Don't mislead people, changing their password doesn't force the attacker to log out when he was still logged in, at least that's how it is on most web sites. If it was related to a critical web site, I would advise people to contact the owner/company/organization that runs that web site to make sure that they're 100% safe.
This is why I tell people if there is a setting to terminate all other or previous log-in sessions within an account's settings to do so after a password change and on a semi regular basis just for good measure.
I'd add two things: 1. If your actual password for a site is leaked, drop your account with that site and never deal with them again. Any site storing the plaintext of your password has no idea how to implement security. 2. Even if they just have the hash of your password, you aren't necessarily safe if you have a weak password, like a single dictionary word, or even a word with some letters replaced (e.g. p4$$w0rd to use a particularly bad example). Given a password hash, the baddies can easily run billions (trillions?) of weak passwords through them looking for a match. For anything you don't have to memorize (e.g. web site passwords) let your password manager generate a random string of 16 characters.
i think this is one of the most underrated or under-appreciated tthings about networking or may be should i even say web browsing or downloading software, docs whatever. Seems simple yet like you mention it's lika a paradox. I must say i ve been searching about this particular thing on YTube, searches, sites & rarely come across anywhere how you explain it perfectly with examples makes us regular not so techsavvy ppl understandable because everytime i search about this kinda topic, all i get is a bunch of vids with a word "hack" in it. of course iam not necessarily saying bad about those content people want cool stuff like that myself included. So, thank you Leo for explaining & also to the one who posed a question about this topic (not the kind what we want but rather what we really need).
I have one for you. I have a web site and my better half had a email address on that site and the hackers used it to send spam mail. I changed her password and they still used the site to send spam mail. Finally I had to remove her email address from the site mail to stop the spamming.
I think it was earlier this year I got an email from a guy that was able to explain where I was, what I was looking at etc as an attempt to get me to be safer online, much of it was actually correct. I was a tad unnerved, but ultimately deleted the email and I think it happened again about a month or so later, and again, I just ignored it. Yes, I have defender on firewall etc. and so far, I have not noted any attempts that I'm aware of, of folks trying to breach my accounts. Some like banks, I have had to let go due to lack of any real money coming in that requires such as I've been mostly living off of EBT/Cash, but transitioning to SSDI with PT work to make up the difference so will need to get a bank of some sort soon. Anyway, another good episode.
@@LSUfan No sender? I don't really have an answer for that. I'd try seeing if a filter where sender email == "" (empty string) or something like that might work.
@@LSUfan I use Thunderbird, not Outlook, so this may or may not be helpful to you. In Thunderbird, I put in a rule (Filter) that says "If FROM does NOT contain @ then move it to SPAM-FROM IS BLANK". "SPAM-FROM IS BLANK" is a folder I set up in Thunderbird. I NEVER set up a rule to DELETE a msg (just in case one of the rules catches a GOOD msg by mistake), instead I MOVE the spam msgs to a folder called SPAM-xxxx. I will do a quick glance in those SPAM-xxxx folders occasionally to see if something got snagged in error, or if I'm looking for an e-mail I was expecting and can't find it in my inbox.
My Hotmail address has Been breached. Now I can't. Log in most of the time What I mean by that every time I need to access it I have to creat a new password. 2 hours later again 2 more hours again I have over 50 attemp per hours . So they lock the account I would forget that account but 100% of my Xbox games are bought in that account wish mean if I do that boom I loose over 30 games and movies/tv series at once And cause of criminal you need to pay to have a software to manager your password wish mean you can only access those site from YOUR computer cause you can't remember 1000 password. That is impossible
Good video. Though this doesn't clarify what to do for Microsoft accounts without a password? I have passwordless account turned on and some months ago I got repeated notifications on the MS Authenticator app for login code prompts. I tapped deny of course but it happned for the whole month so someone definitely tried to hack my account for some reason. Since it's a passwordless account so I am not sure I have to change passwords or the hacker entered any either. But is this more secure? On MS Account page it said this is more secure. Please clarify this or make a video on this as many folks perhaps use passwordless account as MS has been offering that for years now
I have the same problem as you, and if you check on the login history you will be even shocked that almost every hour or every minutes somebody are trying to sync your email account. And most of the attempts are from different countries. The good news is all are failed attempt. Therefore there is nothing should be worry about since it is password less, just don't miss click to allow access.. For me I just ignore the notification just to avoid asking me for access other than myself. There is nothing much you can do as your email has been already in the breach in the past. It doesn't necessary the breach happens in Microsoft but could also be another 3rd party website that you use the same email account. So they are trying thier luck to access your account with whatever password they have to gain access. So your email account is in good hand.
