Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




13084 posts

Uber Geek

Trusted
Lifetime subscriber

# 214399 9-May-2017 18:54
Send private message

Had an email from FB (which I only really use for work and even then find largely pointless but that's not the point of the story!)

 

 I assumed the email was a dodgy one as it claimed I needed to 'click the link to change my password due to a log in from an unusual place'. Yeah, right.

 

I logged direct to FB and got a page saying my account was temporarily locked because someone using Opera located in Morocco tried to log on, and was that me?

 

No. Not even slightly.

 

So new password.

 

 

 

Kudos to FB for being on the ball though.






View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
15029 posts

Uber Geek


  # 1778732 9-May-2017 20:20
Send private message

Isn't its odd that facebook didn't email you too? When that happens with a google account, google emails you as well.


22344 posts

Uber Geek

Trusted
Subscriber

  # 1778752 9-May-2017 20:48
One person supports this post
Send private message

mattwnz:

 

Isn't its odd that facebook didn't email you too? When that happens with a google account, google emails you as well.

 

 

He just said that they did email him?





Richard rich.ms

 
 
 
 




13084 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1778795 9-May-2017 21:43
Send private message

They did email me, as I said.

 

To be honest, the one success the scammers have had is to make every email from people like FB look like spam or phishing!






BDFL - Memuneh
64245 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1778821 9-May-2017 22:08
Send private message

Highly recommend folks visit HIBP and sign up for the breach notifications.

 

Password stuffing is real - people have the bad habit of reusing password so when bad folks buy lists of email/passwords they just go around trying login into websites to see if they hit a jackpot. We have a few hundred attempts daily on Geekzone from people with usernames that don't exist, like this one:

 

 

We can't simply block IP addresses because these vary wildly. We use ThisData analytics to see in real time what's happening. The service automatically send an email if a suspicious login happens - some of you may have seen the email asking if it was you. At the moment it's more of a heads up to people when suspicious activity happens in their account but soon we will be terminating sessions if something like this happens.

 

And there's a lot happening:

 

 

 

 

PS. This is another PAID service that costs us - hence the ads, subscriptions, etc... Another reason for those with adblockers to consider whitelisting Geekzone - a good service is not free.







13084 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1778838 9-May-2017 22:45
Send private message

That is quite worrying.

 

Given the sheer number of things people have to (well, OK, want to) subscribe to these days, it would be great if some really clever person could come up with a way to stop it. I can have iris scanning in my phone which is allegedly pretty hard to compromise: Can I have it in my desktop soon and can it then be used to unlock websites? Or something.

 

No one can realistically recall all the passwords and emails they have used and password things like 1Password help but do not always work well cross-platform etc.






BDFL - Memuneh
64245 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1778841 9-May-2017 22:51
One person supports this post
Send private message

 I have hundreds of passwords and they are all different. A couple of my emails appeared in the leaks but just a password change and it's all good again - if I had repeated the password it would be impossible to update everywhere.

 

Password managers help. Never late to start using them.





22344 posts

Uber Geek

Trusted
Subscriber

  # 1778854 9-May-2017 23:59
Send private message

lastpass works on chrome, firefox, android, apparantly IE and edge, not that I use those, and also apparantly iphone. Also not hard to copy/paste from a supported browser into any apps on the desktop like adobe creative cloud and spotify and the phone will autofill apps.

 

No excuse for non unique passwords.





Richard rich.ms

 
 
 
 


15029 posts

Uber Geek


  # 1778856 10-May-2017 00:06
Send private message

richms:

 

mattwnz:

 

Isn't its odd that facebook didn't email you too? When that happens with a google account, google emails you as well.

 

 

He just said that they did email him?

 

 

 

 

I misread that, as I thought it was a scam email that looked like a facebook email, as they said it had a link in it that they didn't want to click. Teh problem is that these legit websites themselves are using bad practice by emailing a link as well, which potentially could have been sent by a scammer. I get lots of bank ones, and some of them look very legitimate..


376 posts

Ultimate Geek


  # 1778861 10-May-2017 02:10
Send private message

how can you find out if someone has tried to login on facebook ?

 

cant find the page


BTR

1514 posts

Uber Geek


  # 1778908 10-May-2017 08:55
Send private message

As well as using different good strength passwords for every I suggest if you have a firewall that has a geo filter use it unless you really like browsing nigeria's version of trademe.


1878 posts

Uber Geek


  # 1778911 10-May-2017 08:57
Send private message

biggal:

how can you find out if someone has tried to login on facebook ?


cant find the page

2FA

Also it's no longer required to pay for access to the password dump - it's publically released and dehashed. I suggest downloading it and searching for email addresses for any domains that tou look after ensuring that those that inevitability show up are not using those passwords anywhere.

If anyone would like me to check for them, send me a pm followed by a confirmation email from the address you'd like checked and I'll provide you with a munged password if it's listed.



13084 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1778913 10-May-2017 09:00
Send private message

Would it be possible (not my area of expertise, and I do not mean right now necessarily but soon) to have a website refuse a log in request from any device not unlocked using your biometrics?






1878 posts

Uber Geek


  # 1778920 10-May-2017 09:17
One person supports this post
Send private message

^2FA is being used more widely now where you confirm logins on new devices through a code sent by txt message or an app notification provided by push on your smartphone.



13084 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1778925 10-May-2017 09:23
Send private message

MadEngineer: ^2FA is being used more widely now where you confirm logins on new devices through a code sent by txt message or an app notification provided by push on your smartphone.

 

 

 

Yes, but it is still not that smooth. For example to use it with iCloud, any app that you want to use with it (not an Apple one) requires you to go to iCloud, create a unique password for that app and then go back to the app and put it in etc ect.

 

If somehow a website could reliably know whether the device attempting to access it has been unlocked using biometrics, and deny access if not, that would be smoother. I am sure it is technically difficult but then again when I was only 18, the internet was something that only Star Trek could have...!






1878 posts

Uber Geek


  # 1778931 10-May-2017 09:31
Send private message

That's a solution called "app-specific passwords" for outdated apps/services that don't support 2FA

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel expands 10th Gen Intel Core Mobile processor family
Posted 23-Aug-2019 10:22


Digital innovation drives new investment provider
Posted 23-Aug-2019 08:29


Catalyst Cloud becomes a Kubernetes Certified Service Provider (KCSP)
Posted 23-Aug-2019 08:21


New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01


Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46


Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.