Jump to content
JWTalk - Jehovah's Witnesses Online Community

apple’s password manager gave this alert about jw.org (?)


Recommended Posts

I would encourage you to talk to your congregation's jw.org account administrators-asap. In my case they are the cobe and the secretary.

"there was Jehovah’s word for him, and it went on to say to him: “What is your business here, E·lijah?" To this (Elijah) he said: “I have been absolutely jealous for Jehovah the God of armies"- 1 Kings 19:9, 10 Reference Bible

Ecclesiastes 7:21 "..., do not give your heart to all the words that people may speak," - Reference Bible

Link to comment
Share on other sites

Not a password manager, but I got one similar today on my PC. Screaming red like shouting in my face. No borders on the page, went to task manager, Closed out Chrome and it went away. It said if I called an 888 number they would take care of me and well they would.


Edited by Old

 I am not sying I am Superman, I am only saying that nobody has ever seen Superman  and me in a room together.

Link to comment
Share on other sites

31 minutes ago, Old said:

Screaming red like shouting in my face.

The louder and more bold they are, the more likely it is to be a scam. :coffee:

"If you're not part of the solution, you're part of the problem." (tu)  

All spelling and grammatical errors are for your enjoyment and entertainment only and are copyright Burt, aka Pjdriver.

Link to comment
Share on other sites

37 minutes ago, Friends just call me Ross said:

Seriously, why would anyone hack into

someone's JW.ORG account?

 

I think that alert doesn’t seem to be like it’s saying that someone has hacked into your jw.org account.

 

It’s simply saying that the password you’ve used on your jw.org was found on the list of a leaked, breached “data files,” which, could have been from another secular web sites, or even completely different another users. (who’re may be unrelated to you, or may be related to you.)

 

A genuine password manager provided officially by Apple most likely won’t issue a phishing attack which could potentially cause the company into a trouble.

 

 

Link to comment
Share on other sites

This is likely what you saw. Do not keep using the same password. Get it changed. Its just a warning that the password you use on jw.org is also used elsewhere and that it was compromised in a data breach elsewhere. Your device is not compromised. I believe on the device if you go into settings then passwords you can check if your password has shown up in a data leak somewhere. Something like that.

 

Quote

With the release of iOS 14, Apple has introduced a new feature that warns users when their stored passwords have been compromised in data breaches. iOS includes the Keychain password manager that allows users to save credentials and automatically fill them into login forms on sites and apps.17 Sep 2020

 


Edited by Mykyl
Link to comment
Share on other sites

In any case - you don't need any software or app to "fix" this issue. Regardless if you think this is a "real" warning or a "scam" you can simply log into your jw.org account and change your password.

"Let all things take place decently and by arrangement."
~ 1 Corinthians 14:40 ~

Link to comment
Share on other sites

1 hour ago, Mykyl said:

Its just a warning that the password you use on jw.org is also used elsewhere and that it was compromised in a data breach elsewhere.

that’s what i thought too and so i asked her if the password is unique or reused for any of her other accounts and she said it was unique;  she usually uses the icloud/safari password generator and keychain when she makes accounts. 

Link to comment
Share on other sites

26 minutes ago, Brandon said:

that’s what i thought too and so i asked her if the password is unique or reused for any of her other accounts and she said it was unique;  she usually uses the icloud/safari password generator and keychain when she makes accounts. 

Maybe a bug with a new feature then. I don't know. I just know that there is a new feature. Similar to the google password checkup.

Link to comment
Share on other sites

2 hours ago, Brandon said:

that’s not how phishing... and this isn’t a...  just... no

 

1Password has an explainer: https://haveibeenpwned.com/

It sounds suspect to me. I tried my email address in that site, and it said Oh no — pwned!

 

So I used a password generator to create a brand new, very complex, highly uncrackable password of 50 characters, and changed my email password. That should do it, right? No, it gave me the same Oh no — pwned! as before.

 

How likely is it that a brand new password that could not be cracked by a computer in 1 vigintillion years be cracked within a couple of minutes!? (Yes, that really is a word: vigintillion.)

Link to comment
Share on other sites

12 hours ago, Sheep said:

How likely is it that a brand new password that could not be cracked by a computer

i don’t think you understand how it works... Think: why would changing your password affect whether your email address was previously found in a data leak?

