has there been a password leak

WOW!

Your list of email addresses must be huge.
There are ways of doing it so it's not a ballache, just like with password managers.

You can generate different addresses with one gmail account with a + symbol.
instructions: https://blog.101domain.com/business-development/gmail-email-aliases

You can get your own domain, and use a catchall address, so [email protected] goes to your inbox.
Then for example if companyA gets hacked then you can block mail to the [email protected] address, and contact companyA to let them know, and try to blag some compensation. But yeah, I have been doing this a long time, so I have a long list of addresses I've had to retire.

The reason for this, in case it wasn't obvious - is when your account info is leaked in a password dump, often the email is in it, then hackers process the dump files and use the email address to match your accounts. But it's worse than that because simply googling your email address will return password dumps in the results - so it's available for less tech savvy people to attack you this way.
 
Pretend I'm 5 and explain to me how password managers work.
A password manager will create and save long, complicated passwords for you. When you go to a site that requires you to log in, it will detect what site you're on and automatically fill in the correct details.

It saves you having to remember multiple passwords, it saves you having to write multiple passwords down in your notebook. If someone pinches that notebook, you've lost everything. It's like a digital version of that pad you're looking at now.
 
Pretend I'm 5 and explain to me how password managers work.
This is something I can't work out.

A password manager is basically an encrypted database of your logins. Most of the services are online so they take care of storing and backing up the database for you.
You access it with a master password (so yes there's one strong password you need to remember).
The password manager will have a browser extension so it can fill form fields for you (instead of the browser remembering logins).
Because you don't have to remember your passwords you can choose crazy long complex unique passwords.
1password can also generate a unique email address via fastmail if you want a unique email too.
You can also install the phone app so you have your passwords when not at your pc.

Alternatively, you can use keepass, which is literally just a user interface for a password database file you store in your cloud storage. Then you let the browser remember your logins. There's a phone app for that too. The reason for doing this is if you think the online password manager services are a big juicy target, or if you don't trust them, or think they might go away and leave you password-less.
 
Firefox Sync handles everything, it even generates random passwords for you on new sign up pages for websites etc and then saves it in the encrypted locker. You then have access to all logons and everything on any device which also has Firefox installed. In all these years have never had a breach. Firefox also notifies you if your emails are ever listed on any breach/leak.

Firefox > Everything.
 
You're a prime example of someone who's very likely to be compromised somewhere, sometime.


And there we are, it's already happened.

Ideally you should use unique passwords so that if one system is compromised, the others won't be as well.

There are very good password managers, I use 1Password which is now cross platform. What you should do is log onto every single service you have signed up to and change the password to something unique.
Thanks.

Can I sign up to 1password on my desktop and spend an afternoon logging into everything and let it change the passwords for me? Then get the phone app, sign into that and it will populate these same passwords on all the phone apps for me too? Is that how it works?
We recently did our wills, the lawyer we used mentioned using something like this in the event one of us died and we needed to access emails. Will also allow the Mrs to update my facebook status to "I'm dead lol" for comedy purposes.
 
Back
Top Bottom