JavaScript is disabled
Our website requires JavaScript to function properly. For a better experience, please enable JavaScript in your browser settings before proceeding.

  • Join the #1 community for gun owners of the Northwest

    We believe the 2nd Amendment is best defended through grass-roots organization, education, and advocacy centered around individual gun owners. It is our mission to encourage, organize, and support these efforts throughout Oregon, Washington, Idaho, Montana, and Wyoming.

    Free Membership Benefits

    • Fewer banner ads
    • Buy, sell, and trade in our classified section
    • Discuss firearms and all aspects of firearm ownership
    • Join others in organizing against anti-gun legislation
    • Find nearby gun shops, ranges, training, and other resources
    • Discover free outdoor shooting areas
    • Stay up to date on firearm-related events
    • Share photos and video with other members
    • ...and much more!

Received a message from NWFA (I think) instructing me to change my password. Is this legit?

This is a question thread. Use the up arrow to the right of good answers to upvote. Answers with more votes appear higher on the list.
teflon6string

teflon6string

Forest Groove
Bronze Supporter
Messages
6,745
Reactions
21,495
Received this message in my inbox:
"Our security check indicates your password is known to be compromised due to data breaches on other websites.
Please change your password now. See this topic in our Help Center for more information."


Is this a real message from NWFA?
Are other members getting it too?
Looks legit, but before I enter my password to change my password...
Read More
 
Sort by date Sort by votes
It looks to me like NWFA received a list of passwords that are known to be compromised on various other sites, and mine matches one on that list. Easy enough to change, and I should.

I'm just curious if the warning I got was actually from NWFA - or some oxygen bandit.

Is there a particular Mod to whom I should address this directly?
 
Upvote 0
Yep, it's legit, and good on you for checking -- there's a ton of scams out there these days :(

teflon6string said:
It looks to me like NWFA received a list of passwords that are known to be compromised on various other sites, and mine matches one on that list. Easy enough to change, and I should.
Click to expand...
This is exactly how it works. This service collects passwords found in data breaches. Our software (securely) checks member passwords against this database of known compromised passwords, and you get that notification if your password here matches one in the database. Obviously if you use that password anywhere else, it should be changed there also.

To be clear, your password was not compromised on our website, but through data breaches on other websites. We simply check them against a list of known compromised passwords to increase security for our members :)
 
Upvote 0
If you change your password, do NOT do it by clicking on a link in the email that "supposedly" takes you to the website to make the change.

Close out the email, open a browser and go to the website directly (NOT by clicking the link in the email).

Then login manually, change your password following the website's protocol.

Using the email link puts you at risk of having your keystrokes logged by a javascript or other spyware.
 
Upvote 1
Joe Link said:
Yep, it's legit, and good on you for checking -- there's a ton of scams out there these days :(


This is exactly how it works. This service collects passwords found in data breaches. Our software (securely) checks member passwords against this database of known compromised passwords, and you get that notification if your password here matches one in the database. Obviously if you use that password anywhere else, it should be changed there also.

To be clear, your password was not compromised on our website, but through data breaches on other websites. We simply check them against a list of known compromised passwords to increase security for our members :)
Click to expand...
Thank you Joe, for doing this for the members.
 
Upvote 0
washagonian said:
If you change your password, do NOT do it by clicking on a link in the email that "supposedly" takes you to the website to make the change.

Close out the email, open a browser and go to the website directly (NOT by clicking the link in the email).

Then login manually, change your password following the website's protocol.

Using the email link puts you at risk of having your keystrokes logged by a javascript or other spyware.
Click to expand...
Incredibly important.
So much that NWFA should revise their PM to remove any hotlinks and direct users to change their passwords manually. That assures phishing attacks are thwarted and is a final litmus test for authentic PMs from NWFA.... would never ask for info or send hotlinks asking for info (password changes).


Password changes should always be done manually from a separate browser tab.
 
Last Edited:
Upvote 0
And stop using identical passwords across services. Each should be unique and shouldn't even be words, 12+ character combinations of mixed letters, numerals and symbols are best. If you MUST use a rememberable word, a phrase is much better, such as "Stomp3rgothisNutzkickedbyAndy54H@wken!"

Using a password manager is elemental these days. I personally use a combination of Dashlane and Keepass, but there are a half dozen or so reputable ones out there.

Edit: My apologies to @Andy54Hawken for revealing your password, you may want to change it now. May I suggest; "Nosfer@tuis1stepfr0mBeingB@nn3d"?
 
Last Edited:
Upvote 0
Nosferatu said:
And stop using identical passwords across services. Each should be unique and shouldn't even be words, 12+ character combinations of mixed letters, numerals and symbols are best. If you MUST use a rememberable word, a phrase is much better, such as "Stomp3rgothisNutzkickedbyAndy54H@wken!"

Using a password manager is elemental these days. I personally use a combination of Dashlane and Keepass, but there are a half dozen or so reputable ones out there.

Edit: My apologies to @Andy54Hawken for revealing your password, you may want to change it now. May I suggest; "Nosfer@tuis1stepfr0mBeingB@nn3d"?
Click to expand...
Excellent advice.

Also, if you use Apple products (Mac, iPhone and/or iPad) the built-in Apple password manager is an excellent product. You can easily synchronize your passwords across iCloud (there is no charge for this) so that all of your Apple devices have access to all of your passwords.

If you have a newer MAC with the fingerprint reader, when you go to a site's login page - if the login credentials are already in your Password manager - all you have to do is touch the fingerprint reader and you're automatically logged in.

Maybe too much info - but ..... the fingerprint login is really friggin' kool. 200.gif

TWYLALTR.

Cheers.
 
Upvote 0

Similar threads

RobMa
Is bluemountainsupplyllc legitimate?
Replies
7
Views
239
Yarome
Salps
Ebr works ffl legit?
Replies
18
Views
1K
solv3nt
WAYNO
My Neighbor the Cop Just Sent Me This... This is a Great Neighborhood
Replies
15
Views
940
Benhiatt14
iron_road
Hello, this is me! Happy to be here!
Replies
16
Views
257
JoeA
osprey
Tried to buy some ammo from gunbuyer.com and got this message.
Replies
4
Views
502
Cerberus Group
Sidebar Menu

New Posts

Upcoming Events

M
Oregon Arms Collectors April 2024 Gun Show
Portland, OR
kendraperez
Centralia Gun Show
Centralia, WA
kendraperez
Albany Gun Show
Albany, OR
coltemp
Falcon Gun Show - Classic Gun & Knife Show
Stanwood, WA
PiratePast40
Wes Knodel Gun & Knife Show - Albany
Albany, OR

New Resource Reviews

New Classified Ads

Support Our Community

If our Supporting Vendors don't have what you're looking for, use these links before making a purchase and we will receive a small percentage of the sale
Back Top