Olymoon >>> Kind

 

Honestly, they can have it

 

I just put in a password that even I'm afraid I can't remember

 

PW changed.
Olymoon!

 

Change your password they said, it'll be funny they said.

Anyway, just fyi AND FOR TOTALLY UNRELATED REASONS ...i clicked on the reset password thingy and didn't get the confirmation mail, even tried creating a new accound with another email with no luck, on AS and sister site.

So yeah, anyone knows what's up with that?

Pd.: I'm no longer drunk and can actually spell the password correctly.

 

Done!
Changed my password from "password" to "password1"!
Now I'm safe!

 

I changed mine to qwerty, don't tell anybody.

 

Thanks Oly, I changed mine to

Apple_Pie_3.1415926535897932384626433832795028841971693993751058209749445923078164 062862089986280348253421170679

Please keep it between us.

Oh...nevermind.

 

Can you retype that? It isn't working.

 

Ok, it's working now.

 

I don't trust password managers. They get breached time to time.

Now, the above kind suggestion to use "a phrase made up of 3 or 4 random words" I have to disagree. First of all, most sites require letters (capital and small), numbers and symbols. You don't have other choice. Secondly, exact words are caught before anything else, even with random combination. And remembering these random words are not easier than other codes. If those are not random for you (e.g. names of memebers of your family), in order to remember easier, that's already a risk.

I think people should not overreact this issue. Just don't use easy passcode. And there is no problem if you forget the code, you can always ask for reset it. If the site is not banned by mail providers like gmail.

@Olymoon
Has the mail sending issue been solved on the site?

 

I don't know, but there are a lot of way to get people's passwords.
Keyloggers, hack vpn IPs etc.. I won't give too much details, but it does not seem that the database were hacked.

 

True but I'm used to bad decisions by management lately. Not only securitywise. The whole IT is defunct in the meantime.
No CSO nor CISO here. Security is 'managed' on department level.
There is an ongoing war between CEO and the rest of the executives following a merger. So I don't think they have spare time for security measures the next months.

 

That would be good. However, the simultaneous occurrence of hacked passwords is suspicious.

 

We have pour clues (As you see, it stopped for now), but I cant give details.
As I said, it does not seem that there was a breach in our system.

 

Check if your email or phone is in a data breach
https://haveibeenpwned.com

 

my average password: "Az7!*7dxfrrywMX!X"

my total number of accounts hacked over 15 years of internet surfing: 0

 

Hmm, is it somehow possible to find out if my account is hacked? If I'm able to login it is not, correct? I guess the hackers will change the password to competely take over the account?!

 

Only have unique passwords for EVERY site. It has less to do with the complexity of password and more to do with the fact the you never know how all the sites takes care of your password and of it is breached. Are they salted? How many people have access to the database? Etc etc.
As long as you aren't being spear phished, criminals use automation to match accounts and passwords. And if a password is leaked, it is leaked forever....

Of course, your e-mail password should always be the strongest and you should of course use MFA.

You can use your own password manager like Bitwarden (open source) also together with 2FA/MFA. Then it is easy, and safe, to have unique passwords everywhere.