On Wed, 2020-12-16 at 07:51 -0400, George N. White III wrote: > There are services like https://haveibeenpwned.com/ that check > passwords against captured databases. Google will warn you if a > password saved in Chrome appears in one of the stolen password > databases. When this was introduced it detected couple > stolen passwords that I used used with sites that either went out of > business or were taken over by "bad actors". I think a number of > other password managers can also check against the databases. My concern with those kinds of services are that there's two ways they can work: 1. You send them your password, and they look it up in their database. 2. A similar kind of thing is done where they compare checksums rather than the actual passwords. Either way, it's ripe for exploitation. No doubt there's fake password check sites out there that just immediately skim your password for their own purposes. I'm more in favour of a kind of site that logs which sites have been compromised or bought out, and when, then you can decide whether to change your passwords with them, or leave. Always use good, and totally different passwords for all services, as a matter of course. I'm against the usual password polices, as well. Repetitively changing your password is no guarantee of avoiding being hacked, and is more likely to lead to you forgetting your passwords. And weird untypeable and unmemorable number and letter combinations are more of a problem for yourself than any exploiters. And when banks tell you that you must use an eight-character-long password I just want to scream at them. -- uname -rsvp Linux 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx