- This topic has 11 replies, 7 voices, and was last updated Sep 21-4:16 am by VW.
-
Posts
-
ModdIt
A new feature: When the user tries to enter a compromised password, the Chrome Browser will warn him and offer to change the password. This is done by the browser which compares the entry with the existing public breaches.
So anyone who thinks this is a great service to the user ?, for sure a great feature for all those special instances which hold the decryption key, developed the encryption or hashing algorithm, a hashed password is not intrinsicly secure if enough information is available.
In any case the old password will be known in real time, the new one will be compared again.
If chrome Telemetry includes the visited websites as is our guess the feast begins.
fatmac
Doesn’t sound very good – you should be the only one to know your passwords….
Linux (& BSD) since 1999
Anonymous
I think it’s a great feature.
What one used to do manually every week, it’s now done automatically on every login.
No more need to visit:
https://haveibeenpwned.com/Passwords
https://sec.hpi.de/ilc/search?lang=en
… every couple of days.
If you’re using some online service with login, you’re PW obviously must always be known to that service, so why not compare it to the “leaked PW DB” at the same time?
Don’t worry about visited websites — everybody knows that — unless you’re using your own VPN & DNS services server.
Even the files which you previously downloaded, include “hidden stream” files with a source zone/address.
ModdIt
Anyone crazy enough to upload current passwords weekly and check internet lists certainly can not be helped.
@NoClue
You say
If you’re using some online service with login, you’re PW obviously must always be known to that service, so why not compare it to the “leaked PW DB” at the same time?.Look at the history of data safety in the internet, the conclusion must be, stay as sparing as possible with any data of importance, that includes logins to anywhere.
BTW Most people have URL shortening enabled–see chrome usage and can not even look to see they have the right web site. I have not seen you explaining the problem of fake sites. Nothing about unsafe Ciphers enabled. No info on Web RTC. That list could be far longer.
If you suggested changing passwords regularly that would make some sense but not easy to memorise those of sufficient complexity and length.If the comprimised password Database was on a local computer kept in a solid safe and with NO internet connection ever, updates from a one use only stick it might be considered good enough for some usage cases.
You State:
Even the files which you previously downloaded, include “hidden stream” files with a source zone/address.
about Internet returns: Even the files which you previously downloaded, include “hidden stream” files with a source zone/address.
About Internet returns Invalid Url on my browsers. I do not wonder why.about:about shows a list of available options if anyone is interested.
about:plugins does not show some hidden web extensions in firefox.Browsers are a gift from Internet giants. Gift aptly translates to Poison in German.
Trolls are poison to Foren, you have some good ideas and good information, for those you earn credit.
Unfortunately you jump on new users and post diffaming crap which is very unkind social behavior. On that if you wish there can be an open discussion on fear and loathing reactions to your behaviour. Plenty of input is available from other users on that subject. I do not fear you, just wish you would use your talents to the advantage of the community.Anonymous
You’re again trying to discuss something you couldn’t understand, don’t you?
Take a deep breath and go and inform yourself on how does it work.
“Anyone crazy enough to upload current passwords …”
There’s no uploading passwords involved in it.
You can also download complete DB locally.
It’s just pretty darn huge+ …
And … needs updating.“Trolls are poison to Foren …”
Here we agree completely.
Stop trolling.
Please?ModdIt
Did I write this or the man from wonderland.
What one used to do manually every week, it’s now done automatically on every login.
No more need to visit:
https://haveibeenpwned.com/Passwords
https://sec.hpi.de/ilc/search?lang=en
Chrome does not download the database. This is a forum for people mainly using old computers which do not have terabyte storage and wanting decent information. They certainly do not find that in most of your posts.
Just attempts to get everybody in a caucas race. In wonderland to your rules.
Now I hope a few other users have the balls to chip in too, especially those afraid to post because of your shitty reactions. .Go and take a long long look in a mirror. Before you acuse anybody of trolling.
manyroads
I am sad to say that it was probably too much to expect that “Keine Ahnung” (noclue) would be able to return to these Forums and act in a more civil manner. Rather than react to him, I recommend that you (your collective being) consider following, even if others will not or can not.
