Jump to content
The Dark Mod Forums

How Does Google Know my Dark Mod Password????

NeonsStyle

By NeonsStyle
in TDM Tech Support

 Share

Recommended Posts

NeonsStyle

NeonsStyle

Posted
Posted

Check this out:

1. It says my TDM Password has been leaked, but more importantly,

2. How does it know my Dark Mod password? Are they not encrypted???

3. Noticed it picked up some of the passwords on my phone as well. WTF is going on here? How do they know this?

 

Neon

 

passwords.jpg

I have an eclectic YouTube channel making videos on a variety of games. Come and have look here:

https://www.youtube.com/c/NeonsStyleHD

 

Dark Mod Missions: Briarwood Manor - available here or in game

http://forums.thedarkmod.com/topic/18980-fan-mission-briarwood-manor-by-neonsstyle-first-mission-6082017-update-16/

 

 

darksilence

darksilence

Posted
Posted (edited)

Chrome knows the passwords that you choose to save. They are stored as plain text.

You should not allow Chrome to save your important passwords, either memorize them or keep them in a piece of paper inside a non-pickable wooden chest.

 

Edited by darksilence
  • Haha 2

The Dark Mod Database: https://tdmdb.com

freyk

freyk

Posted
Posted (edited)

And is possible you used the same password at another site,
where it is known that its useraccount storage database is leaked.

Following a review of chrome password manager, the password are stored encrypted in a plain text database-file. 
Chrome "calculate" this password and can compare this with leaked calculated passwords. (that is happened)

So change your passwords frequently.
dont use a online/synced password manager from somebody else,
etc etc,..

Edited by freyk

Info: My portfolio and darkmod graphical installer
Amnesty for Bikerdude!

Zerg Rush

Zerg Rush

Posted
Posted (edited)

I use a good system to create strong passwords, which I can remember easily. For example I use 1235 for an account as a password, but I don't use it as is, I use it encrypted. For this I use an app to encrypt text, for example in SHA256 or other systems, with this 1235 becomes 

72l6LnLCtvvC5d8Jd2LRaD2CUGhMu9xc6F2Q6+RUues=

which certainly is a strong password which I can repeat whenever I want, only have to remember 1235.

Never trust G☉☉gle

Edited by Zerg Rush
  • Like 1
  • Thanks 2

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

STiFU

STiFU

Posted
Posted

Either the TDM servers got hacked or, much more likely, you used the same login credentials for numerous sites and another site got hacked. You can check your credentials on haveibeenpwned.com. 

With what tool did you get that report you screenshotted?

  • Like 1
Zerg Rush

Zerg Rush

Posted
Posted

For important log in data it is always advisable to use an encrypted mail service, such as those of Proton Mail or Tutanota.
I also use Gmail when I created it out of ignorance many years ago, but I do not use it for anything that is relevant and much less use Google as a credential to register on other sites that offer this possibility.

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

NeonsStyle

NeonsStyle

Posted
  • Author
Posted

@STiFU It was an email I got from Google telling me this. 

@Zerg Rush, whats the name of this app?

I have an eclectic YouTube channel making videos on a variety of games. Come and have look here:

https://www.youtube.com/c/NeonsStyleHD

 

Dark Mod Missions: Briarwood Manor - available here or in game

http://forums.thedarkmod.com/topic/18980-fan-mission-briarwood-manor-by-neonsstyle-first-mission-6082017-update-16/

 

 

Dragofer

Dragofer

Posted
Posted
1 hour ago, NeonsStyle said:

@STiFU It was an email I got from Google telling me this.

Hm, it might be worth looking closely at the URL of the sender - it might not be Google, but a phishing attempt.

  • Like 1

FM: One Step Too Far | FM: Down by the Riverside | FM: Perilous Refuge
Co-FM: The Painter's Wife | Co-FM: Written in Stone | Co-FM: Seeking Lady Leicester
Dragofer's Stuff | Dragofer's Scripting | A to Z Scripting Guide | Dark Ambient Music & Sound Repository

STiFU

STiFU

Posted
Posted
1 hour ago, NeonsStyle said:

@STiFU It was an email I got from Google telling me this. 

In that case, you are likely using chrome or an android phone and stored passwords in some browser. That data gets synchronized with your google account, if you don't deactivate that functionality.

I recommend disabling all password storage in all your browsers and use a proper password manager to generate and store unique passwords for each site. I can recommend Bitwarden for this, as it is very comfortable to use and runs on all the main platforms. With with stuff like this, user-comfort is a very important factor, as I'd find it annoying to always tab between apps to enter my login credentials into a website. I use Chrome with the Bitwarden addon. I enter my master password into the bitwarden addon once when starting Chrome, and the addon will fill out all login credentials automatically.

  • Like 1
NeonsStyle

NeonsStyle

Posted
  • Author
Posted

The only problem with Password generators/managers, is you never know what the passwords are for any of your sites. 
If your drive goes down you lose all that info, and now can't get into any of your sites. This is why I've never used
one. 

