Security recommendation password leak ios14

[Hendri Hendri]

Hi,

I noticed that on my iphone security recommendation many of my login has data leak as per ios suggested

Anyone has the same issue ?

Should i change all my password ? That’s too many .... any easy way to do that ?

Thx

 

[Just_Me_D]

Hi,

I noticed that on my iphone security recommendation many of my login has data leak as per ios suggested

Anyone has the same issue ?

Should i change all my password ? That’s too many .... any easy way to do that ?

Thx

If you use a password manager then yeah, I recommend you change all your passwords.

 

[Lee_Bo]

Long time 1Password user here. Love it!!! Yes, subscription based but that’s just the way things are now.

 

[Hendri Hendri]

If you use a password manager then yeah, I recommend you change all your passwords.

No I don’t ....
Only keychain, and I have to do this manually one by one ... oh my ....

 

[dmoskaluk]

Hi,

I noticed that on my iphone security recommendation many of my login has data leak as per ios suggested

Anyone has the same issue ?

Should i change all my password ? That’s too many .... any easy way to do that ?

Thx

I've intermittently gotten similar notes but not from  - I have changed passwords for 'critical' apps and I did change my Apple ID password when I updated the IMac 2 days ago. What I did get is more 'confirm password' prompts on both iOS & OS, but strongly suspect it's an  push to go to '2-step authentication'. for all functions. When it becomes more of a PITA to avoid this than to use it I'll give it a whirl though but for me as a retiree it's likely overkill so far anyway.

 

[Lee_Bo]

When it becomes more of a PITA to avoid this than to use it I'll give it a whirl though but for me as a retiree it's likely overkill so far anyway.

Seriously? That’s when hackers try their hardest. I have 2FA enabled. You couldn’t pay me not to have it.

 

[EdwinG]

It's a new feature in iOS 14 that checks all the password's saved in Apple's Password Manager (aka Keychain) to see if they've been leaked, similar to 1Password.

 

[dmoskaluk]

Seriously? That’s when hackers try their hardest. I have 2FA enabled. You couldn’t pay me not to have it.

OK - I bit the bullet and set it up. Where the issues were previously I suspect is that I'm on the Canadian App Store as the C/C supporting it is Canadian. No issue there, but the phone I use personally is of course a Barbados number. Even though the format is the same ie +1 XXX XXX XXXX I never could get the text message. This time I did (?) so something must have changed as the last time I tried was probably less than a year ago. I did the change via the APPLE ID setting page on my recently updated iMac.
My Canadian Cell ( Android) is only a traveller and only active when I'm there, on a very convenient pay-as- you - go plan. Mainly I use it to generate a hotspot to run my iPhone & iPad. The B'dos providers still don't have 'roaming data' packages for outside the Caribbean, so I save a lot by using 2 phones ( actually as another Android is used in Guyana).. so let's see how it works!!

 

[doogald]

Long time 1Password user here. Love it!!! Yes, subscription based but that’s just the way things are now.

It doesn't have to be a subscription. You can still purchase a license on the Mac and use iCloud or Dropbox to sync with the iOS version.

(I also have a subscription for some of the extra features, and to support the developers going forward.)

 

[Lee_Bo]

It doesn't have to be a subscription. You can still purchase a license on the Mac and use iCloud or Dropbox to sync with the iOS version.

(I also have a subscription for some of the extra features, and to support the developers going forward.)

True, but for a minimal yearly charge, you get all the pro features and you’re supporting the devs.

 

[Ledsteplin]

Long time 1Password user here. Love it!!! Yes, subscription based but that’s just the way things are now.

I don't pay a subscription for 1Password. I've had it for 7 years. I don't know what a subscription offers, but I get all I need for free. Well, not free. I paid $9.99 for it 7 years ago.

 

[Just_Me_D]

3237663[/URL]]I don't pay a subscription for 1Password. I've had it for 7 years. I don't know what a subscription offers, but I get all I need for free. Well, not free. I paid $9.99 for it 7 years ago.

Same here. With that being said, if I install the newest 1Password app on my MacBook then it’ll try to force me to get a subscription.

 

[Hendri Hendri]

I've intermittently gotten similar notes but not from  - I have changed passwords for 'critical' apps and I did change my Apple ID password when I updated the IMac 2 days ago. What I did get is more 'confirm password' prompts on both iOS & OS, but strongly suspect it's an  push to go to '2-step authentication'. for all functions. When it becomes more of a PITA to avoid this than to use it I'll give it a whirl though but for me as a retiree it's likely overkill so far anyway.

