Anyone experiencing that? Is there a possible fix?
"A data breach on a site or app exposed your password" message
-
D Oliveira
- AppGini Super Hero
- Posts: 357
- Joined: 2018-03-04 09:30
- Location: David
"A data breach on a site or app exposed your password" message
With the new chrome update whenever i log in my appgini applications this message pops up:
Anyone experiencing that? Is there a possible fix?
Anyone experiencing that? Is there a possible fix?
Re: "A data breach on a site or app exposed your password" message
Hi,
change your password. There is not much else you can do.
change your password. There is not much else you can do.
Any help offered comes with the best of intentions. Use it at your own risk. In any case, please make a backup of your existing environment before applying any changes.
-
D Oliveira
- AppGini Super Hero
- Posts: 357
- Joined: 2018-03-04 09:30
- Location: David
Re: "A data breach on a site or app exposed your password" message
Hi D Oliveira,
let's stay with you (not your customers for a moment): Think about this: Are using a different password for your different logins? If you answer this with YES, I would find it very strange to get such a warning.
There are password breaches every day, so maybe see this as a "general" warning to actually use strong and different passwords.
You can also check for breached passwords on sites like https://haveibeenpwned.com (similar: Identity breach: https://sec.hpi.de/ilc/search?lang=en )
Can you use a different browser without that warning? Is there a chance to investigate how google checks for breaches?
Olaf
let's stay with you (not your customers for a moment): Think about this: Are using a different password for your different logins? If you answer this with YES, I would find it very strange to get such a warning.
There are password breaches every day, so maybe see this as a "general" warning to actually use strong and different passwords.
You can also check for breached passwords on sites like https://haveibeenpwned.com (similar: Identity breach: https://sec.hpi.de/ilc/search?lang=en )
Can you use a different browser without that warning? Is there a chance to investigate how google checks for breaches?
Olaf
Some postings I was involved, you might find useful:
Multi Path Upload (MPU) / dynamic upload folder; SingleEdit - Prevent concurrent edits on records; Field Permissions; Column-Value-Based-Permissions; Custom (error) message; Audit Log; Backup your database; Two Factor Authentication; Block brute force (failed) logins; Add 2nd SAVE CHANGES button
Multi Path Upload (MPU) / dynamic upload folder; SingleEdit - Prevent concurrent edits on records; Field Permissions; Column-Value-Based-Permissions; Custom (error) message; Audit Log; Backup your database; Two Factor Authentication; Block brute force (failed) logins; Add 2nd SAVE CHANGES button
Re: "A data breach on a site or app exposed your password" message
Thanks Olaf. I'd like to add a link that explains how Chrome checks for login breaches: https://www.wired.com/story/chrome-79-password-check/onoehring wrote: ↑2020-01-02 09:44Hi D Oliveira,
let's stay with you (not your customers for a moment): Think about this: Are using a different password for your different logins? If you answer this with YES, I would find it very strange to get such a warning.
There are password breaches every day, so maybe see this as a "general" warning to actually use strong and different passwords.
You can also check for breached passwords on sites like https://haveibeenpwned.com (similar: Identity breach: https://sec.hpi.de/ilc/search?lang=en )
Can you use a different browser without that warning? Is there a chance to investigate how google checks for breaches?
Olaf
From the above link:
So, maybe you're using this same username/password in a site that have been breached before. It's not recommended to use the same password in multiple websites -- even if it's a strong password.All of these Password Checkup features work for people who have their username and password combos saved in Chrome and have them synced to Google's servers. Google figures that since it has a big (encrypted) database of all your passwords, it might as well compare them against a 4-billion-strong public list of compromised usernames and passwords that have been exposed in innumerable security breaches over the years. Any time Google hits a match, it notifies you that a specific set of credentials is public and unsafe and that you should probably change the password.
AppGini plugins to add more power to your apps:
- DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
- Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.
- Need personalized consulting on your specific app and customizations? Book an online call with me here.
-
D Oliveira
- AppGini Super Hero
- Posts: 357
- Joined: 2018-03-04 09:30
- Location: David
Re: "A data breach on a site or app exposed your password" message
thank you for the clarifications ahmed and olafa.gneady wrote: ↑2020-01-04 15:16Thanks Olaf. I'd like to add a link that explains how Chrome checks for login breaches: https://www.wired.com/story/chrome-79-password-check/onoehring wrote: ↑2020-01-02 09:44Hi D Oliveira,
let's stay with you (not your customers for a moment): Think about this: Are using a different password for your different logins? If you answer this with YES, I would find it very strange to get such a warning.
There are password breaches every day, so maybe see this as a "general" warning to actually use strong and different passwords.
You can also check for breached passwords on sites like https://haveibeenpwned.com (similar: Identity breach: https://sec.hpi.de/ilc/search?lang=en )
Can you use a different browser without that warning? Is there a chance to investigate how google checks for breaches?
Olaf
From the above link:
So, maybe you're using this same username/password in a site that have been breached before. It's not recommended to use the same password in multiple websites -- even if it's a strong password.All of these Password Checkup features work for people who have their username and password combos saved in Chrome and have them synced to Google's servers. Google figures that since it has a big (encrypted) database of all your passwords, it might as well compare them against a 4-billion-strong public list of compromised usernames and passwords that have been exposed in innumerable security breaches over the years. Any time Google hits a match, it notifies you that a specific set of credentials is public and unsafe and that you should probably change the password.