I got a message saying my password appeared in a data leak. Why anyone would want access to my choice of go moves, I don’t know.
Anyway, I want to change my password, and I don’t understand the procedure.
I got to Setting, Account Settings, and I get a screen with two blank lines for Password and Password, again. I put in a new password twice, and get a message saying “input current password”. Neither my new password nor my old password work.
I reversed the process. I put my old password in the two blank lines, and again neither my new nor my old password work when it asks me for my current password.
Please tell me what to do.
When I go to the OGS website, I get to my home page, so somehow I am signed in.
I am unaware of any data leak on OGS, are you sure it was regarding online-go.com and not another provider? can you please forward me the data leak email or whatever you received @pstraus? anoek@online-go.com
To answer your question on how to change your password, head to Play Go at online-go.com! | OGS and you can change it there.
Beware of phishing. If a scammer got your OGS password, and if you use the same username/password on some more important sites, you should change the other passwords ASAP.
Just to note here to reassure folks, we do not store passwords in a way that anyone could decrypt even if an attacker had full access to the database. For the crypto nerds out there we use django’s default password storage system which is PBKDF2 - Wikipedia so basically there’s no way to reverse a password, one would have to brute force guess passwords to discover them, and doing that is very computationally expensive.
Again, I have no reason to believe anything has been compromised, but even if they did, it wouldn’t be a big deal - my current suspicion is @pstraus re-used the password on another site that was compromised, or had some malicious software running that captured all login and passwords, but without more information it’s all speculation and guesswork.
Do you use Google chrome? I believe it had a feature which checks for username and password (and it has access to the plaintext) combinations when you enter them in login boxes against a list of leaked and cracked passwords, warning you if it finds a match. So if you used the same username and password combination on OGS as some other site which was compromised you get warned.
P.S I didn’t know OGS uses django, I do too in my job.
