Ask HN: How did my GitHub password breach and how to react?
Normally session warnings are business as usual but in this case my password was entered and it was generated by a password manager with high entropy, was only stored in dashlane, 1password and chrome password manager.
A google search for the password had no results and have haveibeenpwned shows no known breach. I have no idea how this could have leaked and what my security status is now. I have some productivity apps on my mac with accessibility permissions to read my clipboard (yippy, zoom, teams, pgp), but i am not sure i have to assume one of these apps is compromised and wipe my whole machine.
Does anyone have any ideas about breaches not in haveibeenpwned or what a reasonable response would be or could chime in what they would do? I know in theory i would need to wipe my machine and then change all my passwords wich would take weeks, but i am not sure this is an overreaction.
1 comment
[ 2.2 ms ] story [ 6.7 ms ] threadmy takeaways:
- non sms 2FA is obligatory everywhere no exception
- password expiration after one year makes sense and can help finding breaches much faster
- applications should have an enforceable field to attach a note to a new session for finding possible breach source or remembering legitimate access that is further in the past
- passwords are stupid and should be replaced in general