I wouldn't trust a separate company to manage my passwords.
Are they legitimate?
What if they go bust and their server is taken offline as a result - then I can't access anything.
Yes even MD5 encryption has been hacked - when I ran a small forum I tried an external website which would read out the password. I took the encrypted password from the MySQL database and it worked. Even then you could be really naughty and modify the PHP code to remove the encryption if you can't be bothered to work around it.
Not that you need to do that if you're a mod or admin, you can change the password yourself and of course ban people.
Depends on how much personal data you need to store, but for example I have around 12Gb of photos and for reasons I'd better not go into some are very important to me had I not backed them up.
I was advising someone on here a while back on the same topic about backing up their data .. then realised I wasn't doing the same. The old saying of "Practise what you preach"
Already got a Blu-Ray burner on the PC, never used it. Got blank discs, so I tried my first Blu Ray burn of the time. There is free software to do it, which works well.
I need to burn a few more copies of the photos and leave them at different locations just in case.
You only have to look back to the previous page to find the thread I started after receiving a very similar email https://community.plus.net/t5/Tech-Help-Software-Hardware-etc/Sextortion-Email/td-p/1576131 . As in this instance, the sextortion email correctly quoted an old password of mine. I had used this password for access to the Daniweb website and I think it most likely that that is where it came from.
Thanks to everyone who has contributed to this post for your advice. It really has reduced my stress levels I checked https://haveibeenpwned.com/ and found my email there! The password used in the scam email is a very old one. I have been through my LassPass account and removed the two instances I found of it.
Many thanks for your support
No worries @GaryWilliams glad to see see you stress levels are returning to normal now
As they've told you your password sounds like a site you've used before has either been hacked externally, or it could even had been an inside job. Some disgruntled employee left and nicked the contents. I keep an open mind on these things.
You'll probably never know where and how they did it. The company will keep it hidden, hardly good PR for them is it if the news were made public?
With so many sites requiring a login nowadays it is a nightmare and I would use a separate password for each one and keep a record.
My domain company had been hacked (and again asked me to change my password), could have been an inside or outside job. Turned out the passwords were stored in their databases unencrypted and it got leaked.
Then of course you might have a malware keylogger on your local machine.