I’m gonna need a bigger tool.
And I have been dragging my heels for a while, despite warnings from being registered on Have I Been pwned? (which I think now also sends warnings via Firefox). Yes, for many years I did that lazy thing of using the same password on many a free web site.
This is a regular thing, right? Enough warning?
It’s less about the sites being hacked to worry about, it’s that giant lists of emails and those reused password are sold on black markets, counting on trying them on almost every site out there (and if you ever look at the access/error logs on any hosted WordPress site it might be boggling how much they are pummeled with attempts to brute force login. So for ______’s sale, do not use simple passwords OR an admin user named “admin”)
I stopped using that one password long ago. I had started a few years ago with a password manager (1Password) that enables me to use long, ugly, inhuman passwords on any site that involved key information or money.
Yet I had been storing passwords too in Google Chrome, and recently they rolled out some new tools that can notify you when logging in via a stored passwords if it’s that one which shows up on the nasty lists.
You start to see these Wake Up and Smell The Rotten Passwords feeling:
I rolled up my sleeves, opened up my list of passwords. I recognize that one password from the length of the asterisks. I spent maybe 90 minutes… working through the sites that start with A. What I found was:
- A good number are older ones that have been updated already. So I can just delete them. Not sure why, but Google seems to store multiple ones for the same site.
- A few others are ones on sites and services that are no longer around.
- A good number of sites I do not even remember what they are!
- Others are on sites I may still use, so I had to go through the process of logging in, changing passwords to Long Ugly Ones Managed Outside of Google. A few sites had forced changes so they know the news too.
Some sites were a struggle just to log into:
Probably the most time consuming process is trying to delete accounts from services I no longer use. Frankly, most sites make these very very very VERY hard to find. They are often buried far away, and usually require filling out a form or emailing where you must beg to be released. Sometimes sites like https://justdeleteme.xyz/ helped, but it’s a long slog.
One of the worst ws Active.com – I think I created an account there maybe 7 years ago when I was foolish and running half marathons. I did not even recognize the site.
Right there on where I can edit my page profile is a nice button to “upgrade” but none to delete?
They did respond, and there is a link I never found:
How stupid of me! I was looking in my profile and account information to find a place to delete my account when I needed to dig into their privacy pages?
I managed to delete 3 bad accounts, change maybe 6 more, and remove a number of dead site passwords.
And those are just the “A” ones.
I found the way to get an update on the Google Password check up link at https://passwords.google.com/
I’ve got a lot of rubble to go. But I am making progress.