1. Hendri Hendri's Avatar
    Hi,

    I noticed that on my iphone security recommendation many of my login has data leak as per ios suggested

    Anyone has the same issue ?

    Should i change all my password ? That’s too many .... any easy way to do that ?

    Thx
    12-31-2020 08:28 PM
  2. Just_Me_D's Avatar
    Hi,

    I noticed that on my iphone security recommendation many of my login has data leak as per ios suggested

    Anyone has the same issue ?

    Should i change all my password ? That’s too many .... any easy way to do that ?

    Thx
    If you use a password manager then yeah, I recommend you change all your passwords.
    12-31-2020 08:40 PM
  3. Lee_Bo's Avatar
    Long time 1Password user here. Love it!!! Yes, subscription based but that’s just the way things are now.
    Just_Me_D and Hendri Hendri like this.
    12-31-2020 08:45 PM
  4. Hendri Hendri's Avatar
    If you use a password manager then yeah, I recommend you change all your passwords.
    No I don’t ....
    Only keychain, and I have to do this manually one by one ... oh my ....
    01-01-2021 01:52 AM
  5. dmoskaluk's Avatar
    Hi,

    I noticed that on my iphone security recommendation many of my login has data leak as per ios suggested

    Anyone has the same issue ?

    Should i change all my password ? That’s too many .... any easy way to do that ?

    Thx
    I've intermittently gotten similar notes but not from  - I have changed passwords for 'critical' apps and I did change my Apple ID password when I updated the IMac 2 days ago. What I did get is more 'confirm password' prompts on both iOS & OS, but strongly suspect it's an  push to go to '2-step authentication'. for all functions. When it becomes more of a PITA to avoid this than to use it I'll give it a whirl though but for me as a retiree it's likely overkill so far anyway.
    01-01-2021 08:23 AM
  6. Lee_Bo's Avatar
    When it becomes more of a PITA to avoid this than to use it I'll give it a whirl though but for me as a retiree it's likely overkill so far anyway.
    Seriously? That’s when hackers try their hardest. I have 2FA enabled. You couldn’t pay me not to have it.
    01-01-2021 09:17 AM
  7. Ed7789's Avatar
    It's a new feature in iOS 14 that checks all the password's saved in Apple's Password Manager (aka Keychain) to see if they've been leaked, similar to 1Password.
    01-01-2021 09:35 AM
  8. dmoskaluk's Avatar
    Seriously? That’s when hackers try their hardest. I have 2FA enabled. You couldn’t pay me not to have it.
    OK - I bit the bullet and set it up. Where the issues were previously I suspect is that I'm on the Canadian App Store as the C/C supporting it is Canadian. No issue there, but the phone I use personally is of course a Barbados number. Even though the format is the same ie +1 XXX XXX XXXX I never could get the text message. This time I did (?) so something must have changed as the last time I tried was probably less than a year ago. I did the change via the APPLE ID setting page on my recently updated iMac.
    My Canadian Cell ( Android) is only a traveller and only active when I'm there, on a very convenient pay-as- you - go plan. Mainly I use it to generate a hotspot to run my iPhone & iPad. The B'dos providers still don't have 'roaming data' packages for outside the Caribbean, so I save a lot by using 2 phones ( actually as another Android is used in Guyana).. so let's see how it works!!
    Last edited by dmoskaluk; 01-01-2021 at 11:35 AM.
    Lee_Bo likes this.
    01-01-2021 10:39 AM
  9. doogald's Avatar
    Long time 1Password user here. Love it!!! Yes, subscription based but that’s just the way things are now.
    It doesn't have to be a subscription. You can still purchase a license on the Mac and use iCloud or Dropbox to sync with the iOS version.

    (I also have a subscription for some of the extra features, and to support the developers going forward.)
    01-01-2021 12:25 PM
  10. Lee_Bo's Avatar
    It doesn't have to be a subscription. You can still purchase a license on the Mac and use iCloud or Dropbox to sync with the iOS version.

    (I also have a subscription for some of the extra features, and to support the developers going forward.)
    True, but for a minimal yearly charge, you get all the pro features and you’re supporting the devs.
    01-01-2021 12:58 PM
  11. Ledsteplin's Avatar
    Long time 1Password user here. Love it!!! Yes, subscription based but that’s just the way things are now.
    I don't pay a subscription for 1Password. I've had it for 7 years. I don't know what a subscription offers, but I get all I need for free. Well, not free. I paid $9.99 for it 7 years ago.
    01-01-2021 02:27 PM
  12. Just_Me_D's Avatar
    3237663[/URL]]I don't pay a subscription for 1Password. I've had it for 7 years. I don't know what a subscription offers, but I get all I need for free. Well, not free. I paid $9.99 for it 7 years ago.
    Same here. With that being said, if I install the newest 1Password app on my MacBook then it’ll try to force me to get a subscription.
    01-01-2021 02:36 PM
  13. Hendri Hendri's Avatar
    I've intermittently gotten similar notes but not from  - I have changed passwords for 'critical' apps and I did change my Apple ID password when I updated the IMac 2 days ago. What I did get is more 'confirm password' prompts on both iOS & OS, but strongly suspect it's an  push to go to '2-step authentication'. for all functions. When it becomes more of a PITA to avoid this than to use it I'll give it a whirl though but for me as a retiree it's likely overkill so far anyway.
    I did change my password one by one by goong through all the website, at least from 100+ recommendation, reduced to half. And that’s no fun.

