Choose style:

Author Topic: Keep Your Data Secure With Mozilla's Newest Tools  (Read 391 times)

0 Members and 1 Guest are viewing this topic.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3821
  • Karma: 300
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Keep Your Data Secure With Mozilla's Newest Tools
« on: September 27, 2018, 12:00:06 am »
This one was an eye-opener for me.  I entered my address in Firefox Monitor and I got one hell of a surprise.  Unbeknownst to me, my email address was exposed to an Adobe breach back in October 2013 -- that is, my account along with 152,445,164 others.  And, not only that, but it was also exposed to a Disqus breach back in July 2012 -- again, my account along with 17,551,043 others.  :o

Seems fitting that this short piece was written by a Murphy.  Murphy's law, you know:  "If anything can go wrong, it probably will..."  Anyway, I think the piece is worth a look-see.

Hope it's helpful.

Keep Your Data Secure With Mozilla's Newest Tools

By David Murphy for Lifehacker

https://lifehacker.com/keep-your-data-secure-with-mozillas-newest-tools-1829304577
« Last Edit: September 27, 2018, 04:12:00 pm by perknh »
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25464
  • Karma: 2802
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Keep Your Data Secure With Mozilla's Newest Tools
« Reply #1 on: September 27, 2018, 09:16:07 am »
And that's why you should **NEVER** use the same password on your primary email account (the one you use to verify other accounts) as you do on ANY other website.

My email address was exposed by the Mint/Dropbox/Bitly/MajorGeeks breachs .. but just because they had my email address (and possibly for a short time my Mint forum/Dropbox/Bitly/MajorGeeks passwords) does NOT mean they have my email password, so they can't use that email address to confirm password changes/resets on those (and other) accounts.

Knowing my email address and possibly (for a short time) the passwords to those sites is pretty useless to them.

I always keep an eye on
https://haveibeenpwned.com/
which it looks like this new Firefox tool is a copy of .. and if any new breaches appear on there, I IMMEDIATELY change my passwords for those accounts. But my primary email address is always safe because that password is used NOWHERE else, and is a super long and highly secure (would likely withstand brute force for hundreds of thousands of years) and rotated regularly.

Your primary email address (the one you can use for password resets on other accounts) password is the one that really needs protecting .. so make it secure, don't use it ANYWHERE else, and rotate it regularly.

As for the Mint/Dropbox/Bitly/MajorGeeks breaches .. well for the short while (before I spotted the breaches on haveibeenpwned) someone might have been able to access those accounts in my name .. no biggy, only the dropbox one could have been problematic, but I have nothing on there that is a security risk or I couldn't afford to loose :)
« Last Edit: September 27, 2018, 04:51:40 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3821
  • Karma: 300
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: Keep Your Data Secure With Mozilla's Newest Tools
« Reply #2 on: September 27, 2018, 04:43:52 pm »
And that's why you should **NEVER** use the same password on your primary email account (the one you use to verify other accounts) as you do on ANY other website.

...

Your primary email address (the one you can use for password resets on other accounts) password is the one that really needs protecting .. so make it secure, don't use it ANYWHERE else, and rotate it regularly.

That's the best password advice there is, PCNetSpec.

At least we don't have duplicate passwords in this house, and I tend to use passphrases as much as I use passwords.  Also, I use a password manager -- although I think browsers these days have good password managers too.

I look at these accounts that have been breached in much the same way that I look at credit card companies, or big box store chains, or regional supermarkets that get breached.  It's inevitable; it's only a matter of time; and it's going to happen. :(

Hell, Equifax got breached!   And I believe it's all because the Apache servers didn't get updated or upgraded when the updates and upgrades were available.  If this is so, then we're always going to be dealing with human error in one form or another. 

Good for Mozilla for giving us a few more tools to help us keep an eye on things. :)
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum