should I bother changing passwords on every website?
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't know, but I'm not sure why either of you want to bother using security on manually kept password lists. If that's naive or ignorant of me, go ahead and tell me. Because someone could break into your home and steal your computer? I guess; fair enough. It can't be because you're worried about someone hacking into your computer to steal the list, because you could defeat that just by using paper.
newbiesforever: your arguments only work if you're the only person who will ever have physical access not only to your computer, but to the room that it's in.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I have had this conversation with a friend, yesterday.
At present I am using passwords which may leave me in some way exposed II obviously I will not say how or why.
My answer is I'll buy a few cheap, tiny, waterproof notebooks and make up some passwords I can write in them. If I'm robbed or burgled I'll know compromise is possible and act accordingly.
Just make sure you use different passwords for every site you have an account on. Whoah yeah ah man menis fenis benis denis - sorry, excuse me. What I meant to say is, also make sure your passwords really are different - completely different, not just one or two characters different.
To answer the main question in the thread, if you're already using completely different passwords for all your other accounts, then I don't see why you should need to change your passwords for your other services just because yahoo's passwords got breached.
Though there is one other thing to think about. Did you use your yahoo email account to register accounts on any other websites? For example, using it as the secondary recovery email address for another email account on a different site. If so, you should then consider whether or not you should change your passwords on those services, or change the recovery email for those services.
should I bother changing passwords on every website?
You don't need a feature bloated GUI password manager. Use one complex password longer than 8 characters with at least 1 special character as the key to encrypt / decrypt a plain text file that contains all your passwords. Use GNUpg to generate a certificate for doing so.
If you really want a password manager, then use:
https://www.passwordstore.org
newbiesforever: your arguments only work if you're the only person who will ever have physical access not only to your computer, but to the room that it's in.
Is that actually the case?
You know, I actually did want an answer to this...
I thought about answering, but it doesn't sound like something I would accomplish anything useful by it.
What do you mean by that? WHOA ah yeah man menis man fenis benis denis dennace - excuse me, sorry. In any case, you should be careful about keeping your passwords written down in any form. It's possible someone could break into your house and steal your laptop or computer, and then have convenient access to all of your passwords. It's also possible that someone could access your computer remotely by some exploit.
At the very least, the file you store your passwords in should be encrypted somehow.
I thought about answering, but it doesn't sound like something I would accomplish anything useful by it.
This obviously speaks volumes. I don't know why you thought it wouldn't.
But if the reason you didn't want to answer because the answer was "no", then you might want to consider the case of the guy whose brother got his LQ password, and then got his LQ account banned by posting scat porn.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
To be fair, my own, soon to be adopted, password policy is a couple of notebooks -- one at home and one in my wallet.
If I'm burgled or robbed I'll use the other copy (with no usernames or clues as to which is used for what) to reset everything.
It isn't any more complicated than that.
Of course, memory and some kind of re-use of theme can help make thinghs faster but, in the end, written physical copies make sense.
This obviously speaks volumes. I don't know why you thought it wouldn't.
But if the reason you didn't want to answer because the answer was "no", then you might want to consider the case of the guy whose brother got his LQ password, and then got his LQ account banned by posting scat porn.
That's an area I would have no vulnerability in. My family members would never do such a thing.
I hope I may be forgiven for laughing at the sheer obnoxiousness and absurdity of posting pornography to a technology-related forum. This man's brother was obviously a sociopath.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.