got this in my alerts ?

[rochie]

this was in my notifications when i hit the little bell, top right ?

1. 
   Your password is known to be compromised on at least 33,811 other accounts. It is recommended to change your password.
   • 6 minutes ago
   • Read: 6 minutes ago
   • Mark unread

 

[pbehn]

Did you report it?

 

[rochie]

thought that's what i'm doing here ?

wouldn't open to anything

 

[pbehn]

thought that's what i'm doing here ?

wouldn't open to anything

I think a report gets Mods attention quicker than starting a thread by their own "alert" system.

 

[Wurger]

Horse was updating the forum soft a while ago. Well you might got a such alert because of some changings introduced. Do you still getting the message?

 

[rochie]

I think a report gets Mods attention quicker than starting a thread by their own "alert" system.

yep but no report button on alerts

 

[rochie]

Horse was updating the forum soft a while ago. Well you might got a such alert because of some changings introduced. Do you still getting the message?

its still there but no new message

 

[pbehn]

yep but no report button on alerts

I reported it, not you of course but the issue in your OP.

 

[rochie]

Doh !

didn't think of that

 

[Wurger]

OK. Ignore this or go to your settings and edit your password. Do you use the Chrome?

 

[rochie]

OK. Ignore this or go to your settings and edit your password. Do you use the Chrome?

yes on chrome.
changed my forum password anyway

 

[Wurger]

OK. It looks like you used the password for other devices and forums etc? Right?

 

[horseUSA]

It is part of update. There is a tool which will check if the password you are using has been compromised. It will alert you when you login if that is the case.

A new feature that was just updated today:
"On login; alert the user if they have a known compromised password"

 

[rochie]

ah ok i've changed passwords now and also on google just in case.

had the same password on here since i joined

 

[rochie]

OK. It looks like you used the password for other devices and forums etc? Right?

i do have different passwords for different sites

 

[Wurger]

 

[horseUSA]

This checks pwned passwords to see if the password you use has been exposed in the wild. Thus it is not unique. I have the feature there to let users know there is a potential security issue with their password.

Password reuse and credential stuffing

Password reuse is normal. It's extremely risky, but it's so common because it's easy and people aren't aware of the potential impact. Attacks such as credential stuffing take advantage of reused credentials by automating login attempts against systems using known emails and password pairs.


NIST's guidance: check passwords against those obtained from previous data breaches

The Pwned Passwords service was created in August 2017 after NIST released guidance specifically recommending that user-provided passwords be checked against existing data breaches . The rationale for this advice and suggestions for how applications may leverage this data is described in detail in the blog post titled Introducing 306 Million Freely Downloadable Pwned Passwords. In February 2018, version 2 of the service was released with more than half a billion passwords, each now also with a count of how many times they'd been seen exposed.

 

[Wurger]

Not sure but it may be worth to have a look there ...

Password found in data breach

Chrome just threw this error out to me: Was XF compromised? Anybody else have this issue with saved passwords here? My PayPal one was as well...

xenforo.com

 

[fubar57]

No alerts for me, but then I've never received the Canada wide disaster alert tests either. Looks like I'll take one for the team when the

 

[rochie]

No alerts for me, but then I've never received the Canada wide disaster alert tests either. Looks like I'll take one for the team when the View attachment 644001

show off !