    I used 2SA, but it still prompt that my pass is vurnable for my appleid
    01-01-2021 03:48 PM
  14. Hendri Hendri's Avatar
    True, but for a minimal yearly charge, you get all the pro features and you’re supporting the devs.
    Is it worth it to pay monthly only for multiple gmail, onlineshop and social media password ?

    I kinda moved from safari/keychain to chrome for quite some time now. It’s more convenience to move among my PC and apple devices

    For banking, I never stored any pass on browser or keychain
    01-01-2021 03:57 PM
  15. Ed7789's Avatar
    I strongly suggest using a password manager, whether it’s the one included in your web browser, the operating system (Keychain) or a dedicated one.

    It is a well known fact that humans are bad at remembering random sets of characters.

    Every service (bank, WiFi, Facebook, Google, this forum, that family website, router, etc.) must use a unique password, and the longer the better. I try to have 64 random characters wherever possible, and I’ll probably increase that to 128 or 256 characters.
    01-01-2021 04:46 PM
  16. Just_Me_D's Avatar
    3237671[/URL]]I did change my password one by one by goong through all the website, at least from 100+ recommendation, reduced to half. And that’s no fun.

    I used 2SA, but it still prompt that my pass is vurnable for my appleid
    Wait a minute. You mentioned your Apple ID. Have you changed the password for it? It meaning your Apple ID. If not, change it to something stronger and then see if you still get the weak password prompt.
    01-01-2021 05:02 PM
  17. Hendri Hendri's Avatar
    I strongly suggest using a password manager, whether it’s the one included in your web browser, the operating system (Keychain) or a dedicated one.

    It is a well known fact that humans are bad at remembering random sets of characters.

    Every service (bank, WiFi, Facebook, Google, this forum, that family website, router, etc.) must use a unique password, and the longer the better. I try to have 64 random characters wherever possible, and I’ll probably increase that to 128 or 256 characters.
    Surely I will keep using keychain and chrome’s just for the convenience to not input each login manually

    What I meant is, is it worth itu to pay monthly for 1password ? Chrome can do what 1pass can, as long as I’m using Chrome at any devices (though I’m not completly trust the Chrome in term of security). Keychain will take care for my ios app.

    For using the random 124 characters, i always curious ... what if in some situation, we don’t have 1pass or other pass manager installed / available on the device. How to login if we even don’t know the random characters as the pass
    01-01-2021 05:17 PM
  18. Hendri Hendri's Avatar
    Wait a minute. You mentioned your Apple ID. Have you changed the password for it? It meaning your Apple ID. If not, change it to something stronger and then see if you still get the weak password prompt.
    Yes AppleID, which Might have to revise my previous post, that not the pass has potential leaked, but my pass has re-used risks.

    I change my pass though, and already make sure all my ios devices set up with this new pass. It did show up - still, on the security recommendation. But i noticed the pass hasn’t been updated yet (still the previous re-use one). I simply delete that pass from the keychain.

    There’re so many repeated pass for the same app or website on the keychain, not to mention some website which I login to years ago. I’ve deleted many of those from the keychain. It’s a messed
    Just_Me_D likes this.
    01-01-2021 05:24 PM
  19. Just_Me_D's Avatar
    3237678[/URL]]Yes AppleID, which Might have to revise my previous post, that not the pass has potential leaked, but my pass has re-used risks.

    I change my pass though, and already make sure all my ios devices set up with this new pass. It did show up - still, on the security recommendation. But i noticed the pass hasn’t been updated yet (still the previous re-use one). I simply delete that pass from the keychain.

    There’re so many repeated pass for the same app or website on the keychain, not to mention some website which I login to years ago. I’ve deleted many of those from the keychain. It’s a messed
    Oh okay. I understand.
    01-01-2021 05:41 PM
  20. Ed7789's Avatar
    What I meant is, is it worth itu to pay monthly for 1password ? Chrome can do what 1pass can, as long as I’m using Chrome at any devices (though I’m not completly trust the Chrome in term of security). Keychain will take care for my ios app.
    1Password is not the only password manager out there. There are others, like LastPass and KeePass that work differently and are free.
    Using a dedicated password manager is mostly for convenience; I don't need to save the same password at 3-4 different places like Keychain on macOS/iOS and Microsoft Edge on Windows. They usually have extensions that allow to integrate with different web browsers on traditional computers, or with the operating system on mobile devices.


