这是一个创建于 1075 天前的主题,其中的信息可能已经有所发展或是发生改变。
建议我改密码
我用 Edge 浏览器保存站点账号密码,应该是从这点拿到数据的
感觉心里有点不爽
第 1 条附言 2022-11-01 05:35:15 +08:00
Hey netnr!
We have determined that you are accessing GitHub with a password that is in a list of passwords commonly used on other websites.
Visit https://github.com/settings/security to create a new, strong password for your GitHub account. To keep your account secure you will be required to change your password before you can continue to use GitHub.
If you have already changed your password, no further action is required.
For more information on creating a strong password, visit https://docs.github.com/articles/creating-a-strong-password/.
To see this and other security events for your account, visit https://github.com/settings/security-log
If you run into problems, please contact support by visiting https://github.com/contact
Thanks,
The GitHub Team
---
也有可能是其它地方密码泄露提示出来的,跟 #3 想法一样
浏览器或其它密码管理器都须明文存储,就看信任哪个
We have determined that you are accessing GitHub with a password that is in a list of passwords commonly used on other websites.
Visit https://github.com/settings/security to create a new, strong password for your GitHub account. To keep your account secure you will be required to change your password before you can continue to use GitHub.
If you have already changed your password, no further action is required.
For more information on creating a strong password, visit https://docs.github.com/articles/creating-a-strong-password/.
To see this and other security events for your account, visit https://github.com/settings/security-log
If you run into problems, please contact support by visiting https://github.com/contact
Thanks,
The GitHub Team
---
也有可能是其它地方密码泄露提示出来的,跟 #3 想法一样
浏览器或其它密码管理器都须明文存储,就看信任哪个
 | 1 zmxnv123 2022-10-31 19:04:20 +08:00  3 我觉得是某些网站密码泄露,github 碰撞后得知用了相同的密码。 |
 | 2 thedrwu 2022-10-31 19:05:58 +08:00 via Android 估计是其他地方泄露了明文,github 试着算了它自己库里的加盐 hash 发现能符合 |
 | 3 yjim 2022-10-31 19:13:36 +08:00 1 |
 | 4 noe132 2022-10-31 20:16:36 +08:00 1 如果网站能获取浏览器中保存的别的网站的密码,你的第一反应只是有点不爽而不是这个浏览器不能再用了? |
 | 5 mxT52CRuqR6o5 2022-10-31 20:18:26 +08:00 所以原始邮件的具体描述能发出来看一下吗 |
 | 6 Aloento 2022-10-31 20:24:41 +08:00 别人好心提醒你呢你还不爽了((( |
 | 7 zbinlin 2022-10-31 21:11:57 +08:00 是不是的? |
 | 8 codingBug 2022-11-01 02:22:36 +08:00 via Android 不都是微软的嘛? |
 | 9 ZeroClover 2022-11-01 05:59:42 +08:00 常用密码列表,楼主这个都看不懂了? |
 | 10 Eshin 2022-11-01 08:29:37 +08:00 你理解了。 “that is in a list of passwords commonly used on other websites.”不是指你的密。 |
 | 11 netnr OP 所以应该怎么理解,看不懂英文,翻译了解大意的 |
 | 13 darkengine 2022-11-01 09:19:00 +08:00 不可能从你 Edge 浏览器拿的,万一出问题了责任多大。 估计是你的 github 密码跟外边其他网站泄露的社工库对比之后得出的结论。 |
 | 14 yaoyaomoe 2022-11-01 09:39:46 +08:00 via iPhone 你的密码是和其他网站的泄漏常见密码列表相同了,不是说和你自己的其他网站密码一样…… 为了防止密码词典破解 /密码泄漏的库所以 github 来提醒你换密码不能登录了…… |
| 15 netnr OP 其实我密码很久没改了,各站点密码大多数一样,是不是意味着最近有其它站点泄漏了密码 |
| 16 netnr OP 我在 https://monitor.firefox.com/ 查邮箱,有 2017 年优酷密码泄漏,难道是以前泄漏的最近才加上提示,或是最近有新泄漏的还没公布 |
 | 17 krixaar 2022-11-01 10:01:55 +08:00 @netnr #15 就是用委婉的方式说你密码弱……打个比方你的密码是 Password123 ,明摆着这个密码普遍存在于公开的密码泄露数据库中,甚至可能看这个帖子的都会突然发现自己用过,然后 GitHub 发现你的 hash 和这个密码的 hash 一致,但是 Email 不一致,就会提醒你去改一下,如果都一致了那登录时候直接强行让你改了。 |
 | 18 plodderales0o 2022-11-01 10:30:20 +08:00 跟社工库的密码对比啊,怎么可能从 edge 拿数据。 |
 | 19 sidkang 2022-11-02 09:37:07 +08:00 不爽就不改,who 怕 who |
Select Language