As long as it's not Lastpass. Still trying to work may way through changing all my details. Jesus there are some broken websites out there. Some have no password changing method (unless you say you have forgotten it), others you can change the password, get an email to say it has been changed, but it still lets you login using the old details in a private window!
The importance of different passwords and two step verification
- Thread starter SexyGreyFox
- Start date
As long as it's not Lastpass. Still trying to work may way through changing all my details. Jesus there are some broken websites out there. Some have no password changing method (unless you say you have forgotten it), others you can change the password, get an email to say it has been changed, but it still lets you login using the old details in a private window!
I didn't realise netflix logins were so valuable these days. On a serious note, I've had to use a password manager as it gets ridiculous, last time I check I had over 100 different logins stored. I always enable 2FA where possible, weirdly a guy I work with hates it as its inconvenient, but for the sake of security I think it's worth it.
It's definitely inconvenient without some proper tools. It certainly makes logging into sites a bit of a chore.
I pay for Bitwarden so also use their 2FA generator for creating my login codes. It means it's much easier to log in, even if it technically means the security might be slightly weaker than using a separate account for generating 2FA codes.
Yeah I remember this, or some with stupid password restrictions. I can probably get on board with letters and numbers only, but having the length capped at something stupid like 8 is ridiculous.
Thankfully most sites that operate that way aren't something that stores financial or personal details. It's more like a newsletter type thing.
I hate having a million passwords. I have a system now. It's not great as could probably be figured out. But it's better than the same.
Its too annoying to not. The infrequent sites its particularly useful for.
Do have issues with some bank or similar sign ons. One bank I have to reset my Password every time as I've gone through so many resets mysystem no longer works.
One of those use fingerprint for but every now and again it needs password. Then the pin and some ID number. But yeah I just reset that every single time.
I do hate passwords. 2fa is fine.
Its too annoying to not. The infrequent sites its particularly useful for.
Do have issues with some bank or similar sign ons. One bank I have to reset my Password every time as I've gone through so many resets mysystem no longer works.
One of those use fingerprint for but every now and again it needs password. Then the pin and some ID number. But yeah I just reset that every single time.
I do hate passwords. 2fa is fine.
Last edited:
Soldato
Argh I hate this, several services I use end up like this. I have whichever sensible memorable but complex password I've come up with, and then it has to have 3 or 4 or 5 on the end because they've insisted I can't use the same password again or similar.
That and requiring a password change every X months can both get in the bin. It's not good security - you get one or two chances at a secure but easily remembered password and then you're into random territory, adding characters or just generating them. Then it reduces security by writing something down (lol) or using a vault which is easily accessible on my device. Sorry, I'm not typing a complex mega-password every time I access my vault if it starts including 1000 small websites that aren't very important.
Recently I locked my NHS login because I used the wrong password ONCE, having a previous time had the "one more attempt" warning. So the counter doesn't reset if you log in successfully. Dumb.
Man of Honour
Nah not lastpass!
Soldato
I had similar emails to the OP during COVID. Worded differently but to the same effect in that they have remote access to all of my devices and seeing that I use adult sites and have webcam recordings. They also wanted a certain amount in Bitcoin. Obviously a scam because the only "adult" sites I use is gambling (which is not what the scammer is interested in), and the only time I plug my webcam in is for Skype and Zoom calls.
I did fall foul of the same password trick but this was back in Feb/Mar 2003, so 20 years ago now. It was probably a dictionary attack because my password was just 2 English words put together. The attacker managed to access my MSN Messenger and 3 forum accounts, then changed the passwords and security questions so that I couldn't get back in. The 3 forums were helpful as the readers/mods knew from my normal posting style that whoever was now posting as me wasn't actually me because their posting style was different. I managed to get my account back in all 3 instances with a temporary password emailed to me and then I changed them again quickly (different ones each!). For MSN Messenger, the attacker had a humorous chat with someone on my buddy list but he got called out and the buddy sent me the chat log afterwards. Microsoft weren't helpful when I tried to recover my MSN account, so had to accept that I have lost it and then create a new account and added my old buddies into that.
