Results 1 to 10 of 10
  1. #1
    Join Date
    Feb 2009
    Location
    Wilmington, NC

    Password Change for DBR?

    Is anyone else getting a message about a data breach when they log in to DBR? In the last day or so, whenever I log in, I get a message from Google that a data breach has exposed my password on this site and I should consider changing it. Is anyone else getting this? I don't get that message on any other sites/apps.

    My DBR password isn't used anywhere else that I'm aware of.

  2. #2
    Quote Originally Posted by left_hook_lacey View Post
    Is anyone else getting a message about a data breach when they log in to DBR? In the last day or so, whenever I log in, I get a message from Google that a data breach has exposed my password on this site and I should consider changing it. Is anyone else getting this? I don't get that message on any other sites/apps.

    My DBR password isn't used anywhere else that I'm aware of.
    Passwords? We don’t need no stinkin’ passwords!

    I’m getting no such notifications but am relying on stored passwords/cookies for access.

    I'm probably being petty in another thread.

  3. #3
    Join Date
    Sep 2007
    Location
    Undisclosed
    No notifications for me either, although I too have a cookie sign me in.
    "We're only tourists in this life
    Only tourists but the view is nice"

    -- David Byrne

  4. #4
    Join Date
    Feb 2009
    Location
    Wilmington, NC
    Quote Originally Posted by OldPhiKap View Post
    No notifications for me either, although I too have a cookie sign me in.
    I use baked goods to sign is as well. Weird.

  5. #5
    My browser clears everything when itís closed and Iím not getting any prompts when I log in on Windows or the phone. Are you sure your browser hasnít been hijacked. It would be strange for DBR to redirect you to Google unless itís a Chrome feature.

    Ok looked it up. Does this explain what you are seeing. https://www.google.com/amp/s/www.wired.com/story/chrome-79-password-check/amp
    Last edited by Kdogg; 12-23-2019 at 04:22 PM.

  6. #6
    Kdogg already alluded to the possible answer.

    If you use Chrome or certain google tools they are now checking your password against a known dictionary of breached passwords.

    This doesnít mean your password has been cracked. It does mean that someone may also have used that exact password elsewhere.

    My recommendation is find a password vault app you can use/like (LastPass, OnePassword, Dashlane, etc...) and ratchet up the number of characters in your password. Minimum 13 characters if the website will support it.

    Change all your passwords everywhere so they are unique to limit your risk.

    Security is going to get even sillier if quantum computing becomes affordable. In the meantime, password length and 2FA/MFA are your best bets to maintain account security.

  7. #7
    Join Date
    Feb 2009
    Location
    Wilmington, NC
    Quote Originally Posted by Kdogg View Post
    My browser clears everything when itís closed and Iím not getting any prompts when I log in on Windows or the phone. Are you sure your browser hasnít been hijacked. It would be strange for DBR to redirect you to Google unless itís a Chrome feature.

    Ok looked it up. Does this explain what you are seeing. https://www.google.com/amp/s/www.wired.com/story/chrome-79-password-check/amp
    Sounds like this was the reason. But what I don't understand is why I got the message for this username/password for DBR. DBR is the only site I use this combination of username/password, sonif they're comparing it to a know list of comprised credentials, wouldn't that mean that DBR would've had to have some sort of data breach?

    Not saying they did, just trying to understand.

  8. #8
    Quote Originally Posted by left_hook_lacey View Post
    Sounds like this was the reason. But what I don't understand is why I got the message for this username/password for DBR. DBR is the only site I use this combination of username/password, sonif they're comparing it to a know list of comprised credentials, wouldn't that mean that DBR would've had to have some sort of data breach?

    Not saying they did, just trying to understand.
    My interpretation is your password is now in a dictionary of known compromised passwords.

    This may not necessarily mean the combination of your username AND password are linked in said dictionary.

    Hopefully that helps.

  9. #9
    Hereís a test. Log out of your google account in Chrome and see if you still get the prompt. Once you log out Google canít run the password scan so you will know if thatís why you are seeing the prompt.

  10. #10
    Quote Originally Posted by left_hook_lacey View Post
    Sounds like this was the reason. But what I don't understand is why I got the message for this username/password for DBR. DBR is the only site I use this combination of username/password, sonif they're comparing it to a know list of comprised credentials, wouldn't that mean that DBR would've had to have some sort of data breach?

    Not saying they did, just trying to understand.
    My understanding is that it's based on a comparison to passwords you've saved with Google in some way; e.g. the Chrome credential store, or Google's account-based credential store, or with the device. So you shouldn't get the alert if you sign in from a device/browser/session otherwise unaffiliated with your accounts.

Similar Threads

  1. Climate Change
    By fuse in forum Off Topic
    Replies: 256
    Last Post: 03-04-2019, 08:50 PM
  2. Change in ACC schedule
    By Olympic Fan in forum Elizabeth King Forum
    Replies: 1
    Last Post: 01-23-2016, 10:09 PM
  3. Avatar change
    By Jim3k in forum Elizabeth King Forum
    Replies: 15
    Last Post: 12-30-2015, 12:55 PM
  4. Replies: 23
    Last Post: 10-06-2012, 06:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •