The haveibeenpwned.com site is great and I use it every six months or to check if any logins have been compromised.
(Sorry I keep forgetting the Silk protocol about replying before or after a thread.) On Fri, Feb 22, 2019 at 3:59 PM Ashim D'Silva <[email protected]> wrote: > Medium made a huge deal about it when they released it as a feature: > https://blog.medium.com/signing-in-to-medium-by-email-aacc21134fcd > > Makes total sense though; passwords are an old solution to a difficult > problem. Of course it also means that your email better always be in your > control otherwise that’s the single point of failure. > > Cheerio, > > Ashim > Design & Build > > The Random Lines > www.therandomlines.com > > > On Fri, 22 Feb 2019 at 17:25, Deepa Mohan <[email protected]> wrote: > > > I must say that "use 'forgot password'!" is advice I get very often from > my > > bank. I think it is an absurd solution that works! > > > > On Fri, Feb 22, 2019 at 8:53 PM Ra Jesh <[email protected]> wrote: > > > > > Hahaha. Neat!!! > > > > > > On Fri, Feb 22, 2019, 20:51 Ashim D'Silva <[email protected]> > > > wrote: > > > > > > > For sites I don’t use too often, I was always tempted to reuse > > passwords > > > > which is a pretty bad practice, so I started just using the forgot > > > password > > > > feature more often. So I have a ridiculous entirely random password > > that > > > I > > > > don’t know, and then just say forgot password when I want to log in. > > > > > > > > It’s could also be a good way to go about changing all your > > passwords—and > > > > side effect is it confirms your backup email. > > > > > > > > Cheerio, > > > > > > > > Ashim > > > > Design & Build > > > > > > > > The Random Lines > > > > www.therandomlines.com > > > > > > > > > > > > On Fri, 22 Feb 2019 at 16:55, Thaths <[email protected]> wrote: > > > > > > > > > On Fri, Feb 22, 2019 at 2:42 AM Udhay Shankar N <[email protected]> > > > wrote: > > > > > > > > > > > On Fri, Feb 22, 2019 at 2:04 PM Udhay Shankar N <[email protected] > > > > > > wrote: > > > > > > > > > > > > > > > > > > > 1. Log out all gmail/facebook/other social sessions (Most > > providers > > > > > give > > > > > > > you the option to "log out all current sessions") > > > > > > > 2. Change all the passwords of pwned email addresses > > > > > > > 3. Enable 2FA EVERYWHERE that supports it. Ideally, with a > > hardware > > > > > token > > > > > > > such as a yubikey. > > > > > > > > > > > > > > > > > > > Additionally, I'd also suggest you log in to your various > > > (potentially) > > > > > > compromised accounts, check under security setting to see if the > > > backup > > > > > > email address (where password reset notifications are sent) and > > > backup > > > > > > phone number have been tampered with. > > > > > > > > > > > > > > > > > > > > > In addition to all of those steps, I also recommend using unique > > > > passwords > > > > > in all the sites. It is not going to be possible for you to > remember > > > that > > > > > many unique passwords (especially if you choose strong passwords). > I > > > > > recommend you choose strong passwords that you memorize for one or > > two > > > of > > > > > your key accounts (Google, Facebook). And use a password management > > (I > > > > > personally use keepass) to generate and store strong unique > passwords > > > for > > > > > your other sites. > > > > > > > > > > Thaths > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) > > > > > > > > > > > > > > > > > > > > > -- > > > > > Homer: Hey, what does this job pay? > > > > > Carl: Nuthin'. > > > > > Homer: D'oh! > > > > > Carl: Unless you're crooked. > > > > > Homer: Woo-hoo! > > > > > > > > > > > > > > > -- *Sidin Sunny Vadukut* Mobile: +44 757 244 1292 Blog: http://www.whatay.com @sidin