Normally i recieve 1-2 spam mail in my spam folder a day but there is a sudden increase of spam mails in my spam folder about 50 spam mail a day . I had by mistake just opened a spam mail while searching for some legit mails and didn't do anything but i don't know due to that reason it is happening. Please help me 🙏
@@askleonotenboom thanks for the reply. But can you solve my other doubts like if I opened a spam mail by mistake and didn't interact with that email will it cause problem and what should I do with the 50 spam mail a day as there can be some legit mails in the spam folder also.would appreciate your help
@@amankumar_073 Just looking is OK: askleo.com/virus-by-looking-at-email/ -- as for legit email in spam, you just have to scan it periodically and mark legit mail as "not spam".
@@askleonotenboom thank you very much for the help . Does 3rd party antivirus software like Kaspersky helps in these situations? Like malware detection or website legitimacy checking?
I didnt s dark web scan with google one it said email is on the dark web and my social and my dob and my phone # what do i do i dont have a credit monitoring im paying for and i dont wanna pay if they cang remove this any suggestions
Honestly, not sure they help that much. You still have to set up credit locks yourself, and you should be paying attention to your banking statements already. My credit card issuer is monitoring as well, all included for no extra cost.
Great job on these topics! You have a rare gift in discussing these topics in such a low-key and clear manner.
Thank you for the information! I think you switched the definitions for dark web and deep web. Thought I would mention that. Love your videos Leo!
Don't mislead people, changing their password doesn't force the attacker to log out when he was still logged in, at least that's how it is on most web sites. If it was related to a critical web site, I would advise people to contact the owner/company/organization that runs that web site to make sure that they're 100% safe.
I have recently learned about “ session logs “ I got burned after changing my password. Your comment is extremely valid
This is why I tell people if there is a setting to terminate all other or previous log-in sessions within an account's settings to do so after a password change and on a semi regular basis just for good measure.
Thank you, Leo. Your video is very reassuring and super clear.
I'd add two things:
1. If your actual password for a site is leaked, drop your account with that site and never deal with them again. Any site storing the plaintext of your password has no idea how to implement security.
2. Even if they just have the hash of your password, you aren't necessarily safe if you have a weak password, like a single dictionary word, or even a word with some letters replaced (e.g. p4$$w0rd to use a particularly bad example). Given a password hash, the baddies can easily run billions (trillions?) of weak passwords through them looking for a match. For anything you don't have to memorize (e.g. web site passwords) let your password manager generate a random string of 16 characters.
i think this is one of the most underrated or under-appreciated tthings about networking or may be should i even say web browsing or downloading software, docs whatever. Seems simple yet like you mention it's lika a paradox. I must say i ve been searching about this particular thing on YTube, searches, sites & rarely come across anywhere how you explain it perfectly with examples makes us regular not so techsavvy ppl understandable because everytime i search about this kinda topic, all i get is a bunch of vids with a word "hack" in it. of course iam not necessarily saying bad about those content people want cool stuff like that myself included. So, thank you Leo for explaining & also to the one who posed a question about this topic (not the kind what we want but rather what we really need).
Leo is amazing thanks for sharing this , wish someday i can meet you in person you are one of my favorite you-tubers.
Thanks, Leo. Another great video !
More great info. Thanks Leo! JimE
I have one for you. I have a web site and my better half had a email address on that site and the hackers used it to send spam mail. I changed her password and they still used the site to send spam mail. Finally I had to remove her email address from the site mail to stop the spamming.
What’s your domain?
Never put an email address on a website. Use a form instead.
Thanks leo for the video 📸
This was very helpful
Thanks, Leo~
I think it was earlier this year I got an email from a guy that was able to explain where I was, what I was looking at etc as an attempt to get me to be safer online, much of it was actually correct. I was a tad unnerved, but ultimately deleted the email and I think it happened again about a month or so later, and again, I just ignored it.
Yes, I have defender on firewall etc. and so far, I have not noted any attempts that I'm aware of, of folks trying to breach my accounts.
Some like banks, I have had to let go due to lack of any real money coming in that requires such as I've been mostly living off of EBT/Cash, but transitioning to SSDI with PT work to make up the difference so will need to get a bank of some sort soon.
Anyway, another good episode.
What password manager do you recommend Leo? great vid, thanks!
I'm using 1Password theses days. askleo.com/best-password-manager/
@@askleonotenboomHow do you filter out emails that do not come with a sender? Outlook email rules do not have a condition of no sender.
@@LSUfan No sender? I don't really have an answer for that. I'd try seeing if a filter where sender email == "" (empty string) or something like that might work.
