Kaspersky
Solved

"your password may have been leaked/compromised, change password"

  • 9 October 2020
  • 8 replies
  • 817 views

The release notes of the latest version of Kaspersky Password Manager confirms it checks for possible password leaks and I have had 2 such reports of different passwords, however I believe they have not been leaked or compromised.

Does anyone know how this report is triggered, what makes it believe/how would they know that a specific password has been leaked/compromised?

I use KPM across different devices and multiple platforms as intended. Surely this wouldn’t trigger the report as if ‘unexpected users’ are logging in?

Maybe it will report for all passwords not changed within a set time period???

Can Kaspersky please reveal this information as it is not in the release notes?

icon

Best answer by Flood and Flood's wife 10 October 2020, 11:37

If I understand those resources correctly, my password has been found on a site that lists leaked passwords which could mean its leaked from my data or by a coincidence someone else has the same password to any site and his data has been leaked. 

 

Hello @KDcyp99,

You’re most welcome:relaxed: !

Thank you:pray_tone3:

Flood:whale: &:whale2:

View original

This topic has been closed for comments

8 replies

Userlevel 7
Badge +9

Hello @KDcyp99

Welcome!

Check for compromised passwords

  • For additional security, Kaspersky Password Manager (KPM) can check whether your passwords have been hacked or leaked.
  • The application uses Secure Hash Algorithm 256 (SHA-256) to check for compromised passwords. The application generates SHA-256 message digests from each password in your vault and compares them with SHA-256 messages from a database of compromised passwords. If the SHA-256 messages match, the application warns you that your password is compromised and you better change it.
  • By default, the check for compromised passwords is enabled.
  • KPM check, for compromised passwords, is only for active entries.
  • If you wish to double check the 2 profiles that are being reported, use Have I been pawned (HIBP) a resource setup for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach - note, the HIBP resource will tell you if there’s been a data breach, however it does not provide a date the breach happened
  • If you’re still unsure, please log a case with Kaspersky Technical Support

Please let us know the outcome?

Thank you:pray_tone3:

Flood:whale: &:whale2:

Userlevel 7
Badge +8

@KDcyp99  Also , please see  this K-Lab article : https://support.kaspersky.com/13898

“Account Check uses the databases from www.haveibeenpwned.com, which are updated regularly.”

Hey Flood and Bernie,

Many thanks for pointing me in the right direction 👍 Much appreciated. I did search for at least 15 minutes obviously in the wrong direction.

If I understand those resources correctly, my password has been found on a site that lists leaked passwords which could mean its leaked from my data or by a coincidence someone else has the same password to any site and his data has been leaked. I guess even with a reasonably random password it’s possible someone has used the same password given that most daily net users probably have more than 100 passwords x the worlds population of net users, that’s not unfeasible.
Of course having received the warning, the simplest and safest course of action is to change the password regardless 😄

 

Userlevel 7
Badge +9

If I understand those resources correctly, my password has been found on a site that lists leaked passwords which could mean its leaked from my data or by a coincidence someone else has the same password to any site and his data has been leaked. 

 

Hello @KDcyp99,

You’re most welcome:relaxed: !

Thank you:pray_tone3:

Flood:whale: &:whale2:

Userlevel 7
Badge +8

@KDcyp99 Also , please check your  PW on https://password.kaspersky.com 

Userlevel 7
Badge +9

3 Passwords that, with Patch M, KPM is alerting as “weak” checked with Kaspersky password checker

 

 

 

 

:thinking:

 

Issue is in hand with TS. 

Userlevel 7
Badge +8

I can’t reproduce :thinking:

 

 

 

Userlevel 7
Badge +8

For more feedback please go to this :point_right:Topic