[ALERT] Change Your Passwords... NOW

Glad I use linux.

EDITOR'S NOTE: Regardless of your operating system choice, if your email address and password is compromised, you could be in a world of trouble.

I think what @Radner is trying to say is that he feels that Linux machines are [more] secure!
That is what the Apple users used to say about their beloved OperatingSystem; until they started getting jacked!
So, it appears as though security awareness and protection is not necessarily AND solely dependent on the type of OS being used.
Throwing the baby out with the bathwater is too much to ask of users, whereas Mr. Bob Rankin's great advice may be a better alternative for credentials security!

Unix variations and MacOS were "security through obscurity". Some black hats used the "that's where the money is" reasoning to only attack Windows but that left many insecure systems using the obscure software very complacent.
Complacency makes for easy targets.

I can only hope all the people @ Kaspersky, Malwarebytes, Bitdefender et al are aware of this threat are doing something about it. Steve

I'm in the same boat as misterfish—I have a similar bunch of passwords; changing them is a headache. But I've got a pretty good system to accomplish it. A password manager would make it simpler, but I'm concerned about the life span of the company that offers the service. If they fold, what happens? I haven't been able to find a clear answer to that. So, for now, they are homemade.

I also saw an article [was it here?] that said passwords are out-of-date, one should use a LONG phrase as a password. Maybe a good idea, but hardly any systems I access will take such a long password....

@John Anderson,
(re: lifespan of offerings)
Most users of password managers have their own favorites. I have been using the open source (free) software called Keepass for the past 13 years with over 480 individual entries for all my credentials, even the way-expired ones.
If you use the following search queries at wikipedia.com, it will allow you see the list/comparison of all (free/pay) password managers.
"List of password managers" and
"Comparison of password managers"

I use a password lock from Avast to secure my passwords ?

I just ran my email address thru "have I been pwned" and they say I'm not on any list of compromised accts.

Here are some things I do or avoid doing:

I get tons of girlie come-ons but I never click on links. You can get plenty of free pictures of nude women on the internet so why even open those? Some said they saw my picture on Facebook and I'm cute so they would like to have sex with me tonight. I answered I have no Facebook account nor is my picture anywhere on the internet. But I'm sure you'll find somebody to copulate with. Happy Trails! (The email got bounced right back as undeliverable.)

I never open attachments if a link is the sole message of an email and never if I don't know the sender or smell something, like if their acct may have been taken over. I have received several "I'm stranded in [name of country] and I need money to get out! Please send some!" from people I have corresponded with. One such guy couldn't walk 100 ft, let alone gallivant to Holland.

The Yahoo spam program filters out only sex ads, but sometimes genuine emails.

I correspond widely and sometimes prowl in bad neighborhoods. I have Avast, Comodo and Malwarebytes and I never click on suspect links.
Seems like that may be enough.

I have two factor p/w on two banks so they send a code to my cell phone. Even if hacked, they cannot access my phone number. But I'm really disappointed so many gigantic financial institutions don't offer it.

One's entire savings, investments, funds, CD's, etc., are vulnerable to a relatively simple hack.

I've asked these financial places, "Why not?" and they naively believe they are safe from hackers.

I then asked, "Why not have 2 factor ID when taking money out?" No replies.

Thanks yet again, Bob. Although I don't open suspicious attachments, one of my email address has been pwned (but no pastes). I used the free Dashlane password manager program and also use Senders™ to "untrack" emails. Would the Senders untracker find and remove the Onliner tracker?

Regarding two-factor authentication: I don't have a cell phone, which is the only option some sites offer. Bummer. So I rely on Dashlane's password generator to create strong passwords for me.

I read an article from an intelligence oriented magazine that the FBI recommends not using Kaspersky.

It always made me smile when non-Windows operating system users appeared smug about how much safer their systems are. The common misunderstanding is not that the operating system is safer, it's that spammers (& the like) usually target the most popular operating system, thus propagating the highest number of victims. Theses days, any operating system is at risk, not just Windows.

I saw one post from a user who has KeePass. I have been using this program from v. 1.something. It's great and you can build a password that even a government system will take. I have two of my emails on this list and one I have had compromised many times by different users. I have a strong password on it now and have culled down most of the junk from them.
On another subject, I tried Kaspersky AV for a little while and it disabled my Windows updates. So I'm back with Avast.

Bob,
When I click the link in your article, it says Malwarebytes was was compromised and hacked?
Are you kidding me???

My Yahoo "pwned/but no pastes"p; but my Hushmail inviolate. More secure than the big 5 email platforms since Hushmail encrypts from you to email server (and no unstable JAVA), Hushmail's ad-free, faster, and other benefits made me glad USSA's infamously invasive NSA PRZM overtaking the big 5 email platforms pushed me to find best alternative at least fee (plus promo code) so worth it that I regret not making the switch sooner.(Tried Opera but swamped me in junk and hogged my laptop.)

I purchased a Mac in '99' because I was told that it was more secure than an IBM. Within 3 months I was infected with a replicating virus that made e-mail impossible. The tech that cleared up my machine told me that the virus snuk in through the e-mail server. So nothing is safe, unless you keep it safe by not opening crap and changing passwords.

Spot on as usual, Bob. I was notified by Have I Been Pwned a few days ago. Today, lo and behold, an unsolicited email from Santander bank with attached 'Important Documents' pops up! What a surprise! Never had any dealings with Santander, so this is going straight in the bin, untouched! But thanks for the timely warning - I'll be re-setting a few crucial passwords immediately, and trawl through the rest over the next few days.

Given your link in the last Geekly Update to an article about 2-factor security breaches, this is not necessarily THE ANSWER to all security worries. That article pointed out the sheer perseverance of some hackers. They'll spend hours trying to break in to what they believe is a valuable account. So we have to be just as persistent in fighting back: good security software, strong and unique passwords which are changed frequently, and lots of skepticism about emails from anyone.

Don't let fear that a password manager might go out of business be your excuse for not using one! Use one that allows you to print out your passwords. "Print" to PDF, then put the file on a thumb drive and hide it--under insulation in your attic, if you're that paranoid. Or lock it in your home safe or bank safe deposit box. (You can encrypt it.)

You'll be safer overall that way than if you reuse simple passwords.

It is getting to the Point, that the Only Thing that One can do on the Internet, is just ''Research''!!!
I keep getting Messages from Legitimate Computer Geeks, and they keep saying Change Your Password, well it is really hard to Remember so many Passwords for every App. or whatever. I think eventually, I will probably go back to sending a Letter the old fashion way, and that is with a Stamp!