    For using the random 124 characters, i always curious ... what if in some situation, we don’t have 1pass or other pass manager installed / available on the device. How to login if we even don’t know the random characters as the pass
    If you use a long password, which in an ideal world everyone would, the password would always be saved in your password manager. For example, 1Password does provide you with a website where you can access your saved passwords, if you sync with their service and you provide the login page with your email, your password, unique encryption key and second factor authentication method.
    01-01-2021 06:07 PM
  21. Hendri Hendri's Avatar
    1Password is not the only password manager out there. There are others, like LastPass and KeePass that work differently and are free.
    Using a dedicated password manager is mostly for convenience; I don't need to save the same password at 3-4 different places like Keychain on macOS/iOS and Microsoft Edge on Windows. They usually have extensions that allow to integrate with different web browsers on traditional computers, or with the operating system on mobile devices.



    If you use a long password, which in an ideal world everyone would, the password would always be saved in your password manager. For example, 1Password does provide you with a website where you can access your saved passwords, if you sync with their service and you provide the login page with your email, your password, unique encryption key and second factor authentication method.
    I understand what you mean regarding the password manager

    For the long password thingy

    let say, in some occasion, you don’t have access for your usual devices, and you need to logon to your email urgently, you need to either borrow someone’s phone or internet cafe to do that. With the impossible to remember password generated from password generator, you need to login to your password manager website so you can access to those random characters. And another thing is, the main 1 password for the password manager is the key to all your password right ? Do you use long character as well ? Since this is the gateway which need the most security ever. How to remember that long random characters ?

    I’m just curious, if I really rely on the password generator to create such characters, I felt that I have no control and no ability to remember, on something crucial
    01-01-2021 06:27 PM
  22. Ed7789's Avatar
    let say, in some occasion, you don’t have access for your usual devices, and you need to logon to your email urgently, you need to either borrow someone’s phone or internet cafe to do that. With the impossible to remember password generated from password generator, you need to login to your password manager website so you can access to those random characters. And another thing is, the main 1 password for the password manager is the key to all your password right ? Do you use long character as well ? Since this is the gateway which need the most security ever. How to remember that long random characters ?
    It happened to me exactly once in about 10 years I've been using some sort of password manager.
    Usually, I'm never far away from a backup device, at most 200km away.
    This said, I end up learning my email's password by the way of simply typing it in by hand.

    The rule of thumb with me is that if you're sending me an email, it's not urgent by design.

    I’m just curious, if I really rely on the password generator to create such characters, I felt that I have no control and no ability to remember, on something crucial
    The password manager's password would be the one you remember, and it would be a long nonsensical phrase (5 or 6 long words, with characters substituted by symbols/numbers).
    01-01-2021 06:39 PM
  23. Hendri Hendri's Avatar
    It happened to me exactly once in about 10 years I've been using some sort of password manager.
    Usually, I'm never far away from a backup device, at most 200km away.
    This said, I end up learning my email's password by the way of simply typing it in by hand.

    The rule of thumb with me is that if you're sending me an email, it's not urgent by design.


    The password manager's password would be the one you remember, and it would be a long nonsensical phrase (5 or 6 long words, with characters substituted by symbols/numbers).
    And if a long nonsensical phrase is “safe” enough for “the” password, why for others, we need the long random characters pass ? I understand that gives layer of security etc, but well ... it’s debatable lol
    01-01-2021 06:55 PM
  24. Ed7789's Avatar
    The password you type into the password manager should not leave your computer, if the password manager's design is done correctly. If you're syncing with a cloud service, like iCloud or Dropbox, it's only the encrypted blob of "unreadable" data that's sent over.

    It turns out you don't need to sync the password with the blob to decrypt it on another device
    01-02-2021 08:19 AM

Similar Threads

  1. Apple sending special iPhones to Security Research Program participants
    By iMore.com in forum iMore.com News Discussion & Contests
    Replies: 0
    Last Post: 12-22-2020, 10:30 PM
  2. Shortcuts app IOS14 who to remove confirmation ?
    By plansberg in forum iPhone Apps & Games
    Replies: 0
    Last Post: 12-15-2020, 12:16 PM
  3. Get equipment recommendations on the Apple Fitness+ website
    By iMore.com in forum iMore.com News Discussion & Contests
    Replies: 0
    Last Post: 12-14-2020, 07:40 PM
  4. Logitech launches first video doorbell with HomeKit Secure Video support
    By iMore.com in forum iMore.com News Discussion & Contests
    Replies: 0
    Last Post: 12-08-2020, 12:22 PM
  5. HomeKit Secure Video-enabled Eve Cam sees rare discount after Cyber Monday
    By iMore.com in forum iMore.com News Discussion & Contests
    Replies: 0
    Last Post: 12-03-2020, 11:00 AM
LINK TO POST COPIED TO CLIPBOARD