Getting a password manager was one of the best security decisions I’ve ever made. That and setting up 2FA on as many accounts as possible.
In the event that somebody would demand my Facebook password, I’d have to tell them that I don’t know because I actually don’t know it. It’s just a long random string of digits, letters, and symbols.
I do the same. It’s a couple hours to setup and change all your passwords but once done it’s easy and makes you infinitely more secure. At an absolute minimum, people should do this for all financial and sensitive accounts. My passwords are all long strings of random digits now which are basically impossible to hack.
Oh they are very much possible. It’s just that so many other people choose terrible passwords and make themselves easier targets than you.
The crazy thing it’s really easy to make a secure password if you don’t want to use a password manager. Just use a few common words strung together that mean something to you but are not related. Something like PaulPokerArubaFord is very secure and easy to remember.
Exactly.
If people begin to view a password as a passphrase, people will become way more secure.
Old people generally won’t bother. I tried to push my mother to get a password manager and showed her how to use it but she was confused by how it worked and refused to use it.
Problem is so many social media sites and even other places are using phone numbers for security.
One real issue is phone numbers being spoofed to gain access to accounts. This is a real thing. Not that long ago huge amounts of crypto currency were stolen this way.
If any place you go to uses your phone number / text messages for security you do not want your name tied to your phone number. It’s a big issue.
Undoubtedly some people on target lists just became massively more vulnerable because criminals now have their phone number to go with their other information.
Any time we are assigned a unique number for something and then that number is used for security purposes it leaves us vulnerable. Social security numbers, phone numbers.
Two factor authentication, account recovery mechanisms are regularly tied to our phone numbers and text messaging.
How does someone knowing my phone number weaken this? The 2FA confirmation is still coming to my phone.
Because they can receive and send and send sms messages as you. They will have a bot instantly log in and change your password.
I guess if you see it right away and act immediately you might have a chance. But if it is your Bitcoin wallet or something it’s likely drained before you can do anything about it.
Solution is to use an Authenticator app like Google.
The authentication gets sent to your SIM card afaik through your phone number. Unless they got a SIM card and registered the same phone number as yours then they wouldn’t be able to use 2FA.
Anyway, you could always use an app as an authenticator.
Thanks.
I read an article about this recently and it also seems to be mostly a US problem where it is fairly easy to make that switch. The telecom companies do not actually verify who is making the request.
Remembering passwords has no effect on 2FA because they are independent of each other. It‘s less safe if you don‘t have 2FA and someone can get physical access to your computer. It has the advantage that it protects against key loggers AFAIK.
That just means you do not have 2FA for these devices. If you also remember the password on those devices or they get your password, and someone gets physical access they also have access to your accounts. This can still be safe for your home computer but not recommended for mobile devices or computers that others can access.
For high value accounts you should always use 2FA.
absolutely fine. the attack vector that 2FA protects against is hackers getting into your account remotely by either guessing your password or getting it through some sort of database hack.
https://www.tandfonline.com/doi/full/10.1080/03007995.2021.1901679
Those who used Facebook as an additional source of news in any way were less likely to answer COVID-19 questions correctly than those who did not
Because let’s be honest. That isn’t an “additional” source of news for those people. It’s the source of news.