I use Firefox browser as a basic browser and click into a search engine,I have vers 53 installed,😀
Today it says by logging here it will possibly cause my password to be stolen,So I tried my vpn and it said the same thing,
Anyone have this popup?
NS
Today it says by logging here it will possibly cause my password to be stolen,So I tried my vpn and it said the same thing,
Anyone have this popup?
NS
Firefox now says this about every site which has a login but does not use https. You can ignore it, unless you use the same password for DIYaudio and your bank account.
or is that Confefe Olay!
The security of diyAudio hasn't changed, this is just Firefox telling you that if someone is listening in between diyAudio and you, they could steal your password. This is unlikely, but there is no excuse for diyAudio to not be using HTTPS and I will be implementing it shortly. It's high on the todo list, has been for a while, but it just got a shove!
I do applaud Mozilla's proactivity by shaming a large swathe of the internet that hasn't got its act together. It's a good cause. In the meantime, you can Google for instructions on how to disable this in Firefox if it irks you.
As DF96 said, you shouldn't worry unless you use the same password for diyAudio as you do on other websites. Which you shouldn't be doing anyway. If you're not already using a password manager, please use something like 1Password or LastPass to manage your passwords. The days using the same password on multiple websites is over, you shouldn't be using a password you can remember (if you do, it's weak). You should be using a password manager.
You should also assume your email address, username and password have been leaked from multiple websites over time. If it hasn't happened, it will happen soon. If you've ever had a Yahoo, Adobe account, etc, you can be pretty sure your email address, username, password, mother's maiden name, and all those "security" questions have already been stolen and are either public or for sale somewhere. If you're not sure of that you might like to check https://haveibeenpwned.com for your email addresses.
The best security comes from assuming you will get hacked, and ensuring when that happens, harm is minimised. If I'm not mistaken, LastPass was hacked and their entire database stolen but it was no big deal - they designed their system with that in mind and it will take the hackers longer than the life of the universe to crack that data. OneLogin not so much.
I do applaud Mozilla's proactivity by shaming a large swathe of the internet that hasn't got its act together. It's a good cause. In the meantime, you can Google for instructions on how to disable this in Firefox if it irks you.
As DF96 said, you shouldn't worry unless you use the same password for diyAudio as you do on other websites. Which you shouldn't be doing anyway. If you're not already using a password manager, please use something like 1Password or LastPass to manage your passwords. The days using the same password on multiple websites is over, you shouldn't be using a password you can remember (if you do, it's weak). You should be using a password manager.
You should also assume your email address, username and password have been leaked from multiple websites over time. If it hasn't happened, it will happen soon. If you've ever had a Yahoo, Adobe account, etc, you can be pretty sure your email address, username, password, mother's maiden name, and all those "security" questions have already been stolen and are either public or for sale somewhere. If you're not sure of that you might like to check https://haveibeenpwned.com for your email addresses.
The best security comes from assuming you will get hacked, and ensuring when that happens, harm is minimised. If I'm not mistaken, LastPass was hacked and their entire database stolen but it was no big deal - they designed their system with that in mind and it will take the hackers longer than the life of the universe to crack that data. OneLogin not so much.
Last edited:
Why should we trust password managers? A chain is only as strong as its weakest link, and these day the weakest link is someone in IT somewhere in the world who does something with customer data which only an IT idiot would do. None of us knows where the next IT idiot is going to pop up and compromise our data. Hence I don't use password managers, I don't use the cloud, I don't use 'social media'; as far as possible I keep my security under my control.
Sorry if I said "You should" when I should have said "I recommend".
Some might find this advice useful / informative: https://krebsonsecurity.com/password-dos-and-donts/
I also recommend turning on two factor authentication (2FA) wherever possible, and especially on your primary email account (Gmail makes this very easy to set up). If someone has access to your email, they usually then have the ability to reset your passwords for any website you don't have 2FA protecting, and gain control of those accounts.
Some might find this advice useful / informative: https://krebsonsecurity.com/password-dos-and-donts/
I also recommend turning on two factor authentication (2FA) wherever possible, and especially on your primary email account (Gmail makes this very easy to set up). If someone has access to your email, they usually then have the ability to reset your passwords for any website you don't have 2FA protecting, and gain control of those accounts.
- Status
- Not open for further replies.