Slack

"When those invitations went out... somehow, your password hash went out with them."

This will help well-informed users to judge for themselves how likely it is that their stolen hashes might have been cracked in the time available to attackers so far. In the unfortunate event that your password database gets breached, you will be able to give your customers precise details of the algorithm and the security settings you used. - If you’re a Slack user, you might as well reset your password even if you weren’t notified by the company to do so. These codes are typically sent to (or generated by) your mobile phone, and are valid only for a few minutes each. A password manager can remember a random, 20-character password as easily as you can remember your cat’s name. 2FA, or two-factor authentication, means that you need not only your password to login, but also a one-time code that changes every time. “Most recipients wouldn’t have noticed that the data they received included any hashed password information, because that information, although included in the network packets sent, was never deliberately displayed to them. (They’d need a brand new hashlist, or a unique set of rainbow tables, for every possible salt.) A password manager helps topick proper passwords, thus ensuring that your password ends up very, very far down the list of passwords that might get cracked in an incident like this. When a company admits it has been careless with its password database by leaking hashes, especially over such a long period, you might as well assume that yours was affected, even if the company thinks it wasn’t. As soon as you change your password, you make the old hash useless to attackers. Stretching is a jargon term that means repeating the password hashing process over and over again, for example, 100,000 times, in order to extend the time needed to try out a bunch of dictionary words against known password hashes. And by including a per-user salt, which doesn’t need to be secret, merely unique to each user, you ensure that even if two users choose the same password, they won’t end up with the same password hash.

Jack Wallen shows you how easy it is to add Google Calendar integration into a Slack Workspace.

In the resulting window (Figure 6), you can easily create an event by selecting a date and clicking Create Event. If you don't have those privileges, you'll have to request the installation from your Slack admin. By adding the app to Slack, you can enjoy the following additional features: For those who depend on both Slack and Google Calendar, this is a must-have integration. Slack is my go-to app for communication and collaboration. Given that, why not combine the two?

Emails sent to a number of Slack users about their account password being reset are genuine, with the work communications app's developers doing so after ...

Slack is confident that no users were negatively affected by the bug, as the hashed password wasn't visible in the Slack client itself, and required active monitoring of encrypted network traffic to pick up. When users created or revoked a shared invitation link for their workspace, Slack sent a hashed version of the user's password to other workspace users. Explained in a blog post, Slack notified approximately 0.5% of its user base that the company had reset passwords on August 4, responding to a bug.

The business communications platform has reset the passwords of accounts belonging to a small proportion of its users.

That way, you'll have a lot less to worry about. Slack says that, despite this, some hashed passwords can still be brute forced, and this justified the enforced password resetting. This is often how an individual's whole network of online accounts is compromised quickly. Twitter claims to be spreading the word because it is... With password managers, all you need to remember is your master pass key, rather than loads of different passwords, which will be safely secured and stored instead. Twitter claims to be spreading the word because it is...