I only use that password here. It’s iCloud generated. It’s not replicated anywhere else. So for it to show up in a data leak could have only come from this community being compromised. Unless by chance someone is using the exact same password as me somewhere else on the internet.
I’ve updated both my email (to an iCloud generated hide my email from an old disposable gmail) and my password out of caution.
Does Apple use Have I Been Pwned to check for passwords in data leaks, or some other service?
Have I Been Pwned isn’t flagging any issue with my Monzo community password: Have I Been Pwned: Pwned Passwords
phildawson
(Sorry, I will have to escalate this.)
3
I don’t believe so. Nothing on have I been pwned but it’s not the best nor most reliable source for data leaks. My email hasn’t appeared in the data leak, just the password, apparently.
Apple (iCloud+) are flagging it. Of course I trust them.
I saw this last year and immediately stopped using randomly generated passwords by Chrome because put simply they are super easy to crack.
I now use three random words separated with some additional special characters and numbers included. I’m surprised by some of the websites that don’t allow more than 12 characters
That’s what I did a while back. It was astonishing how many niche forums there were, or random small online shops (this was back when genuine small shops had their own websites rather than the random drop shipped crap from a fake ‘shop’ places that exist now), and especially sites I’d basically used once and once only
You might find the job quicker than you expected; if some of your logins are as old as mine were, there were a lot of sites and places that, when GDPR came along, purged account details and passwords f they weren’t being actively used.
Basically that sort of password. But random combinations are now thought not to be as secure as all that.
It’s totally shameful in the light of all the current cyber threats that companies haven’t stepped up their password game. MFA is a must if you can’t allow complex passwords