I get a choice every time I have to open my mouth: that it can be with civility and dignity and grace – or not.
Dana PerinoTragically there are too many people in this world for whom such a choice appears beyond their understanding.
In my area of the US there are native Americans (Navajo) and I would like to share one of their ‘blessings’ with you in hopes of providing you tranquility and perspective.
- This reply was modified 10 months ago by manyroads.
Pax vobiscum,
Mark Rabideau - http://many-roads.com
MX-19 kernel: 5.2.21-antix.1-amd64-smp
"For every complex problem there is an answer that is clear, simple, and wrong." H. L. Mencken
MX- antiX- bspwm, hlwm, xfce4Anonymous
@ModdIt
You had a question:
“Chrome to upload passwords … So anyone who thinks this is a great service to the user?”
… which I answered you with: “I think it’s a great feature.”
There was no “jump on new users and post diffaming crap which is very unkind social behavior” in my answer, just my opinion that it’s a great feature, but there was more than just a bit of “Gift” (== Poison) in your reaction.
So … what exactly is your problem? Too many Navajo roads or just incapable to understand how the things work (probably both)?
The definition of “Troll” describes you perfectly.
“Did I write … What one used to do manually every week, it’s now done automatically on every login. No more need to visit … or the man from wonderland”?
One goes to the site, enters the email address and gets the notification if the PW was hacked –> These websites are checking if the PW´s were leaked.
“Chrome does not download the database.”
Chrome sends the UN/PW-field entries to Google (which is using the same DB as those 2 sites) and tells you instantly if the PW was hacked –> Google is checking if the PW´s were leaked.
Every single bit of your internet traffic (and so your PW too) goes over some ‘third party’ and it gets intercepted (not necessary altered).
It doesn’t bring much constructing the strongest PW’s and changing them regularly, if they later leak out from the used service DB’s.
This leaks are happening on daily basis and every sane user want’s to know what has leaked already (and again).
Thanks to the Google, the web (and not only web) is getting safer and more comfortable too.
Google has one of the best (if not the best) security teams around.
There is no OS that didn’t profit from Google.
Incl. Linux Kernel.
“Browsers are a gift from Internet giants.”
Stop using them.
P.S.
I’m not sure if you did notice that all this is very much off-topic and doesn’t belong in here …
rokytnji
Read a bit of this thread. Was going to edit content. Opinions asked do not require cussing replies and personal insults and attacks.
Keep it civil or I will step in. You won’t like it when I do. I won’t care what you like.
So being the sgt of arms here. I am asking nice like first, to edit your posts to subject posted and leave personal insults/replies out of your posts.
I have no opinion on this subject as I don’t get these notices. I guess my passwords are good enough lately.
So boys and girls. Get along or I’ll start spanking.
Sometimes I drive a crooked road to get my mind straight.
Not all who Wander are Lost.Linux Registered User # 475019
How to Search for AntiX solutions to your problemsseaken64
Thank you rokytnji.
I hope everyone will consider keeping silent rather than inflaming unneeded arguments.
Seaken64
Anonymous
@moddit
about:reality
Safari 13 (Apple)
See screenshot.
Mozilla Firefox:
https://www.golem.de/news/have-i-been-pwned-firefox-ueberprueft-gespeicherte-zugangsdaten-auf-leaks-1907-142656.html
https://www.heise.de/newsticker/meldung/Firefox-Monitor-warnt-im-Browser-vor-gehackten-Websites-4223138.html
https://www.heise.de/newsticker/meldung/Firefox-Monitor-informiert-bei-gehackter-E-Mail-Adresse-4175543.html
VW
Thanks noClue and here is the url for Firefox Monitor.
“These are the times that try men's souls" - Thomas Paine
- You must be logged in to reply to this topic.