On Fri, Feb 22, 2019 at 7:24 AM Ra Jesh <[email protected]> wrote:
> Hahaha. Neat!!! > Actually, (a) If you are doing this "Forgot password" thing too often on a reasonably well-built site, you are setting off all kinds of red flags about being a potentially malicious actor. If they have a bot-or-not reputation score for you, you are burning through that score with each attempt at 'Forgot password', (b) Your scheme to have random passwords on these sites is only as secure as the password on the email account you use for recovery. Thaths > > On Fri, Feb 22, 2019, 20:51 Ashim D'Silva <[email protected]> > wrote: > > > For sites I don’t use too often, I was always tempted to reuse passwords > > which is a pretty bad practice, so I started just using the forgot > password > > feature more often. So I have a ridiculous entirely random password that > I > > don’t know, and then just say forgot password when I want to log in. > > > > It’s could also be a good way to go about changing all your passwords—and > > side effect is it confirms your backup email. > > > > Cheerio, > > > > Ashim > > Design & Build > > > > The Random Lines > > www.therandomlines.com > > > > > > On Fri, 22 Feb 2019 at 16:55, Thaths <[email protected]> wrote: > > > > > On Fri, Feb 22, 2019 at 2:42 AM Udhay Shankar N <[email protected]> > wrote: > > > > > > > On Fri, Feb 22, 2019 at 2:04 PM Udhay Shankar N <[email protected]> > > wrote: > > > > > > > > > > > > > 1. Log out all gmail/facebook/other social sessions (Most providers > > > give > > > > > you the option to "log out all current sessions") > > > > > 2. Change all the passwords of pwned email addresses > > > > > 3. Enable 2FA EVERYWHERE that supports it. Ideally, with a hardware > > > token > > > > > such as a yubikey. > > > > > > > > > > > > > Additionally, I'd also suggest you log in to your various > (potentially) > > > > compromised accounts, check under security setting to see if the > backup > > > > email address (where password reset notifications are sent) and > backup > > > > phone number have been tampered with. > > > > > > > > > > > > > In addition to all of those steps, I also recommend using unique > > passwords > > > in all the sites. It is not going to be possible for you to remember > that > > > many unique passwords (especially if you choose strong passwords). I > > > recommend you choose strong passwords that you memorize for one or two > of > > > your key accounts (Google, Facebook). And use a password management (I > > > personally use keepass) to generate and store strong unique passwords > for > > > your other sites. > > > > > > Thaths > > > > > > > > > > > > > > -- > > > > > > > > ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) > > > > > > > > > > > > > -- > > > Homer: Hey, what does this job pay? > > > Carl: Nuthin'. > > > Homer: D'oh! > > > Carl: Unless you're crooked. > > > Homer: Woo-hoo! > > > > > > -- Homer: Hey, what does this job pay? Carl: Nuthin'. Homer: D'oh! Carl: Unless you're crooked. Homer: Woo-hoo!
