Safari warning of Reasontalk password leak?
Forum rules
Keep in mind that this forum is for Reasontalk.com suggestions, and not for support on your Reason Studios software.
Keep in mind that this forum is for Reasontalk.com suggestions, and not for support on your Reason Studios software.
-
- Competition Winner
- Posts: 1551
- Joined: 14 Nov 2016
I got this warning yesterday on my Safari homepage, just for Reasontalk.
Something in the line of:
'a recent leak on Reasontalk data, your password might be at risk, bla bla bla...'
Anyone else received this???
What was it about???
Something in the line of:
'a recent leak on Reasontalk data, your password might be at risk, bla bla bla...'
Anyone else received this???
What was it about???
-
- Posts: 1468
- Joined: 16 Jul 2021
I haven't seen it yet. but Thanks for the heads up.
-
- Moderator
- Posts: 11292
- Joined: 15 Jan 2015
Do you have a screenshot? Where exactly did you see this? I use Safari and have never seen warnings like that on the homepage.
-
- Competition Winner
- Posts: 1551
- Joined: 14 Nov 2016
It was on top of the homepage, I opened a page, and it got away.
No screenshots taken.
I never got an Alert like that before, and looking into Safari prefs, I can't get any info from where it came from, logs, or anything like that...
-
- Moderator
- Posts: 11292
- Joined: 15 Jan 2015
Ok perhaps it was specific to you? Do you see anything under Privacy Report in Safari?
-
- Moderator
- Posts: 11362
- Joined: 28 Dec 2015
Yea, probably your username and password was found in a database of have accounts.
You don't use the same username and password for different accounts? Do you?
You don't use the same username and password for different accounts? Do you?
Reason13, Win10
-
- Competition Winner
- Posts: 1551
- Joined: 14 Nov 2016
Username... sort of...( I mean, youtube, it's Re8et, the same) password no, absolutely not.
There is nothing under privacy, I checked everywhere...
There should be something! That is what I thought... but no... nothing...
It disappeared as it appeared leaving no traces....
False Alarm? Maybe it's Safari that glitched...
-
- Moderator
- Posts: 11362
- Joined: 28 Dec 2015
Maybe the ransomware just suppressed the message. Everything is fine nowRe8et wrote: ↑28 Mar 2024Username... sort of...( I mean, youtube, it's Re8et, the same) password no, absolutely not.
There is nothing under privacy, I checked everywhere...
There should be something! That is what I thought... but no... nothing...
It disappeared as it appeared leaving no traces....
False Alarm? Maybe it's Safari that glitched...
Reason13, Win10
-
- Competition Winner
- Posts: 1551
- Joined: 14 Nov 2016
OK, I have another warning, this time it's Amazon. Clicking the link, opens up Amazon...
The Reason warning was basically the same...
You do not have the required permissions to view the files attached to this post.
-
- Posts: 632
- Joined: 16 Jan 2015
I believe the warning just means the password itself was seen in a data leak. The leak may be from a different person's account on a completely different website, but the password itself is the same.
https://support.apple.com/guide/securit ... 3b/1/web/1
https://support.apple.com/guide/securit ... 3b/1/web/1
-
- Posts: 1468
- Joined: 16 Jul 2021
I got a massive warning yesterday - many of my passwords were recently detected in leaks. Most of them were passwords that used keyboard patterns that are easy for me to recall - apparently I'm not the only one who thinks that way. So I replaced them all, using Safari's strong pwd generator. I'm glad Safari is on top of this stuff.
-
- Posts: 2467
- Joined: 06 Nov 2021
- Location: ##########
Wow, I can't believe the amount of miss-information on that support page, as it constantly talks about 'comparing passwords'. It is basically nonsense to monitor for passwords, as the online databases mostly (besides some brain-dead installs) have only an encrypted version of the password. And the same password is (again, in most cases) differently encrypted in separate systems. The way this works is that the login-system encrypts your entered password when you try to login, and compares that to the encrypted version in your account. This is why you can't ask for your password if you lose it because the organization you ask doesn't have your password, and elaborate systems are in place to get you a new password.
So, it is impossible to check for a password in a password manager, against known stolen databases, as those databases don't actually contain the passwords. It is possible to get a list of obvious passwords generated from an encrypted database, with a dictionary attack. In this case, words in a dictionary are encrypted (hashed) and you get a list of hashes that have the original password linked. Known obvious keyboard patterns are also in dictionaries. However, if the password system is using unique additional strings (a 'salt') it is near impossible to generate the exact hash for a given word in the dictionary. It also shows that easy to remember passwords can be near unbreakable, like 'purplesproutsbaseballflower' (because that is not in any dictionary)
The one thing that can be checked against stolen databases, is your email-address, as that is almost always needed to create a login. You can search for that on special websites:
- https://haveibeenpwned.com
- https://haveibeenbreached.com
Finally, if you use passwords that are random or strange (like my example) and long enough (at this time at least 16 characters), there is little to worry when your info is in a data-breach. Although, your email address will most certainly end up in a spam database
-------
Reached the breaking-point. CrimsonWarlock has left the forum.
Reached the breaking-point. CrimsonWarlock has left the forum.
-
- Posts: 632
- Joined: 16 Jan 2015
The xkcd approach is good for the rare situation where you need a password memorized.
But beyond that, it's very important to keep all passwords unique, which means using a password generator and manager (unless you have an incredible memory). The best password doesn't protect you from social engineering, but unique passwords limit the damage.
But beyond that, it's very important to keep all passwords unique, which means using a password generator and manager (unless you have an incredible memory). The best password doesn't protect you from social engineering, but unique passwords limit the damage.
-
- Posts: 3203
- Joined: 17 Apr 2015
- Location: Aachen, Germany
Even better to use individual email addresses and passwords for each site. If you include the domain name of the site in the mail address you can even see who got breached or leaked your data.
-
- Moderator
- Posts: 11362
- Joined: 28 Dec 2015
There are still enough sites limiting password length to less than 16 characters... Hard disc space is expensive you know...
Reason13, Win10
-
- Posts: 2599
- Joined: 03 May 2020
I only recently learned that gmail effectively gives you infinite "subaddresses" on the account that can be used for this very purpose.
If your gmail address is dave@gmail.com you can use dave+anyword@gmail.com and it will get to you. So your Reason login could be dave+reason@gmail.com etc
As for character limits scuppering the xkcd method then yes, there are those, but most sites scupper it by insisting you include a mix of digits, special characters and upper case etc. And then there are those sites that don't allow special characters at all.
-
- Posts: 2467
- Joined: 06 Nov 2021
- Location: ##########
There are still a lot of login-systems built by ignorant idiots.
-------
Reached the breaking-point. CrimsonWarlock has left the forum.
Reached the breaking-point. CrimsonWarlock has left the forum.
-
- Information
-
Who is online
Users browsing this forum: No registered users and 0 guests