I would be most grateful if people who know things about computers and security would read the following account of something that just happened and give me some advice
( Read more... )
I don't think the access codes being the same is a problem: the key point is that the attacker isn't able to enter them into their copy of Steam and therefore can't access your account. Basically they convert the requirement for access to your account from "must know your username and password" to "must know your username and password and also be able to read your email". You've probably already worked out that it's well worth having different passwords for different services. Approaches to solving the "I can't remember hundreds of passwords" problem include password safe programs and writing them down on a bit of paper and keeping that somewhere safe (low-tech but really very hard for most real attackers to get at l-)
Thank you, that's comforting that I don't need to worry about this particular case too much.
Yes, I know I've been a bit sloppy with passwords. The password that I had for Twitter is one that I use for things where security isn't something I'm concerned about - various online fan fora, etc. For important things I usually have a unique password for each one (banking, emails, etc.) and I'd completely forgotten that I used the insecure one for Steam, which was a very stupid thing to do!
It looks to me like someone tried to use your twitter email/password combination to get into your Steam account without realising that would trigger the email about using Steam from another computer.
Steam-wise I think you should be safe but if you use that password anywhere else you should change it immediately, someone is testing it in various places - e.g., Amazon, Facebook - in order to see where your vulnerabilities are.
Thank you very much for this - and yes, I'll do that. I don't think there are too many other places where that password is used these days but I'll need to check quite a lot of sites to make sure.
Comments 4
You've probably already worked out that it's well worth having different passwords for different services. Approaches to solving the "I can't remember hundreds of passwords" problem include password safe programs and writing them down on a bit of paper and keeping that somewhere safe (low-tech but really very hard for most real attackers to get at l-)
Reply
Yes, I know I've been a bit sloppy with passwords. The password that I had for Twitter is one that I use for things where security isn't something I'm concerned about - various online fan fora, etc. For important things I usually have a unique password for each one (banking, emails, etc.) and I'd completely forgotten that I used the insecure one for Steam, which was a very stupid thing to do!
Reply
Steam-wise I think you should be safe but if you use that password anywhere else you should change it immediately, someone is testing it in various places - e.g., Amazon, Facebook - in order to see where your vulnerabilities are.
Reply
Reply
Leave a comment