or words to that effect, and it came up when i tried to log onto tlf. I went in and changed the password anyway just in case. It’s not a problem but thought it was worth reporting.

kyu66
2 Lemon pips
Posts: 247
Joined: November 14th, 2016, 5:14 pm
Has thanked: 2 times
Been thanked: 131 times

Re: Asked to change TLF password

#367043

Postby kyu66 » December 17th, 2020, 2:08 pm

Fluke wrote:It’s an iphone 7 running ios 14.2. I didn’t get the message when i logged on with my laptop (macbook pro) The message I’m pretty sure was specific to this site, ie ‘you need to change your password for this site due to a recent data leakage’ or words to that effect, and it came up when i tried to log onto tlf. I went in and changed the password anyway just in case. It’s not a problem but thought it was worth reporting.

iOS 14 checks passwords/sites for historic breaches if using icloud keychain to store the password, see https://9to5mac.com/2020/07/04/ios-14-i ... ords-more/

If you have used the same password on multiple sites and one had a breach/data leak then I presume you would be informed when the potentially leaked password was re-used for another site. I'm not sure if the same feature is in MacOS which may be why it was not reported when using it to access TLF.

Itsallaguess
Lemon Half
Posts: 9129
Joined: November 4th, 2016, 1:16 pm
Has thanked: 4140 times
Been thanked: 10023 times

Re: Asked to change TLF password

#367053

Postby Itsallaguess » December 17th, 2020, 2:54 pm

kyu66 wrote:
If you have used the same password on multiple sites and one had a breach/data leak then I presume you would be informed when the potentially leaked password was re-used for another site.


I very much suspect that this is the aspect afflicting the OP in this case....

Cheers,

Itsallaguess

GrahamPlatt
Lemon Quarter
Posts: 2059
Joined: November 4th, 2016, 9:40 am
Has thanked: 1032 times
Been thanked: 824 times

Re: Asked to change TLF password

#367073

Postby GrahamPlatt » December 17th, 2020, 4:51 pm

Well wouldn’t it be sensible if Apple told him which site had had a data breach & to change the password on that one as well?

Fluke
Lemon Slice
Posts: 609
Joined: November 4th, 2016, 8:51 pm
Has thanked: 61 times
Been thanked: 137 times

Re: Asked to change TLF password

#367292

Postby Fluke » December 18th, 2020, 10:13 am

Itsallaguess wrote:
kyu66 wrote:
If you have used the same password on multiple sites and one had a breach/data leak then I presume you would be informed when the potentially leaked password was re-used for another site.


I very much suspect that this is the aspect afflicting the OP in this case....

Cheers,

Itsallaguess


That's a useful link kyu66, thanks:

Here are some examples of security alerts provided by iCloud Keychain on iOS 14:

Many people use this password, which makes it easy to guess.

This password is easy to guess.

This password uses a sequence, “123”. Using commom patterns makes passwords easy to guess.


The message I got was none of these although it was a weak password by todays standards (I haven't changed it since registering). The message wasn't about it being a weak password though, it alluded to a security breach which I took to mean in relation to TLF, I only glanced at it and so can't remember the exact wording. No I have not used the password elsewhere.

kyu66
2 Lemon pips
Posts: 247
Joined: November 14th, 2016, 5:14 pm
Has thanked: 2 times
Been thanked: 131 times

Re: Asked to change TLF password

#367342

Postby kyu66 » December 18th, 2020, 11:52 am

Fluke wrote:
Itsallaguess wrote:
kyu66 wrote:
If you have used the same password on multiple sites and one had a breach/data leak then I presume you would be informed when the potentially leaked password was re-used for another site.


I very much suspect that this is the aspect afflicting the OP in this case....

Cheers,

Itsallaguess


That's a useful link kyu66, thanks:

Here are some examples of security alerts provided by iCloud Keychain on iOS 14:

Many people use this password, which makes it easy to guess.

This password is easy to guess.

This password uses a sequence, “123”. Using commom patterns makes passwords easy to guess.


The message I got was none of these although it was a weak password by todays standards (I haven't changed it since registering). The message wasn't about it being a weak password though, it alluded to a security breach which I took to mean in relation to TLF, I only glanced at it and so can't remember the exact wording. No I have not used the password elsewhere.

