Support NeoGAF

[Lord_Byron28]

My phone alerts me anytime I sign in to use my Gmail account on a different device. I didn't set this up, it does it on its own. I assume this is just an Android feature and I would know if someone was signing in and using my email account other than me.

 

[Xun]

I've been meaning to change my password and add 2-step to my Gmail account for a while now anyway.

 

[mrklaw]

Two step won't help if you also use that password on other sites. It'll just help keep them out of your gmail

 

[killer rin]

Meh, I use Two Factor for anything important... though this does give me motivation to switch the other stuff to a code generated by my KeePass

 

[Lucumo]

Meh, I have 2 hotmail accounts...

 

[Apt101]

For over a year now I have just assumed all of my accounts are compromised, and eventually some Russian girl in Kiev is going to buy herself a fabulous new pair of boots with my money and I'll deal with it then. I can't keep changing my accounts and passwords every month.

 

[Vanguard]

I feel like I should point this out (if it hasn't already) and remind people as I keep forgetting it's there too, as we don't know what passwords were taken, if you have 2 step auth on a Microsoft account you most likely have 2 passwords. Why? Because some apps such as the live mail desktop app (and live essentials), the 360 (I think) etc and possibly other services don't support 2 step auth. So it creates a seperate password from your main one to let you log on to those services.

I think I needed to use this for thunderbird too, but if they somehow also got this password (I doubt they did?), then they don't need 2 step auth. If you have 2 step auth for an msoft account and you are changing your passwords, then change this one too!

More info here: http://windows.microsoft.com/en-GB/windows/app-passwords-two-step-verification

edit: Step 1 lets you sign into your account, then it's under the heading of App passwords. I can't remember/forget how you view your existing one, but you can create a new one there and note it down. Remove all existing ones first and then create a new one I guess as I think if you keep creating new ones, all old ones still work? I could be wrong.

edit2: Although after saying all that, changing my password gave me an email saying I needed to change my app pass too

 

[akira28]

Back to using pigeons.

can't wait to try cracking passwords with cracked corn.

 

[brokenbeans]

Ugh I hate this shit guess I'm changing my e-mail passwords.

 

[woopWOOP]

When did this happen? I happened to change my hotmail password just a few days ago, lol

 

[GAFmeansLIFE]

I have two step, but changed my passwords just to be safe. Took all of about 30 seconds to have Lastpass generate a new, probably unnecessarily long, password and change it.

I just started using Lastpass recently and I love it. Passwords changed. Thanks for the heads up OP.

 

[Deleted member 1235]

Just turned 2 step on for gmail, just in case

do it for all your services.

using authy and lastpass on your phone, always secure, always a different password for any service

 

[Dreams-Visions]

What do i do now

2-step

 

[Dunfisch]

I was curious why yesterday I got a security message from my FB account, telling me that someone tried to login to it from Russia.

Wouldn't be any stretch of imagination to connect it to this :/ . Maybe I'll have to change all my PWs. Again. Well at least I'm running 2-Step everywhere I can.

 

[Forerunner]

I check my Hotmail and I have an email from Ebay about an unauthorized use of my account. I haven't used Ebay in months and my Ebay account is tied to my Hotmail. So I changed my password and also set up two step verification.

 

[Jacksinthe]

Another reason we need to stop using email as an ID and allow unique names. Email is 50% of the equation on every damn site.

Still. Been 2step for ages. Will change PW when I get home later

 

[MarkMclovin]

Says a 'security expert'.

Expert on pulling things out of his ass, yeah.

 

[strafer]

I'm turning my 2 step on. Didn't even know Gmail had that now.

 

[RoadHazard]

Why is nobody else reporting on this? It should be the main headline on every tech site, but I can't find shit about it. Bullshit?

 

[twinturbo2]

My mom uses Yahoo Mail, gotta tell her about this.

 

[strafer]

i use hotmail for my spam and porn signups.

 

[B33]

That's it, I'm going back to snail mail.

Going to write letters to all of my friends and family that'll warn them about this intrusion.

 

[Dreams-Visions]

I'm turning my 2 step on. Didn't even know Gmail had that now.