@@LSUfan I use Thunderbird, not Outlook, so this may or may not be helpful to you. In Thunderbird, I put in a rule (Filter) that says "If FROM does NOT contain @ then move it to SPAM-FROM IS BLANK". "SPAM-FROM IS BLANK" is a folder I set up in Thunderbird. I NEVER set up a rule to DELETE a msg (just in case one of the rules catches a GOOD msg by mistake), instead I MOVE the spam msgs to a folder called SPAM-xxxx. I will do a quick glance in those SPAM-xxxx folders occasionally to see if something got snagged in error, or if I'm looking for an e-mail I was expecting and can't find it in my inbox.
I ended up going with a rule at my mail providers site which looks for sender email addresses with a @ in them.
I don't remember all my passwords !! Now what?
It's have I been pawned...
I get 2fa all the time on one of my Microsoft accounts even tho I change the PW.
Tor is able to keep you somewhat anonymous it is not foolproof
My Hotmail address has Been breached. Now I can't. Log in most of the time
What I mean by that every time I need to access it I have to creat a new password. 2 hours later again 2 more hours again
I have over 50 attemp per hours . So they lock the account
I would forget that account but 100% of my Xbox games are bought in that account wish mean if I do that boom I loose over 30 games and movies/tv series at once
And cause of criminal you need to pay to have a software to manager your password wish mean you can only access those site from YOUR computer cause you can't remember 1000 password. That is impossible
Good video. Though this doesn't clarify what to do for Microsoft accounts without a password? I have passwordless account turned on and some months ago I got repeated notifications on the MS Authenticator app for login code prompts. I tapped deny of course but it happned for the whole month so someone definitely tried to hack my account for some reason. Since it's a passwordless account so I am not sure I have to change passwords or the hacker entered any either. But is this more secure? On MS Account page it said this is more secure. Please clarify this or make a video on this as many folks perhaps use passwordless account as MS has been offering that for years now
I have the same problem as you, and if you check on the login history you will be even shocked that almost every hour or every minutes somebody are trying to sync your email account. And most of the attempts are from different countries. The good news is all are failed attempt. Therefore there is nothing should be worry about since it is password less, just don't miss click to allow access.. For me I just ignore the notification just to avoid asking me for access other than myself.
There is nothing much you can do as your email has been already in the breach in the past. It doesn't necessary the breach happens in Microsoft but could also be another 3rd party website that you use the same email account. So they are trying thier luck to access your account with whatever password they have to gain access. So your email account is in good hand.
What domain did he say denotes the dark web?
Is the google password manager safe from breach ?
The safest form of security is a usb security key
Normally i recieve 1-2 spam mail in my spam folder a day but there is a sudden increase of spam mails in my spam folder about 50 spam mail a day . I had by mistake just opened a spam mail while searching for some legit mails and didn't do anything but i don't know due to that reason it is happening. Please help me 🙏
If spam is landing in your spam folder, that's the system working as it should.
@@askleonotenboom thanks for the reply. But can you solve my other doubts like if I opened a spam mail by mistake and didn't interact with that email will it cause problem and what should I do with the 50 spam mail a day as there can be some legit mails in the spam folder also.would appreciate your help
@@amankumar_073 Just looking is OK: askleo.com/virus-by-looking-at-email/ -- as for legit email in spam, you just have to scan it periodically and mark legit mail as "not spam".
@@askleonotenboom thank you very much for the help . Does 3rd party antivirus software like Kaspersky helps in these situations? Like malware detection or website legitimacy checking?
@@amankumar_073 Don't know about Kaspersky specifically but most security software will scan downloads. Not all deal with website legitimacy.
is "delete me" gonna help?
Unlikely.
Change your passwords regularly.
No. askleo.com/is_a_periodic_password_change_a_good_thing/
Ever heard of teleprompter, Leo?... Your reading look so bad, you've got to do something about it, seriously.
Actually I have one. I need to get glasses that allow me to see it without constantly tilting my head back.
oppressed countries? Like those that collect income taxes?
I didnt s dark web scan with google one it said email is on the dark web and my social and my dob and my phone # what do i do i dont have a credit monitoring im paying for and i dont wanna pay if they cang remove this any suggestions
Did you watch the video? It's what this is all about.
@@askleonotenboomYea Leo all you said why change you passwords 😂🤷♂️
What do you think about services like LifeLock?
Honestly, not sure they help that much. You still have to set up credit locks yourself, and you should be paying attention to your banking statements already. My credit card issuer is monitoring as well, all included for no extra cost.