I did change my password one by one by goong through all the website, at least from 100+ recommendation, reduced to half. And that’s no fun.

I used 2SA, but it still prompt that my pass is vurnable for my appleid

 

[Hendri Hendri]

True, but for a minimal yearly charge, you get all the pro features and you’re supporting the devs.

Is it worth it to pay monthly only for multiple gmail, onlineshop and social media password ?

I kinda moved from safari/keychain to chrome for quite some time now. It’s more convenience to move among my PC and apple devices

For banking, I never stored any pass on browser or keychain

 

[EdwinG]

I strongly suggest using a password manager, whether it’s the one included in your web browser, the operating system (Keychain) or a dedicated one.

It is a well known fact that humans are bad at remembering random sets of characters.

Every service (bank, WiFi, Facebook, Google, this forum, that family website, router, etc.) must use a unique password, and the longer the better. I try to have 64 random characters wherever possible, and I’ll probably increase that to 128 or 256 characters.

 

[Just_Me_D]

3237671[/URL]]I did change my password one by one by goong through all the website, at least from 100+ recommendation, reduced to half. And that’s no fun.

I used 2SA, but it still prompt that my pass is vurnable for my appleid

Wait a minute. You mentioned your Apple ID. Have you changed the password for it? It meaning your Apple ID. If not, change it to something stronger and then see if you still get the weak password prompt.

 

[Hendri Hendri]

I strongly suggest using a password manager, whether it’s the one included in your web browser, the operating system (Keychain) or a dedicated one.

It is a well known fact that humans are bad at remembering random sets of characters.

Every service (bank, WiFi, Facebook, Google, this forum, that family website, router, etc.) must use a unique password, and the longer the better. I try to have 64 random characters wherever possible, and I’ll probably increase that to 128 or 256 characters.

Surely I will keep using keychain and chrome’s just for the convenience to not input each login manually

What I meant is, is it worth itu to pay monthly for 1password ? Chrome can do what 1pass can, as long as I’m using Chrome at any devices (though I’m not completly trust the Chrome in term of security). Keychain will take care for my ios app.

For using the random 124 characters, i always curious ... what if in some situation, we don’t have 1pass or other pass manager installed / available on the device. How to login if we even don’t know the random characters as the pass

 

[Hendri Hendri]

Wait a minute. You mentioned your Apple ID. Have you changed the password for it? It meaning your Apple ID. If not, change it to something stronger and then see if you still get the weak password prompt.

Yes AppleID, which Might have to revise my previous post, that not the pass has potential leaked, but my pass has re-used risks.

I change my pass though, and already make sure all my ios devices set up with this new pass. It did show up - still, on the security recommendation. But i noticed the pass hasn’t been updated yet (still the previous re-use one). I simply delete that pass from the keychain.

There’re so many repeated pass for the same app or website on the keychain, not to mention some website which I login to years ago. I’ve deleted many of those from the keychain. It’s a messed

 

[Just_Me_D]

3237678[/URL]]Yes AppleID, which Might have to revise my previous post, that not the pass has potential leaked, but my pass has re-used risks.

I change my pass though, and already make sure all my ios devices set up with this new pass. It did show up - still, on the security recommendation. But i noticed the pass hasn’t been updated yet (still the previous re-use one). I simply delete that pass from the keychain.

There’re so many repeated pass for the same app or website on the keychain, not to mention some website which I login to years ago. I’ve deleted many of those from the keychain. It’s a messed

Oh okay. I understand.

 

[EdwinG]

What I meant is, is it worth itu to pay monthly for 1password ? Chrome can do what 1pass can, as long as I’m using Chrome at any devices (though I’m not completly trust the Chrome in term of security). Keychain will take care for my ios app.

1Password is not the only password manager out there. There are others, like LastPass and KeePass that work differently and are free.
Using a dedicated password manager is mostly for convenience; I don't need to save the same password at 3-4 different places like Keychain on macOS/iOS and Microsoft Edge on Windows. They usually have extensions that allow to integrate with different web browsers on traditional computers, or with the operating system on mobile devices.

For using the random 124 characters, i always curious ... what if in some situation, we don’t have 1pass or other pass manager installed / available on the device. How to login if we even don’t know the random characters as the pass

If you use a long password, which in an ideal world everyone would, the password would always be saved in your password manager. For example, 1Password does provide you with a website where you can access your saved passwords, if you sync with their service and you provide the login page with your email, your password, unique encryption key and second factor authentication method.