Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicFacebook Dodgy log in attempt
Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted
Lifetime subscriber

#214399 9-May-2017 18:54
Send private message

Had an email from FB (which I only really use for work and even then find largely pointless but that's not the point of the story!)

 

 I assumed the email was a dodgy one as it claimed I needed to 'click the link to change my password due to a log in from an unusual place'. Yeah, right.

 

I logged direct to FB and got a page saying my account was temporarily locked because someone using Opera located in Morocco tried to log on, and was that me?

 

No. Not even slightly.

 

So new password.

 

 

 

Kudos to FB for being on the ball though.





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
mattwnz
20515 posts

Uber Geek
+1 received by user: 4795


  #1778732 9-May-2017 20:20
Send private message

Isn't its odd that facebook didn't email you too? When that happens with a google account, google emails you as well.



richms
29098 posts

Uber Geek
+1 received by user: 10209

Trusted
Lifetime subscriber

  #1778752 9-May-2017 20:48
Send private message

mattwnz:

 

Isn't its odd that facebook didn't email you too? When that happens with a google account, google emails you as well.

 

 

He just said that they did email him?




Richard rich.ms

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted
Lifetime subscriber

  #1778795 9-May-2017 21:43
Send private message

They did email me, as I said.

 

To be honest, the one success the scammers have had is to make every email from people like FB look like spam or phishing!







freitasm
BDFL - Memuneh
80647 posts

Uber Geek
+1 received by user: 41031

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1778821 9-May-2017 22:08
Send private message

Highly recommend folks visit HIBP and sign up for the breach notifications.

 

Password stuffing is real - people have the bad habit of reusing password so when bad folks buy lists of email/passwords they just go around trying login into websites to see if they hit a jackpot. We have a few hundred attempts daily on Geekzone from people with usernames that don't exist, like this one:

 

 

We can't simply block IP addresses because these vary wildly. We use ThisData analytics to see in real time what's happening. The service automatically send an email if a suspicious login happens - some of you may have seen the email asking if it was you. At the moment it's more of a heads up to people when suspicious activity happens in their account but soon we will be terminating sessions if something like this happens.

 

And there's a lot happening:

 

 

 

 

PS. This is another PAID service that costs us - hence the ads, subscriptions, etc... Another reason for those with adblockers to consider whitelisting Geekzone - a good service is not free.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted
Lifetime subscriber

  #1778838 9-May-2017 22:45
Send private message

That is quite worrying.

 

Given the sheer number of things people have to (well, OK, want to) subscribe to these days, it would be great if some really clever person could come up with a way to stop it. I can have iris scanning in my phone which is allegedly pretty hard to compromise: Can I have it in my desktop soon and can it then be used to unlock websites? Or something.

 

No one can realistically recall all the passwords and emails they have used and password things like 1Password help but do not always work well cross-platform etc.





freitasm
BDFL - Memuneh
80647 posts

Uber Geek
+1 received by user: 41031

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1778841 9-May-2017 22:51
Send private message

 I have hundreds of passwords and they are all different. A couple of my emails appeared in the leaks but just a password change and it's all good again - if I had repeated the password it would be impossible to update everywhere.

 

Password managers help. Never late to start using them.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

 
 
 
 

Shop now on AliExpress (affiliate link).
richms
29098 posts

Uber Geek
+1 received by user: 10209

Trusted
Lifetime subscriber

  #1778854 9-May-2017 23:59
Send private message

lastpass works on chrome, firefox, android, apparantly IE and edge, not that I use those, and also apparantly iphone. Also not hard to copy/paste from a supported browser into any apps on the desktop like adobe creative cloud and spotify and the phone will autofill apps.

 

No excuse for non unique passwords.




Richard rich.ms

mattwnz
20515 posts

Uber Geek
+1 received by user: 4795


  #1778856 10-May-2017 00:06
Send private message

richms:

 

mattwnz:

 

Isn't its odd that facebook didn't email you too? When that happens with a google account, google emails you as well.

 

 

He just said that they did email him?

 

 

 

 

I misread that, as I thought it was a scam email that looked like a facebook email, as they said it had a link in it that they didn't want to click. Teh problem is that these legit websites themselves are using bad practice by emailing a link as well, which potentially could have been sent by a scammer. I get lots of bank ones, and some of them look very legitimate..

bigalow
568 posts

Ultimate Geek
+1 received by user: 112


  #1778861 10-May-2017 02:10
Send private message

how can you find out if someone has tried to login on facebook ?

 

cant find the page

BTR

BTR
1527 posts

Uber Geek
+1 received by user: 449


  #1778908 10-May-2017 08:55
Send private message

As well as using different good strength passwords for every I suggest if you have a firewall that has a geo filter use it unless you really like browsing nigeria's version of trademe.

MadEngineer
4591 posts

Uber Geek
+1 received by user: 2570

Trusted

  #1778911 10-May-2017 08:57
Send private message

biggal:

how can you find out if someone has tried to login on facebook ?


cant find the page

2FA

Also it's no longer required to pay for access to the password dump - it's publically released and dehashed. I suggest downloading it and searching for email addresses for any domains that tou look after ensuring that those that inevitability show up are not using those passwords anywhere.

If anyone would like me to check for them, send me a pm followed by a confirmation email from the address you'd like checked and I'll provide you with a munged password if it's listed.




You're not on Atlantis anymore, Duncan Idaho.

 
 
 
 

Shop now at Mighty Ape (affiliate link).
Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted
Lifetime subscriber

  #1778913 10-May-2017 09:00
Send private message

Would it be possible (not my area of expertise, and I do not mean right now necessarily but soon) to have a website refuse a log in request from any device not unlocked using your biometrics?





MadEngineer
4591 posts

Uber Geek
+1 received by user: 2570

Trusted

  #1778920 10-May-2017 09:17
Send private message

^2FA is being used more widely now where you confirm logins on new devices through a code sent by txt message or an app notification provided by push on your smartphone.




You're not on Atlantis anymore, Duncan Idaho.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted
Lifetime subscriber

  #1778925 10-May-2017 09:23
Send private message

MadEngineer: ^2FA is being used more widely now where you confirm logins on new devices through a code sent by txt message or an app notification provided by push on your smartphone.

 

 

 

Yes, but it is still not that smooth. For example to use it with iCloud, any app that you want to use with it (not an Apple one) requires you to go to iCloud, create a unique password for that app and then go back to the app and put it in etc ect.

 

If somehow a website could reliably know whether the device attempting to access it has been unlocked using biometrics, and deny access if not, that would be smoother. I am sure it is technically difficult but then again when I was only 18, the internet was something that only Star Trek could have...!





MadEngineer
4591 posts

Uber Geek
+1 received by user: 2570

Trusted

  #1778931 10-May-2017 09:31
Send private message

That's a solution called "app-specific passwords" for outdated apps/services that don't support 2FA




You're not on Atlantis anymore, Duncan Idaho.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright