pdpatient in reply to park_bear4 years ago

Good morning, parkbear. I am not sure if this will come up in a Google search.

I was notified by Google Password Manager which i use through Google Chrome. Whenever I access a website that has my credentials stored in Google Password Manager, it does a security check on the website and if the website has been compromised and the data that contains my credentials, I am immediately notified.

Just FYI, I am a Information Security and Database Architecture professional🙂

park_bear in reply to pdpatient4 years ago

Okay - I got into Google password manager via chrome. My healthunlocked password is not listed there so I guess it did not check the site.

Off-topic - I see the Google password manager has saved a few of my passwords to the Google cloud at passwords.google.com/ without my permission, allegedly securely. I hate this and it certainly violates my security parameters. I cannot find how to delete those passwords from that location.

Reply (1)Report

pdpatient in reply to park_bear4 years ago

Hi parkbear, I would love to help you with a detailed procedure to delete or change your settings and passwords in Chrome, but it would take a lot of time. But the good news is that Google has become more transparent with their admin options.

Change your password manager through Chrome settings ( the browser. not the password site). If you go through each and every setting in "account", you can totally control your settings to your comfort zone.

Remember, ho to Chrome, click on the wheel, go to account and it will take you to the account settings page and spend some time to secure your account. Enable 2 factor authentication and use a complex password. Better still, use the Google suggested password for the most complexity and you don't have to remember anything because Google will pre-populate everything. But you have to turn on auto fill.

Hope this helps

Reply (0)Report

park_bear in reply to pdpatient4 years ago

Ah - one can get rid of it by doing a reset at chrome.google.com/sync

Reply (1)Report

pdpatient in reply to park_bear4 years ago

Yes, but that is the nuclear option 😩

Reply (0)Report

park_bear in reply to pdpatient4 years ago

For some people that would be the case. Nothing of interest there for me.

Google is an odd mix of best/worst-of-breed security. Grabbing my passwords and putting them in the cloud without my permission certainly qualifies as the latter. The Google password stash has got to be the number one high-value target of hackers.

Reply (1)Report

pdpatient in reply to park_bear4 years ago

Parkbear, just a simple test can put your doubts to rest. Go back and login to the website using chrome and save the password is password manager. If Google doesn't flag it immediately, then logout of the account and exit/close the browser.

If i remember correctly, you do need to enable the feature first though.

Reply (1)Report

park_bear in reply to pdpatient4 years ago

Ran into trouble getting the settings page to accept a new password. However, resetting the password at the login worked easily.

Reply (1)Report

MarionP in reply to pdpatient4 years ago

You going to tell the website it's compromised?

Reply (0)Report

pdpatient in reply to Enidah4 years ago

Hi Enidah. I agree. But some people on this wwebsite may not have taken all the necessary steps to keep ourselves anonymous as suggested when you sign up. So, at a minimum, if you have been careless, your personal information such as that you have Parkinson's might be exposed. How much that matters to you is your business, but privacy is taken very seriously in the USA and even more seriously in Europe. If you suffer financial loss or reputation loss or something else like losing your job because your employer found out about your disability, you can sue the website. However, sites such as this one protect themselves by asking you to take detailed steps to keep your profile anonymous, so that they don't get sued. Just go back and check your settings page again and you will see their instructions in a different light. I suspect that HeathUnlocked might never reach out to us and inform all because the very act of doing so, invites a lawsuit.

That being said, we all usually use one email address for everything. What if criminals have your email address and your password? Studies have shown that a substantial number of people use the same combination of username and password to access multiple sites. These criminals and hackers attempt to access hundreds of thousands of websites in matter of minutes, sometimes in seconds to attend to breach any website that contains your more valuable information such as your bank account details. You didn't use the same password and username for your bank that you use for your bank account or something else quite important, did you?😀

I hope that it makes sense.

Enidah in reply to pdpatient4 years ago

Thank you for explaining that!

Reply (1)Report

pdpatient in reply to Enidah4 years ago

Enidah, you are most welcome. Please read my other posts on this thread in response to parkbear. Hopefully, that helps you too.

Reply (0)Report

park_bear in reply to Enidah4 years ago

If your password actually has been hacked (and I am not convinced that it has) you do not want bad actors accessing your profile or your account, even if the only thing they can find is your email.

Enidah in reply to park_bear4 years ago

Thank you, PB. I'm sure this is something I need to educate myself about.

Reply (1)Report

pdpatient in reply to gazozzie4 years ago

Hi Gazzozzie, as a matter of prudent precaution and as a standard of good security practice, you should change your password anyway every 90 days.

I highly recommend that you change your password.

alexask in reply to pdpatient4 years ago

My preference is never to use the exact same password for every site. One could use a similar password and put a suffix or prefix on it dependent on the site you are on. I can never be bothered changing a password every 90 days. In general the danger from hacks is where the same password from a hacked non-financial site can gain access to one with more personal information and/or financial details.

Reply (1)Report

pdpatient in reply to Redginger4 years ago

Hi Red. Please see my answer to LAJ.

Redginger in reply to pdpatient4 years ago

thank you!

Reply (1)Report

pdpatient in reply to Redginger4 years ago

Redginger, you are welcome!

Reply (0)Report

Redginger in reply to pdpatient4 years ago

this is Redginger. Unfortunately, that doesnt work for me. When I click on Avatar (which I dont actually have one, HU put one there for me, but how could that make any difference) I never see a 'settings' option. I tried 'Edit' which I'd tried last night, but nothing there. Could it be because I've never 'completed' my profile?

Grumpy77 in reply to Redginger4 years ago

No, I never completed my profile too but 'settings' is still there. I think it's probably because you are clicking your avatar in the wrong place. Click on your avatar that appears at the top right corner, NOT the one that appears on top of your posts

Reply (1)Report

pdpatient in reply to Redginger4 years ago

Redginger, Grumpy is spot on. Did that work out for you?

Reply (0)Report

pdpatient in reply to faridaro4 years ago

Hi faridaro. You are doing nothing wrong! A case of very poor programming, that's all. Some young idiot wrote a routine that I have seen copied by a lot of websites. It starts to match your confirmation password and instead of caching the result internally, it continues to display the same mismatch until the end of your typing. Once you have input your correct password, it will display the password as matched. I am not sure if this is a flaw in the website programming or the browser programming. More likely to be the latter.

Let me guess.....you are using explorer or edge?

faridaro in reply to pdpatient4 years ago

Thank you for your kind response. I typed in my current password and then twice the new password hoping that the result will get caught internally as you explained so well, however got the message "Unable to save profile update". Use explorer as browser and unfortunately I am completely illiterate about computer technology

Reply (0)Report

pdpatient in reply to faridaro4 years ago

Faridaro, please download Google Chrome using explorer and then try again using chrome. The issue that's bothering you shouldn't appear here now.

Reply (0)Report

faridaro in reply to pdpatient4 years ago

I followed your advice to Art when he asked what to do if someone doesn't remember password which might have been my case as well without me realizing it in the beginning. So I logged out, clicked on don't remember password and received a link to reset the password which worked!

Thank you Pdpatient for your kind advice and patience!

Reply (1)Report

pdpatient in reply to faridaro4 years ago

Faridaro, you are most welcome. Happy to be of assistance.

This is part of what I still do for a living and I excel at it and absolutely love it. I am a Database Security and Database Architecture IT guy with the additional qualifications of Parkinson's 😇 LoL

Reply (1)Report

faridaro in reply to pdpatient4 years ago

I am very impressed by people with credentials in this fascinating (and scary) field of virtual data which I know nothing about. Just have become your "follower" to be in the loop...

Reply (1)Report

condor39 in reply to pdpatient4 years ago

Could you recommend a Password service, such as “LastPass”, please? They are confusing for most of us.

Reply (1)Report

ParlePark in reply to condor394 years ago

I’ve been using LastPass for years and very happy with it. As PdP.. mentioned, it’s free and I believe if used on one operating system. Could be wrong on that. I pay around 36.00 a year for my computers and iPhone

Reply (0)Report

pdpatient in reply to condor394 years ago

Hi condor. I highly recommend the Google Password Manager that comes inbuilt with Google Chrome browser. The immediate notification that I received when I tried to login after the breach occurred is a fine example as to why. Plus it is free.

LastPass or something similar is good but why go through the extra hassle of configuring a Master Password, go through some other tweaks etc? Plus, mostly only their base versions are free.

Reply (0)Report

Sapeye2020 in reply to pdpatient4 years ago

Also==watch out if you use Firefox, I had a similar problem on another site and I had to empty the cache for the site before it would allow a change... after an hour of using the "If you forgot your PW" tool to no avail.

Reply (0)Report

pdpatient in reply to BootsOn4 years ago

BootsOn I can empathize with your feelings. Some days I feel the same way.

pdpatient in reply to Despe4 years ago

Despe, you need to know that the issue is with the your data being possibly compromised by someone hacking into HU. Google is just an informer, NOT the culprit 😁

So, regardless of whether you're using Firefox, Chrome, Internet Explorer, Safari or Microsoft Edge, you are literally ********

I wish HU would chime in.

Despe in reply to pdpatient4 years ago

Thank you! Perhaps HU should use a different browser.

Reply (1)Report

MarionP in reply to pdpatient4 years ago

The hu people will not chime in, for the reason you mention. Glad you noticed and told us though.

Reply (1)Report

pdpatient in reply to LauraL4 years ago

Laura. There you go! That's good and fast action.

Thank you 🙇 for the 32 years of preparing the best asset of our nation - our 👨‍👩‍👧‍👦

Redginger in reply to pdpatient4 years ago

So does this now mean that we individually no longer have to worry about it?

Reply (1)Report

pdpatient in reply to Redginger4 years ago

Redginger, you should always be on your guard. As fifthbird suggested, you should change your password for any site you log on to periodically. I recommend the common consensus of every 90 days.

You can save your self the trouble by using Google Chrome browser and using the Google Password Manager. The product is built into Chrome and is getting more and more sophisticated by the day. You can let Google create a complex password for you and activate the autofill feature and every time you sign-on to the website, Google will autocomplete the username and password for you. Nothing to remember and it's easy. This is how I got alerted.

The bonus aspect of the Google Password Manager is that it keeps constant track of the data breaches across the world and alerts you about the data breach the next time that you attempt to login to the website.

There are other software that can do the same thing, a good example being Norton. But it costs money. Google Chrome and the Password Manager is free.

Reply (0)Report

pdpatient in reply to chartist4 years ago

Hi Chartist. Just log out of the website and request a new password using the link to ”forgot password" or something similar. If you are using Google chrome and password manager, there's an option for viewing the encrypted password for which Google will ask for additional authentication.

chartist in reply to pdpatient4 years ago

pdpatient,

Thank you, that worked!

Art

Reply (1)Report

pdpatient in reply to chartist4 years ago

You are most welcome, Chartist.

Reply (1)Report