87 upvotes, 19 direct replies (showing 19)
View submission: How to keep your Reddit account safe
[deleted]
Comment by worstnerd at 06/05/2019 at 17:23 UTC
80 upvotes, 11 direct replies
Reddit, like many other online services, utilizes public breach disclosure information of leaked passwords posted online to proactively detect if those passwords can be used to log in to your Reddit account. This is performed securely by following the same procedure with the password as you would to verify it works, and if successful we immediately force a change to reset your password to invalidate that externally compromised credential.
Comment by [deleted] at 06/05/2019 at 17:20 UTC
6 upvotes, 0 direct replies
This is one option:
https://haveibeenpwned.com/[1][2]
1: https://haveibeenpwned.com/
2: https://haveibeenpwned.com/
Comment by skeeto at 06/05/2019 at 17:16 UTC
5 upvotes, 1 direct replies
I imagine one of those is Troy Hunt's dataset, which you can check yourself:
https://haveibeenpwned.com/Passwords
Comment by Drunken_Economist at 06/05/2019 at 17:22 UTC
5 upvotes, 1 direct replies
Overly simple answer: basically use those username/password sets to try to log in to the account.
Comment by HottKiwi at 06/05/2019 at 17:15 UTC
2 upvotes, 0 direct replies
Something like this: https://haveibeenpwned.com/[1][2]
1: https://haveibeenpwned.com/
2: https://haveibeenpwned.com/
Comment by homesickalien at 06/05/2019 at 17:51 UTC
1 upvotes, 1 direct replies
Comment by osatorex at 10/07/2019 at 18:50 UTC
1 upvotes, 0 direct replies
Since i becomme amember here 3 m9nths ago i lost already phone and nearle 30gb of data includedmy son Pictures. Let me work 4 u to stóp and earlie prevent to this. My comp. And phone is Way to slow to run my instrumenty.
Comment by [deleted] at 06/05/2019 at 18:57 UTC
1 upvotes, 0 direct replies
https://haveibeenpwned.com[1][2]
Checks your email, usernames, passwords, etc. Against public dumps and let's you know if you've been a part of any.
Comment by prjindigo at 06/05/2019 at 22:34 UTC
1 upvotes, 0 direct replies
Just change your password if you're concerned about it.
Comment by ImperfectBanana at 06/05/2019 at 20:23 UTC
1 upvotes, 0 direct replies
One example: Troy Hunt's HIBP[1].
1: https://www.troyhunt.com/have-i-been-pwned-you-can-now-ask-api/
Comment by Kahzgul at 06/05/2019 at 18:25 UTC
1 upvotes, 0 direct replies
https://haveibeenpwned.com/[1][2]
1: https://haveibeenpwned.com/
2: https://haveibeenpwned.com/
This is a good place to start.
Comment by gatorling at 06/05/2019 at 17:27 UTC
1 upvotes, 0 direct replies
Compute the hash of the passwords in the breach dataset to see if they match?
Comment by port53 at 06/05/2019 at 18:33 UTC
1 upvotes, 0 direct replies
PM me your passwords and I'll be able to tell you if they're on my list.
Comment by MadMathmatician at 06/05/2019 at 18:21 UTC
1 upvotes, 0 direct replies
You can check for yourself, also.
Comment by helmet098 at 07/05/2019 at 15:22 UTC
1 upvotes, 1 direct replies
My password is "BanaNa77!” is it secure?
Comment by Joecracko at 06/05/2019 at 17:32 UTC
0 upvotes, 0 direct replies
I'm guessing that /u/vikinick's concern is whether or not Reddit knows our passwords. If Reddit is storing passwords correctly, then Reddit should only be storing the hash (irreversible digital signature) of our passwords. Passwords should never ever be stored in plain text.
How could Reddit compare our passwords to a 3rd party dataset if they were storing our passwords properly in the irreversibly hashed form? I can think of a way, so this is probably a non-issue.
Comment by fullmetaljackass at 06/05/2019 at 18:12 UTC
0 upvotes, 1 direct replies
Send me your password (in a PM obviously.) I'll look it up for you in my database and let you know if your account has been breached.
Comment by shiruken at 06/05/2019 at 18:39 UTC
1 upvotes, 0 direct replies
hunter2
Comment by disso-psych0 at 06/05/2019 at 17:15 UTC
1 upvotes, 0 direct replies
Agreed