I have an eclectic YouTube channel making videos on a variety of games. Come and have look here:

https://www.youtube.com/c/NeonsStyleHD

 

Dark Mod Missions: Briarwood Manor - available here or in game

http://forums.thedarkmod.com/topic/18980-fan-mission-briarwood-manor-by-neonsstyle-first-mission-6082017-update-16/

 

 

cabalistic

cabalistic

Posted
Posted

You should seriously reconsider that stance. Passwords that you can remember are very likely not secure enough, particularly because you probably share them between accounts to some extent.

Good password managers encrypt your passwords securely so that you can easily back them up to cloud storage.

  • Like 1
Zerg Rush

Zerg Rush

Posted
Posted (edited)
1 hour ago, cabalistic said:

You should seriously reconsider that stance. Passwords that you can remember are very likely not secure enough, particularly because you probably share them between accounts to some extent.

Good password managers encrypt your passwords securely so that you can easily back them up to cloud storage.

Passwords which I can remember also secure, when I ecrypt them before use. See the Example in what I had converted 1235. What isn't secure is to have your password stored in a server online, using a password manager. If this server fails or is hacked, you can't recover your password created in aleatory manner. But I can recover mine, only remember 1235 and

 

On 8/12/2021 at 3:16 PM, NeonsStyle said:

@STiFU It was an email I got from Google telling me this. 

@Zerg Rush, whats the name of this app?

the text encrypter I use.

There are severals, for Example Encipher.it (AES) is a good choice (you can use it online, but better the app, it's free) https://encipher.it. You can also create your own, not very complicated with the text functions of a spreedsheet (Excel, LibreOffice Calc, or what you use)

Edited by Zerg Rush

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

cabalistic

cabalistic

Posted
Posted
55 minutes ago, Zerg Rush said:

Passwords which I can remember also secure, when I ecrypt them before use. See the Example in what I had converted 1235. What isn't secure is to have your password stored in a server online, using a password manager. If this server fails or is hacked, you can't recover your password created in aleatory manner. But I can recover mine, only remember 1235 and

I said backed up, not stored, didn't I? My Keepass file is automatically synced with cloud storage, and as a consequence I have multiple fairly recent copies on my laptop, PC and my server.

You do still have the problem that you need different passwords for different accounts. If you use the same encrypted passwords for all your accounts, that is most certainly not secure. I guess you could just use the domain name in your scheme, if your encryption is strong enough. You'll just have to hope that the websites didn't put some braindead rules for passwords into place that your encrypted output doesn't conform to :)

  • Like 1
AluminumHaste

AluminumHaste

Posted
Posted

I like to subscribe to the 4 random word passwords. Like Horse Cloud French Toast or something like that. Easy to remember, not guess.

 

I always assumed I'd taste like boot leather.

 

cabalistic

cabalistic

Posted
Posted

 

5 minutes ago, AluminumHaste said:

I like to subscribe to the 4 random word passwords. Like Horse Cloud French Toast or something like that. Easy to remember, not guess.

You can go that route, but two things that are important to point out:

  1. 4 words may be cutting it close, probably better to choose 5 to 6, at least for important accounts.
  2. you must not pick the words, they must be chosen randomly! If you pick the words, there will be patterns in the sequence which significantly weaken the strength of the password. I know it's in the name of the method and you're probably aware, but many people still have a tendency to try to pick or "massage" the generated words, so I wanted to emphasize it :)

Still, remembering too many of those phrases simultaneously is not an easy feat, so I'd still recommend a password manager, even if it's just a backup for your memory...

datiswous

datiswous

Posted
Posted
On 8/10/2021 at 3:57 AM, NeonsStyle said:

Check this out:

1. It says my TDM Password has been leaked, but more importantly,

The info in that screenshot doesn't say that your TDM account is leaked. It says:

1. One password for an account is compromised

2. You have some weak passwords for 3 sites (one is TDM)

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recent Status Updates

    • JackFarmer

      JackFarmer

      "The Year of the Rat." 
      😄

      Al Stewart must be proud of you!
      Happy testing!
      @MirceaKitsune
      · 1 reply
    • datiswous

      datiswous

      I posted about it before, but I think the default tdm logo video looks outdated. For a (i.m.o.) better looking version, you can download the pk4 attached to this post and plonk it in your tdm root folder. Every mission that starts with the tdm logo then starts with the better looking one. Try for example mission COS1 Pearls and Swine.
      tdm_logo_video.pk4
      · 2 replies
    • JackFarmer

      JackFarmer

      Kill the bots! (see the "Who is online" bar)
      · 3 replies
    • STiFU

      STiFU

      I finished DOOM - The Dark Ages the other day. It is a decent shooter, but not as great as its predecessors, especially because of the soundtrack.
      · 5 replies
    • JackFarmer

      JackFarmer

      What do you know about a 40 degree day?
      @demagogue
      · 4 replies
×
×
  • Create New...