Old, bad passwords. Yeeesh.

Nunuv Yurbiz
Nunuv Yurbiz
Community Member

The most disturbing part of receiving a scam email which accurately quotes a previously used password (harvested from a security breach somewhere) is seeing just how bad some old passwords were. I am so ashamed. 🤦🏻‍♂️

Some sites have been updated but there are about a dozen sites where I long ago used bad passwords and now have no way to update because the sites have closed or morphed into something else (maybe if I can't login then they couldn't be harvested in case of a breach).


1Password Version: 6.8.8
Extension Version: 4.7.3
OS Version: OS X 10.14.5
Sync Type: iCloud

Comments

  • arturoaubry
    arturoaubry
    Community Member

    Hey, @Nunuv Yurbiz

    I totally understand... I live in Mexico, and privacy and data regulations are/were pretty terrible, so many sites just store passwords without any kind of encryption, they don't offer an easy way to delete your information, and when they go out of business, they just sell your data to anyone without consequences. It's pretty terrible :angry:

    What I can suggest you is:

    1) Try to delete those services you no longer use, or if they don't offer that option, change all your personal info.

    2) Avoid repeated passwords. If you have any, change it immediately and store it in 1Pass.

    3) Ultimately, we as users, should be more cautious with the services we share our data.

    Any other doubts, let us know.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @arturoaubry: I don't think that's a Mexico thing; it seems to be the norm almost everywhere I've been! :sweat: Best we can do is stay on top of our security, and also have our money talk for us to encourage companies to start prioritizing customer privacy and security. <3

    The most disturbing part of receiving a scam email which accurately quotes a previously used password (harvested from a security breach somewhere) is seeing just how bad some old passwords were. I am so ashamed. 🤦🏻‍♂️

    @Nunuv Yurbiz: I can totally relate to that!

    Some sites have been updated but there are about a dozen sites where I long ago used bad passwords and now have no way to update because the sites have closed or morphed into something else (maybe if I can't login then they couldn't be harvested in case of a breach).

    The good news is then there is nothing you need to do! If the sites existed, you'd have to go there and figure out how to change the password -- which can often be hard to find. Going forward, as long as you don't use that same embarrassing password for anything else, it can't hurt you. But if there are cases where it is unclear if a specific site is still a risk or not, it might be worth going through their password reset process in order to set it up with an obscenely long, strong, unique password so you don't need to worry about it going forward. Sometimes it's worth going through a little hassle upfront to get peace of mind for years to come. Cheers! :)

This discussion has been closed.