5 Million Gmail Passwords Leaked

[photon]

http://lifehacker.com/5-million-gmai...now-1632983265

Enable 2 factor authentication!

[Regulator75]

All good here. No leakage.

[Hemi-Cuda]

It wasn't gmail passwords leaked, it was passwords for various other sites that used email addresses as login names and someone cut out everything except the gmail addresses. So unless you use the same password for gmail that you use for everything else you sign up for (don't be that person) there's no issue

[Barnes]

Quote:

Originally Posted by Hemi-Cuda

It wasn't gmail passwords leaked, it was passwords for various other sites that used email addresses as login names and someone cut out everything except the gmail addresses. So unless you use the same password for gmail that you use for everything else you sign up for (don't be that person) there's no issue

Mine was leaked but the password is not the one I use for gmail. Wonder where these are from?

[Dion]

Mine wasn't leaked.

[Regulator75]

Quote:

Originally Posted by Barnes

Wonder where these are from?

Russian mail order wives websites...

By the way, did you end up choosing Svetlana or Olga?

[Barnes]

Quote:

Originally Posted by Regulator75

Russian mail order wives websites...

By the way, did you end up choosing Svetlana or Olga?

Svetlana. She's held up in customs. Something about a manditory quarantine period.

[Igster]

Changed my password anyway. Just to be safe. Can't check to see if mine was leaked, but not a bad idea to change every once in a while anyway.

[DownhillGoat]

Quote:

Originally Posted by photon

Enable 2 factor authentication!

So I enabled that. Did I just make life a total pain in the *** for travelling?

[Resolute 14]

The scary thing about the screenshot in the story is that the people obviously used their own phone numbers. May as well have just used their SIN/SSN.

Kind of a shame that the list was taken down. Would have been fun to point and laugh at some of the passwords.

[photon]

Quote:

Originally Posted by kunkstyle

So I enabled that. Did I just make life a total pain in the *** for travelling?

Yeah if you can't get SMSs then it might be a problem if you use it from a completely new computer.

If you have your phone I think you can generate authentication codes with this app:

https://support.google.com/accounts/answer/1066447

Never used it though.

EDIT: You can also print out backup codes and carry them with you: https://support.google.com/accounts/..._topic=2784804

[DownhillGoat]

Quote:

Originally Posted by photon

Yeah if you can't get SMSs then it might be a problem if you use it from a completely new computer.

Thanks. I just downloaded the app and you can print 10 backup codes apparently.

The day before a big trip was likely not the best time to try it out...

[photon]

Or might make the trip better, enforced vacation from email!

[Drury18]

Quote:

Originally Posted by photon

If you have your phone I think you can generate authentication codes with this app:

https://support.google.com/accounts/answer/1066447

Never used it though.

I have and use that app for Gmail and Facebook now. Very simple and easy to use. It's like using a RSA Token. The app generates a code that is valid for I believe 3 minutes. You can see a countdown clock and so long as you enter the code before the clock is up, it will be valid.

Setup is very simple. You scan the QR code generated by Gmail when you enable the two step process and the generator populates with the information and starts producing numbers immediately.

[DownhillGoat]

Quote:

Originally Posted by photon

Or might make the trip better, enforced vacation from email!

Ha not if I have to get to trip itineraries.

[WilsonFourTwo]

An old gaming account of mine (that I haven't used in years and years and years) got hacked recently, prompting me to change the password on all my online accounts.

Wanna talk PITA.....try remembering every little thing you've logged into over the past 5 years. Wowzers. Turns out the timing couldn't have been better.

[Flames89]

Does anyone use those 1password type services?

[photon]

Yup lots of people here have discussed them and others like it at one point or another, I think they're almost a requirement these days.

I personally use KeePass which is an application rather than an online service, just because in principle an online service is a bigger hacking target than my personal PC (and I think there's been at least one major online password storage place that was hacked, though if you had a strong password your info was still secure).

And attacking passwords has never been easier, if a hacker gets a copy of the user database where passwords are stored they can often try billions of passwords a second with off the shelf video cards, so having a long password is the best defence, and the best way to do that is something to remember the passwords and have different passwords for everything.

EDIT: Oh, is 1Password an app only as well? I thought it was an online service.

[DownhillGoat]

Quote:

Originally Posted by photon

EDIT: Oh, is 1Password an app only as well? I thought it was an online service.

App only but it allows the option to upload the passkey to your dropbox account.

Got it after the PS3/sony online breach. That program is worth it's weight in gold. Although I'm still slightly hesitant about storing it in dropbox.

[photon]

I put my KeePass file in Dropbox, my password is pretty long (like over 25 characters) and KeePass has a work factor in it so you can scale how long a computer takes to hash the password, reducing the # of guesses per second from billions to a couple makes it very difficult to crack.

KeePass can go further as well by using a public/private key as part of the encryption so you need the private key to decrypt the password file. On my computer it does like 16 million iterations of the hashing algorithm.