Maybe worth delving a bit deeper into the reason for the alert, it could just be that the password was common enough to be used by someone else and had occurred in a breach.
see https://www.iphonetricks.org/how-to-fix ... on-iphone/

Hypster
Lemon Slice
Posts: 256
Joined: November 5th, 2016, 9:53 am
Has thanked: 1207 times
Been thanked: 108 times

Re: Asked to change TLF password

#367348

Postby Hypster » December 18th, 2020, 12:04 pm

There’s a computer boffin who runs the https://haveibeenpwned.com/ website, who monitors the so-called ‘dark web’ for data breaches and password lists changing hands. You can search your email address on his site and it returns which specific data breach your name and password was compromised (e.g. Talk Talk, MyFitnessPal and so on). As others suggested, iOS will warn you if you are using login credentials that are present on such lists. It does not mean the site you are logging into right now has been breached (necessarily) but if you are reusing passwords you are at risk. I’m told that the first thing hackers do when they have a valid email address and password combination is to rush round all popular websites and try to log in using the same because they just know that some folks reuse the same details across multiple sites.

GrahamPlatt
Lemon Quarter
Posts: 2059
Joined: November 4th, 2016, 9:40 am
Has thanked: 1032 times
Been thanked: 824 times

Re: Asked to change TLF password

#367400

Postby GrahamPlatt » December 18th, 2020, 2:04 pm

I’ve just got an email from musicbrainz; a site I’d long since forgotten I’d ever created an account for (must be >12 years ago). They’re saying they’ve had a data breach and my ‘details’ are in the wild. Well, OK, my email address may be, but I never reuse passwords. So then I looked on the haveIbeenpwnd site and see three hits (no mention of musicbrainz).. oddly named sites: cit0day, Nov 2020; collection #1, Jan 2019 & online spambot, Aug 2017. I have yet to see a problem from them, not even (to my knowledge) an increase in spam. It is worrying though, if the attackers are ever able to root fundamental systems, there would be chaos.

Fluke
Lemon Slice
Posts: 609
Joined: November 4th, 2016, 8:51 pm
Has thanked: 61 times
Been thanked: 137 times

Re: Asked to change TLF password

#367614

Postby Fluke » December 19th, 2020, 8:24 am

kyu66 wrote:Maybe worth delving a bit deeper into the reason for the alert, it could just be that the password was common enough to be used by someone else and had occurred in a breach.
see https://www.iphonetricks.org/how-to-fix ... on-iphone/


Thanks again kyu66, from your link I followed these instructions:

how to find compromised Keychain passwords on iPhone

1. Open the Settings app on your iPhone or iPad.
2. Scroll for Passwords and authenticate with Face ID, Touch ID or iPhone passcode depending on what iOS / iPadOS device you’re using.
3. Tap on Security Recommendations, available in the upper part of the Passwords home screen.

Tip: Next to the label you have the number of exposed passwords as well as the risk level. If your iPhone displays ‘Urgent security risks’ you should change your passwords as soon as possible.


and was presented with a list of 53 accounts! some long forgotten, all of which had either weak or compromised passwords. This is the wording of the message I couldn't quite remember:

This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately.

On further inspection many of these accounts no longer exists, e.g. the one for fool.co.uk. But many do so I’m now going through them and either changing the password, requesting the account be closed and/or deleting the entry from my iPhone/keychain.

This has prompted another question relating to the 1Password app, I store all my passwords in it, plus all the answers to related security questions etc, is this a good idea? Hold that thought I'll start another thread!

PinkDalek
Lemon Half
Posts: 6139
Joined: November 4th, 2016, 1:12 pm
Has thanked: 1589 times
Been thanked: 1801 times

Re: Asked to change TLF password

#367666

Postby PinkDalek » December 19th, 2020, 10:52 am

Fluke wrote:...

This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately.

On further inspection many of these accounts no longer exists, e.g. the one for fool.co.uk. But many do so I’m now going through them and either changing the password, requesting the account be closed and/or deleting the entry from my iPhone/keychain.


I'm glad the experts have once again come to the rescue.

As an aside, your old (weak?) TMF UK password would still be active at at https://boards.fool.com/.

You may wish to amend that one and perhaps, should you so wish, edit your "Info" over the pond (assuming that is you, which appears to be a distinct possibility):

https://boards.fool.com/profile/Fluke/info.aspx


Return to “Technology - Computers, TV, Phones etc.”

Who is online

Users browsing this forum: No registered users and 8 guests