I did fall foul of the same password trick but this was back in Feb/Mar 2003, so 20 years ago now. It was probably a dictionary attack because my password was just 2 English words put together. The attacker managed to access my MSN Messenger and 3 forum accounts, then changed the passwords and security questions so that I couldn't get back in. The 3 forums were helpful as the readers/mods knew from my normal posting style that whoever was now posting as me wasn't actually me because their posting style was different. I managed to get my account back in all 3 instances with a temporary password emailed to me and then I changed them again quickly (different ones each!). For MSN Messenger, the attacker had a humorous chat with someone on my buddy list but he got called out and the buddy sent me the chat log afterwards. Microsoft weren't helpful when I tried to recover my MSN account, so had to accept that I have lost it and then create a new account and added my old buddies into that.
I had 2FA on my paypal. They still hacked it...
Pity O2's security is so poor to allow a sim swap without some security checks
Soldato
Federation?
Commissario
How?
It shouldn’t take a ‘scare’, it’s what you’ve been told to do for years for a damn good reason. Those of us who preach good security aren’t doing it just to be awkward, it’s for your own protection.
Associate
- Joined
- 2 Sep 2013
- Posts
- 2,086
Had these emails since forever.
Made sure all accounts have different passwords a long time ago.
Funny thing is, every time they send me one, there is no password attached (so I can't even tell from where the account had issues if any happened at all) - my guess is they harvested my email from other people who mass emailed but not bcc'd and possibly from long disused email accounts that were breached that had me in their address book (which they spam to).
Then of course, there's also no webcam, so a bit hard to have managed to get any type of video of me doing anything, which tends to give their game away.
Made sure all accounts have different passwords a long time ago.
Funny thing is, every time they send me one, there is no password attached (so I can't even tell from where the account had issues if any happened at all) - my guess is they harvested my email from other people who mass emailed but not bcc'd and possibly from long disused email accounts that were breached that had me in their address book (which they spam to).
Then of course, there's also no webcam, so a bit hard to have managed to get any type of video of me doing anything, which tends to give their game away.
Soldato
Had this email loads of times, pure scam I just delete it. I also live stream all my self abuse sessions for free anyway so their idle threats don't scare me.
Soldato
- Joined
- 27 Mar 2013
- Posts
- 9,345
I get those occasionally too. The funny thing is the first time I saw I thought it was too well written to be a scam (but didn't click links/send coin). I guess some people do fall for it though as that's why they keep doing it.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
I don’t believe that. It will have been sim swap if that’s the case. That’s not hacking it’s just playing the system.
I think there’s going to be some protection for sim swap but can’t recall where I saw the article.
Last edited:
I know where my daughter was pwned from, My Fitness Pal
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
How did you find that this was the cause?
Commissario
There was a breach at mfp a while back. I remember getting notified and they forced people to change their passwords. I seem to remember the email said that passwords had been compromised.
So if she was part of that breach, she'd have been informed about it and that was the point at which she should have gone and changed passwords everywhere else she used the same one. Again, it's basic security.
She knows that now but for goodness sake people, don't reuse passwords.
It was the only thing on that pwned link that was shared above.
Of course there's a chance it might not be that.
I've got 9 on my NTL and 2 on my Gmail but all passwords changed.
O2 account hacked and phone number stolen
Phew an eventful last hour or so I got an email from Experian today saying my email address & password has been sold online, I logged in and it said low risk you dont need to do anything A few hours later I get a text from O2 saying my sim swap is now complete Strange I didn't order a sim...
forums.overclockers.co.uk
Yep just playing the system. But 2FA was useless as they got around it.
I've since moved from O2 and in the process of suing them, As I've still not had a refund form the charges for the first fraud.... Their fraud dept is useless too. They
It is a bit of a lol actually. I just discussed it with a colleague. We had "PIN" codes introduced to login to our machines... then a policy was pushed to add a letter to our pins. Now my "password" has been removed... but my PIN is effectively numbers and letters..........
Other than corporate login portal and the corporate login app - all authentication is a push to my mobile app with a 2 digit code challenge.