 

the site doesn’t look at your password... obviously 

Link to comment
Share on other sites

3 hours ago, Brandon said:

i don’t think you understand how it works... Think: why would changing your password affect whether your email address was previously found in a data leak?

 

the site doesn’t look at your password... obviously 

You're right. I don't get it.

 

So what can I do since that site says my email address is pwned? Scrap my email address and get another one? According to this, it says to change my password. However that didn't work.

Link to comment
Share on other sites

20 minutes ago, Sheep said:

Scrap my email address and get another one?

 

I think there’s nothing you can do if your email address is contained in a data leak. It’s already an information that someone has managed to grab out previously, and spread out over the internet. The “haveibeenpwned” web site only indexes from that list, and see if your email is in one of them. So changing your password would not be able to remove your address from there.

 

When you input your email address, the “haveibeenpwned” web site should tell you from which web sites your email address has been compromised. (i.e. the source of the data leaks.) Have you checked those?

 

Passwords are only in its encrypted forms, so I think it’s extremely unlikely your raw passwords have been leaked.

 

Link to comment
Share on other sites

10 minutes ago, Hinata said:

 

I think there’s nothing you can do if your email address is contained in a data leak. It’s already an information that someone has managed to grab out previously, and spread out over the internet. The “haveibeenpwned” web site only indexes from that list, and see if your email is in one of them. So changing your password would not be able to remove your address from there.

 

When you input your email address, the “haveibeenpwned” web site should tell you from which web sites your email address has been compromised. (i.e. the source of the data leaks.) Have you checked those?

 

Passwords are only in its encrypted forms, so I think it’s extremely unlikely your raw passwords have been leaked.

Okay. I looked more deeply into that. And I found this...

 

image_2020-10-29_145820.png.ca9687953191a5d359370d72cdee300c.png

 

Bell Canada is indeed my ISP, and they provided my email account. I used to use a different account with Bell Canada, and that one is also reported as pwned. But does any of that tell me anything?

 

The breach was reported in the Globe & Mail...

 


Edited by Sheep

added link
Link to comment
Share on other sites

17 minutes ago, Sheep said:

But does any of that tell me anything?

 

Well, from just looking at that summary, a good guess could be made that the source of your breach has been through that company.

 

The summary and the article isn’t exhaustive, but it seems “geographic locations, IP addresses, . . . survey results, usernames” leaks are from “dating back to 2011 and 2012.” So unless you had participated in that particular survey, such information would not have been leaked. It also doesn’t list passwords, so that is ticked off.


There isn’t much one can do for email addresses, since usually address are permanent. But on the other hand, hackers probably can’t easily compromise your accounts — one which are associated with your email addresses — without passwords.

 

So having a secured password, and keeping a good and clean email inbox — clear spam mails, and regularly check security and other settings with your email and your accounts — would be the best option.

 

Link to comment
Share on other sites

8 minutes ago, Sheep said:

Is that a valid concern?

 

Well if you’re talking about the password manager, then I’m probably not the best person. :) Even I myself don’t use it and don’t intend to. I believe one’s password security can be done manually. (But I do get some help from Google Chrome’s “saved passwords” feature.)

 

A valid concern — maybe. I personally don’t like how everyone is advertising to use their password managers. But that is just what I feel.

 

That wouldn’t mean the password manager itself (as a software) would be bad though.

 


Edited by Hinata
Link to comment
Share on other sites

I use a password manager but I don't put a password in the manager, I just put a hint about the password, so even if someone hacked my password manager, the password hints wouldn't make any sense to them.

CAUTION: The comments above may contain personal opinion, speculation, inaccurate information, sarcasm, wit, satire or humor, let the reader use discernment...:D

 

Link to comment
Share on other sites

Join the conversation with your brothers and sisters!


You can post now, and then we will take you to the membership application. If you are already a member, sign in now to post with your existing account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

About JWTalk.net - Jehovah's Witnesses Online Community

Since 2006, JWTalk has proved to be a well-moderated online community for real Jehovah's Witnesses on the web. However, our community is not an official website of Jehovah's Witnesses. It is not endorsed, sponsored, or maintained by any legal entity used by Jehovah's Witnesses. We are a pro-JW community maintained by brothers and sisters around the world. We expect all community members to be active publishers in their congregations, therefore, please do not apply for membership if you are not currently one of Jehovah's Witnesses.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

JWTalk 23.8.11 (changelog)