Got this message when I logged on to CEO this morning on my iPad.

I’ve only just updated iOS on iPad so I presume that this is a new Apple security feature where it compares login details to a DB of known compromised information.

I only use this username on CEO so... what gives?

That warning is not for your 'username,' but for your 'password.' And yes, it's a new ios 14 feature.

It means you have a weak password and you should ideally change it. I'm guessing it's so weak that others have used it too, but has nothing to do with your actual credentials being leaked somewhere.

Also, check out a password manager called Dashlane. It will check all your passwords and also help you reset weak ones in bulk.

General Mackevili wrote:That warning is not for your 'username,' but for your 'password.' And yes, it's a new ios 14 feature.

It means you have a weak password and you should ideally change it. I'm guessing it's so weak that others have used it too, but has nothing to do with your actual credentials being leaked somewhere.

Also, check out a password manager called Dashlane. It will check all your passwords and also help you reset weak ones in bulk.

Hmmm. It isn't so weak. More than 10 characters long with text, numbers and symbols.

It isn't a 20 character string of random characters, but it isn't quite 'Pa55word'

khmerhamster wrote: ↑Fri Sep 25, 2020 10:44 am

General Mackevili wrote:That warning is not for your 'username,' but for your 'password.' And yes, it's a new ios 14 feature.

It means you have a weak password and you should ideally change it. I'm guessing it's so weak that others have used it too, but has nothing to do with your actual credentials being leaked somewhere.

Also, check out a password manager called Dashlane. It will check all your passwords and also help you reset weak ones in bulk.

Hmmm. It isn't so weak. More than 10 characters long with text, numbers and symbols.

It isn't a 20 character string of random characters, but it isn't quite 'Pa55word'

Well, apparently someone else of the 8 billion people on this planet also thought it was a good password, and it's been leaked somewhere.

Also, check your emails here to see if they appear in any known data breaches:

https://haveibeenpwned.com/

And a bit more info about the new ios 14 security features:

https://www.the-sun.com/lifestyle/tech/ ... ssword.%22

I do love this internet security business.

Especially those MS/windows/outlook based systems, the like of which my current outfit insist on using.
They've ticked all the security options, including- can't reuse any of the last 3 passwords, AND can't use ANY of your previous passwords. Then, they force a change of password EVERY 6months. To top it off, our own IT department doesn't support IOS at all- bloody helpful when we use iPad as a company issued and essential bit of kit, but which doesn't properly run the app from which we must change our password.
The same department that's been hacked twice in the last 3 years.

I have no less than 4 PIN numbers, 5 passwords and two official company email addresses. Just for company use!

In my experience, aside from forum trolls which are basically the equivalent of cat fleas by comparison, there are two types of pestilence pervading the internet-

1. The dysfunctional little shits that fuck with everyone else's internet experience.
2. Overbearing, and often unhelpful/unavailable IT departments that randomly swamp you with system updates, outages and a deluge of notices requiring mandatory acknowledgements, about server resets that really should be kept to themselves.

For the former, I suggest a return to a more traditional form of social alignment- Public stocks, and daily floggings. 1 day for first offence, and then follow a Fibonacci sequence of increasing duration for subsequent offences.
For the latter- inverted drawing pins on their home and enter keys, and two doses of cat fleas.


as you were

General Mackevili wrote:Also, check out a password manager called Dashlane. It will check all your passwords and also help you reset weak ones in bulk.

Whatever password manager one use, make sure it stores all the passwords on the device only. Recently password managers that stored passwords ‘in the cloud’ (for use on multiple devices) were hacked.

Be careful out there.

Corporate requires password change every month on sooner. For each system. Plus tends test ‘hacker’ emails every week. Passwords are upper case lower case numbers plus special characters minimum and maximum length. Worse than PMS.

And now requires the ID badge swipe to unlock and lock computers.

^^^^ You guys ought to tell your CTO and/or IT Department to wake up.

"Password expiration is a dying concept. Essentially, it’s when an organization requires their workforce to change their passwords every 60, 90 or XX number of days. And while there are several reasons behind the password expiration policy, most at this point seem obsolete."
https://www.sans.org/security-awareness ... ration-die

"Don't enforce regular password expiry.
Regular password changing harms rather than improves security."
https://www.ncsc.gov.uk/collection/pass ... r-approach

A Message for your CTO:
"Password policy best practices: Lessons for leaders

• Stay up to date with recommendations for creating and maintaining secure passwords.

• Minimize opportunities for user password failures.

• Make use of public databases of password failures and account breaches."

https://www.hpe.com/us/en/insights/arti ... -1908.html

Username Taken wrote:^^^^ You guys ought to tell your CTO and/or IT Department to wake up.

You actually KNOW your CTO and members of your IT Department?

Wow!

I know Bob the maintenance guy. And John the trash guy.

IT issues requires calling the magical corporate number. After the computer voice gives up on solving the problem then a human voice intervenes. And occasionally a human is sent from corporate headquarters.

The human bot doesn’t have a name. Maybe a bar code. The bot doesn’t talk, it’s dragging a cart with a replacement of whatever isn’t working. After replacement It goes back to the mystical land of corporate HQ.