|
Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere. |
|
Thread Tools |
18 May 2017, 02:46 AM | #1 |
Essential Contributor
Join Date: Jun 2002
Posts: 387
|
Has your email been hacked?
|
18 May 2017, 03:37 AM | #2 |
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,945
|
Collector of email addresses??
|
18 May 2017, 05:44 AM | #3 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,743
|
Quote:
|
|
18 May 2017, 01:12 PM | #4 |
Essential Contributor
Join Date: Dec 2008
Location: Canada
Posts: 312
|
Bell breach may have exposed over 1 million new email addresses to phishing and spam
CBC, May 17 ...And if you haven't already, check out Have I been pwned? for yourself. It's operated by computer security expert Troy Hunt — in other words, it's not some fly-by-night operation — and lets you see how many times your personal information has been leaked in previous data breaches affecting sites such as MySpace and LinkedIn. |
18 May 2017, 09:04 PM | #5 |
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,945
|
|
19 May 2017, 02:38 AM | #6 |
Essential Contributor
Join Date: Jun 2002
Posts: 387
|
|
19 May 2017, 03:53 AM | #7 |
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,945
|
|
19 May 2017, 07:08 PM | #8 | |
Essential Contributor
Join Date: Jun 2010
Location: The Netherlands
Posts: 388
|
Quote:
If you change your Password,set 2 step validation and even make a new security question you should be OK. D |
|
20 May 2017, 09:38 AM | #9 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,929
|
Unfortunately, most websites and services don't support two-factor authentication. The problems with the current poor security policies of many services and the way that users set up their security include:
Bill |
20 May 2017, 05:21 PM | #10 | |
Member
Join Date: May 2017
Location: Emergency temporary account of ROBERT.BAK
Posts: 36
|
Quote:
3) For this reason, back in the early 2000s security expert Tom Simondi recommended to always give fictional answers to password-reminder questions (he used an "internet mother's maiden name" which was quite different from his real mother's maiden name). (If you are on a service which insists on real answers to those questions, move to another sharpish — they're clueless, or planning to sell that information, or both.) Nowadays, I treat password reminders as passwords, and use the same kind of highly-random sequences for both (and note them in my password repository). |
|
20 May 2017, 05:56 PM | #11 |
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,945
|
Which services insist on real answers to questions like "your mother's maiden name" or "name of your first school"? Do you have to produce birth/school certificate to get your answer accepted?
|
21 May 2017, 01:05 AM | #12 |
Essential Contributor
Join Date: Apr 2014
Posts: 399
Representative of:
MXRoute.com |
Yeah I'm in so many leaks it's insane. Search "jarland@mac.com" for the fun of it.
These days it's not even a question of whether you'll be compromised if you sign up for a lot of internet services. It's about damage control. Using 2FA everywhere you can, using passwords designed to take impossibly long to crack by reasonable means. Unique passwords everywhere, never the same one twice. Rotate anything of importance regularly. A solid and locally controlled password manager is also key to surviving in today's internet. Now, I'll step down from the security pedestal that we nerds tend to get on for one thing. Your security should be relative to the value of the data behind it. Would I have an eye scanner on my shed where I keep only a broken down lawn mower? Of course not. If you honestly don't care who gets into it, and what's inside is of no consequence, don't perform security theater. You just do you at that point |
21 May 2017, 03:20 AM | #13 | |
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,945
|
Quote:
Contributors to this forum please note. |
|
23 May 2017, 06:34 AM | #14 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,743
|
The thing I find about password reset questions is that you do need them eventually, so fake answers are bound to lock you out too! I've just had to go through all sorts of hoops for an elderly relative that can't remember anything anymore, but thanks to their password questions being decipherable to me (with some research) I was able to break into their accounts and save them from huge medical bills, etc., by being able to pay overdue invoices. A few years ago I had to go through the Google reset process and was just barely able to do it, thanks to having answered questions with real answers. So, this cuts both ways to me: it indicates that it is fairly easy to break into an account once you know a lot about a person, but on the other hand if you make it too hard to get in you will be locked eventually too! The thing is that some questions are pretty common, but how would a hacker know which question is used with which account? In other words, the make and model of my first car could be used on several sites, but even I do not know on which ones it was asked. How could a hacker use that information if they somehow obtained it? I suppose they could if they were targeting me and I was a high-value target, but I strongly suspect I am not (no money) and most of us are not so the effort required would be much higher than the reward.
|