Security consultant needed
![[Post New]](/jforum/templates/default/images/icon_minipost_new.gif){kind=icon}
Anonymous
Just follow what this person is saying, OP. And please don't worry too much. The notion that passwords are getting hacked right and left is wrong. What you don't want is to consult your bank account on a shared computer at work or in a public space. You don't want to use public wifi at all for that. Consult at home on your personal computer. Banks usually have a passcode texted to your phone to help you log in. The rest is pretty small potatoes compared to your money. Nobody's going to care that you have hemorrhoids if they hack your medical data. So what you need to do is stop panicking and realize that in life, only a very few passwords are actually important. For the rest, pick a phrase like "Ih@tepasswords". Use it for everything. |
Anonymous
Lastpass (or Bitwarden or any other good password manager) is fine. If you are really paranoid, don't put entire passwords into it. Have a standard prefix or suffix that you remember that you add to every password and don't put that into the password manager. That would make it much harder for someone with access to the password manager to compromise your accounts. And, of course, keep the master password safe. I don't have an opinion on using cell phones for banking. I don't personally like the idea and don't do it, but I haven't investiaged the security implications. Work wi-fi is OK if it's authenticated (either with a pre-shared key or login (802.1x)). Public (unauthenticated) wi-fi is generally kind of scary, and I would recommend against it for sensitive stuff like banking. It makes a man-in-the-middle attack pretty easy. No doubt this happens all the time in places like airports and hotels. In general, I recommend using web sites rather than apps from mobile devices. Apps can collect things like location data that web sites can't, and many app owners will sell these data for revenue. It might be "anonymized," but probably no one else in the world has the same travel/location patterns as OP, and it would be pretty easy to identify the person based upon movement patterns If this were to be compromised, it could be very useful for someone who wanted to, say, rob the house of a particular person. This is where being a high-value target matters. A truly high-value target or paranoid person probably shouldn't be carrying a mobile device at all (or should be using a disposable one and replacing it regularly and changing the number). Location data are very useful for nefarious activities. Same for things like purchasing transactions. Use cash rather than credit/debit cards when possible for in-person transactions to avoid revealing your location. If I had a list of all of your in-person purchases for a week, I could probably pretty easily find out who you are, where you live, where you work, what you like to eat, what your hobbies are, and other sundry details of your life. This would be useful information to the criminal-minded. This may sound super-paranoid, but credit-card data breaches are not all that uncommon. |
Anonymous
| Password managers are only beneficial if it means you are using strong unique passwords for each site. I know too many people who use a password manager but still use their main gmail email as their username and password123! for all their sites. |
Anonymous
|
Log in to Google Visit Security Checkup https://myaccount.google.com/intro/security-checkup?hl=en-US Change all your passwords to Google's "Chooses Strong Password" from the menu where you type your new password. Auto fill passwords from Google. |
Anonymous
OK, you will probably all roll your eyes and laugh at me but I'll ask anyhow. I clicked the above security checkup and was told I had a bunch of reused passwords and compromised passwords. How does Google know what my passwords are? Also -- I"m not really paranoid or concerned about being hacked. I'm more concerned with being shut out of my accounts because I forget a password and can't reset it. I feel like right now, everything is one precarious house of cards and it works for the moment, but when it stops working my whole "online life" will come crashing down, lising the ability to access things like FAFSA, my IRS account, my bank account, my various state retirement accounts, etc. |