It's hard it literally for years now. It's a bit more recent on Hotmail, however.

 

[DiipuSurotu]

His latest discovery is said to come after researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials.

Mysteriously, the hacker asked just 50 roubles – just over 50p – for the entire trove, but gave up the dataset after Hold researchers agreed to post favourable comments about him in hacker forums, Holden said.

Wow

 

[Battersea Power Station]

2016 and companies like microsoft and google still getting stuff taken from their servers?

I doubt it. While it might be a good idea to change your password anyway, this data is most likely accumulated from users having stored it carelessly or inputting it into a phishing site after a massive spam campaign, or something like that.

 

[this_guy]

I have the same password for both my gmail and outlook email addresses. I also have 2 factor authentication turned on (as well as for all my social media accounts).

 

[GrizzleBoy]

I have the same password for both my gmail and outlook email addresses. I also have 2 factor authentication turned on (as well as for all my social media accounts).

Good to know, thanks for the heads up.

Brb.

 

[massoluk]

Well....shit

If I use the same email + password combo for every single site and service I'm registered on, does that mean I should change all of them?

There should be some method to the madness, man. AT LEAST my dad incorporated the website names into the passwords.

 

[Rabbi_Vole]

This is why I stuck with AOL

 

[entremet]

Two step on both of mine.

But I'll change then just in case.

Based password managers.

IG needs to get 2 step. It's embarrassing at this point.

 

[7DollarHagane]

Does not compute

Porn sites are much much more likely to have malicious scripts and software or aware inserted into their video players and advertisements than other sites. Same for rom sites and torrent sites.

 

[Radec]

What do i do now

Hide yo kids

 

[alr1ght]

You can check to see if someone has logged into your gmail account by going to the inbox and scrolling all the way to the bottom and click on "Details" below "Last account activity"

 

[BlueTsunami]

Oh no my spam mail

 

[E92 M3]

I got 2-step everywhere possible and also check login IPs daily.

 

[Tal Shiar Agent]

I haven't logged into my Hotmail account since like 2008. Luckily all of my Gmail accounts have two step. So glad 2 step is coming to the PSN soon too.

 

[blame space]

It sounds like this mostly affects Russians?

how do I know if I'm Russian?

 

[Nokagi]

Ugh well here I go to change passwords. Again.

 

[E92 M3]

how do I know if I'm Russian?

Do you eat Borscht

[ ] Yes
[ ] No

 

[jstripes]

Turn on 2fa, people.

Gmail sends me a text if someone from a different location even tries to log into my email.

 

[Altazor]

Well....shit

If I use the same email + password combo for every single site and service I'm registered on, does that mean I should change all of them?

I know this is a bit LTTP but please stop doing this and don't do it anymore, you can get screwed if only one of those sites/services is breached. Use a password manager so you can get a new, different, safe password for each site!

 

[PetriP-TNT]

If this "news" piece prompts you change your passwords yet again you really should consider changing your terrible password using practices instead.

There really should be an OT for not being terrible at passwords.

 

[Brandson]

How do you guys deal with using a password manager on an access-restricted computer that won't allow anything, including password managers, to be installed? Just not use those computers?

 

[BLOODED_hands]

Did my duty last night by adding 2-step and changing my passwords just in case.

 

[Walpurgis]

Which is like a one minute process with a password manager or in the case of 1password and lastpass they have automatic password changes so it takes one click.

Didn't one of those things get hacked recently?

 

[backflip10019]

Literally every important website should have two step verification to keep stuff like this from being a big deal.

 

[evilromero]

Give me 3-step verification! After texting me, call my mom.

 

[-Pyromaniac-]

Google has done a good job at getting people to do 2-step I think with those non stop fucking reminders so if you're not on it by now then it's your fault.

 

[E92 M3]

If you guys didn't know, Amazon also has 2-step verification.

 

[Chamber]

For over a year now I have just assumed all of my accounts are compromised, and eventually some Russian girl in Kiev is going to buy herself a fabulous new pair of boots with my money and I'll deal with it then. I can't keep changing my accounts and passwords every month.

I like the cut of your jib, friend.