|
#1
|
|||
|
|||
I work in Cybersecurity as well and what I tell friends/family/co-workers is:
- Use a password manager - Have it create and store the passwords for you (15 characters minimum but the more the better) - DO NOT use the same password for multiple accounts/services - Make sure ALL accounts/services are setup for multi-factor authentication - Your email password should be the STRONGEST password (because if hackers can into your email they can often reset passwords for all other accounts/services since most people do not use multi-factor authentication) - Your password manager should have your second strongest password - Write your eMail and Password Manger passwords on an index card (yes, I mean paper) and store them safely some place in your home. DO NOT save them anywhere else. Many commercial password managers can be (or have been) broken. Nothing is perfect. The safest method is to keep everything on paper, locked away at home, and never share with anyone. Multi-factor authentication is not perfect. Hackers have found interesting ways to get around it (i.e. they can clone your mobile number to receive the multi-factor code you need to authorize yourself to a system after entering the password they have been able to figure out or steal from you). The point is, most hackers are lazy so if you use a few different methods to protect yourself, hackers will move on and try to terrorize another person who may not have safeguards in place. Be careful out there. |
#2
|
|||
|
|||
Quote:
|
#3
|
||||
|
||||
any recs for a password manager from someone in the industry?
Quote:
__________________
Be the Reason Others Succeed |
#4
|
|||
|
|||
Any good system shouldn’t be particularly vulnerable to credential stuffing and brute force attacks. It should detect that and insert delays or completely reject the requests after a small number of guesses.
Those attacks work well if the hacker has already breached the system and dumped databases and the database is storing passwords in a poor or well known way. “Capture the password file” is a great first step in any kind of breach so of course a look work goes into making that hard. |
#5
|
|||
|
|||
Just wanted to reiterate what has been said (and is just as important as using strong passwords):
Use different passwords on every account. Last edited by VeloceNiente; 04-20-2024 at 04:04 PM. |
#6
|
|||
|
|||
You must mean every account. Every login would be nuts.
|
#7
|
|||
|
|||
I meant the noun form of ‘login’, but ‘account’ is clearer. Edited.
|
#8
|
||||
|
||||
funny enough, after reading this thread I went and changed my BoA credit card password to a random one from the Apple/Chrome extension password generator.. went for a ride, came back and just got a text that my card had a charge that had been declined for suspicious activity.. coincidence I'm sure, but just a little funny.. went through the process to get two charges taken off and and new card and changed my password once again.. I assume it was from a skimmer or something similar and not an account hack..
__________________
Be the Reason Others Succeed |
#9
|
|||
|
|||
Help request from the more informed--If you have to be the home IT guy for the family (read: wife) and pick a secure but easy to manage option for phone/computer (Apple based) system, would you choose 1password vs Bitwarden vs going all in on Apple Keychain/iCloud? Or any other options to consider?
|
|
|