tougher to crack
3342793159lljrkllogqjommgrmnkqEFEEFEG1760491840,26 633157771752103232,26612186251785657664,2661218625 1718800,26633157771743714624,26612186253882810190, 26633157771710160192,2633157771701771584,266331577 71659828544,26633157771651439936,26633157771676605 760,26633157771668217152,2661218625

What about Robot Unicorn Attack ?

Thanks for the suggestion - I've changed mine to it. It would be helpful if in the email they gave an example password, as above. I changed mine from "poker" under advice of a friend, but now I hear that "letmein" isn't a good password either. Good job I got this email and checked this thread.

I have two space characters in my username. Will that protect me?

Change one of those letters to lower case and the keyspace is multiplied by (passwordlength)^26 adding a couple of trillion years for bruteforcing it.

... so far.

For being a legitimate email, it couldn't have looked more shady.

Mea culpa. Please suggest a better wording (and, yes, I should not have included the link...at least without a suggestion not to click on it.)

Chuck

I am not believing any persons could, as you say, hack my password.

To celebrate this, and as respected long time member of forums I wish to make you good offer. I am heir to great fortune and wish to share this withh you. Send me many monies and I will send even more back. For reels. Please to be depositing to national bank of Nigeria, account no: 23488834433.

As long as one isn't stupid enough to use the same passwords for many accounts ... however, just use http://****************/projects/keep...urce=directory to be on the safe and comfortable side. It's annoying to remember many different passwords and kind of tedious to type them in.

With some serious computing power, to crack the password "weakpassword" one would need about 11.22 seconds to bruteforce/dictionary it.
If you just change it to "w3akPallword" it would be about 102.30 years to crack it.

Definitely, Keepass FTW.

How does Keepass deal with multiple PC's?

The only thing that got me coming here to check whether anyone else had reported a scam was the link contained in the email. Without that there wouldn't have been a problem.

basic email was fine. Just replace the link with instructions on getting to the password change screen; i.e. login to your 2plus2 account, click on "My 2+2", etc.

It's standard practice to NEVER EVER click on emailed links.

Simply open your browser and go to the site MANUALLY (or with your standard bookmark or favorites link) and proceed from there.

In the rare case I get an email that convinces me to go buy something, I always use this method, even when it's obviously a legitimate email, like a sales alert from a store's site. This way, they don't start thinking those emails they send to me actually work, and send me even more of em. Email links always have "extra stuff" attached, even the legitimate ones, to provide the site with feedback on your habits. The 2p2 email obv didn't have any of that extra stuff, but just make it a habit to never click email links and you've already avoided almost all potential problems.

Your first number is way too long. And your second number is waaaaaaaaaaaay too long. Crackers would find "w3akPallword" within minutes (if not faster) on regular equipment, since it's just dictionary words with very common substitutions. The only really good passwords are the random gibberish strings.

I think the other thing I might change about the e-mail is that instead of saying "change your password" (which sort of implies you know something about the password, and also sort of looks like you might somehow be phishing), you might say "change you password IF it's weak (and by the way, probably change it now and then regardless)." And maybe a disclaimer about how 2p2 wll never ask for your password, yadda yadda — not strictly relevant in this case, but usually included in genuine e-mails about this sort of thing.

But inclusion of the link was the bigger issue.

fwiw, I isn't think it was awful. But it could have been improved.

So if you're fairly confident in your password, you don't have to change it?

I use it with my desktop and my laptop; I just copied the database from one to the other. I don't add to or change the entries very often, so I haven't really needed to sync them, but I don't think setting that up should be too difficult. Alternatively, you can set it up on a USB key so you don't even have to install the software on a second computer - just use the USB key.

Correct, but please make sure you have very good reason to be confident. If you're using the same password in a bunch of different places, you should change it. If it's something that could be guessed, change it. If it's fairly simple, change it.

Mine is randomly generated by Keepass, is unique to this site, and looks something like !jqre&7*9+m:cFxT*'Sv, so I have no plans to change mine.

QFT - I also came here to check it out.

I did not get said email, for the record.

So, has the database been leaked?

I mean, bots will try to login every day. Why the big emergency?

glad to know it's solid

I apparently have a second account on 2p2 (did not know this), and my second one came hours after the first. So, maybe there's a clog in some tubes or something. Also, spam folder?

I thought this had all been answered a few times by now, but perhaps not.

No, nothing has been leaked.

Multiple people have complained about receiving emails in the last couple of days about numerous failed login attempts on their accounts. Also, we've had several cases of previously dormant accounts scamming or attempting to scam people in transfer threads and other places. We've been able to log in to some of those accounts with a couple guesses like "password" and "123456".

Nothing remotely close to this widespread a problem has occurred here before, thus the sense of urgency.