c/cybersecurity-tips

My uncle still uses 'Password123' for everything and got mad when I showed him his email was pwned

He looked me dead in the eye at Thanksgiving dinner and said 'well nobody's hacked me yet' while his inbox was flooded with spam from some breach last year. Has anyone else here given up trying to get family to change their passwords?

2 comments

johns18•15h ago

That old router I found in my parents' basement was free after $0 spent on firmware

I dug up a dusty Linksys WRT54G from 2006 at my folks' place last weekend, flashed it with DD-WRT in about 20 minutes, and now my neighbor's Wi-Fi snooping stopped cold has anyone else seen a crazy improvement from junk hardware like that?

2 comments

noahcampbell•16h ago

Unpopular opinion: password rotation policies are actually making things worse

My IT guy at work keeps pushing this policy where we have to change our passwords every 60 days. He says it's standard practice and keeps the hackers out. But after 3 years of this, I keep ending up with passwords like "Winter2024!" or "Fall2023Update" because I can't remember a new complex one every 2 months. I actually ended up writing my password on a sticky note under my keyboard last month, which feels way less secure than just keeping a good one. A buddy of mine in a different company said their security team ditched forced rotations and just uses multi-factor auth instead. So is the old advice about changing passwords constantly actually hurting us by making people lazy with their habits? Has anyone else's workplace had this debate?

2 comments

the_sarah•19h ago

That "use a password manager" tip I kept ignoring finally saved my butt

I always figured remembering passwords was fine, thought password managers were just for paranoid people. Then last month I got a notification that someone tried logging into my email from a random IP in Vietnam. I had used the same password for like 5 sites. Spent a whole afternoon changing everything, then finally downloaded Bitwarden. Should have done this years ago. Has anyone else had a close call that finally made them switch?

2 comments

wade558•1d ago

PSA: That 'free' public WiFi hotspot at the coffee shop nearly stole my bank info

Last week I was at a Brew Haus in downtown Portland, needed to check my balance quick. Jumped on their free network, typed in my bank login, and got an error page. Something felt off so I looked closer at the network name, it was 'Brew_Haus_Free' but with a weird dash. Turns out someone set up a fake hotspot right next to the real one. Stopped at the bank that afternoon and they confirmed someone tried to pull $200 from my account. Has anyone else run into these lookalike WiFi traps around town?

2 comments

jessicamiller•2d ago

2FA text codes get intercepted way too often... switched to an authenticator app 3 months ago

I work at a small real estate office in Austin and we had a phishing scare last quarter where someone spoofed a text from 'our bank' asking for a 2FA code. Turns out SMS codes are pretty easy to intercept with SIM swap tricks. I finally moved our whole team to a Google Authenticator setup for online banking and property management logins. It took me about an hour to get everyone set up on their phones... and now we haven't had any close calls since. Has anyone else ditched SMS codes for something like a hardware key instead?

2 comments

the_anna•3d ago

Lost $200 on a fake VPN service before I learned the real red flags

I signed up for a VPN called SecureShield last month after seeing an ad on social media. It was $200 for a year and I thought I was getting great protection. Turned out the logs were stored on a plain text server and my data got leaked anyway. I wasted time and money and now I'm paranoid about what else is out there. Should we trust cheap VPN deals or just stick with known brands like Proton or Mullvad? Has anyone else fallen for a flashy ad that cost you more than cash?

2 comments

xena_anderson•19d ago

Two-factor authentication skeptics need to see a real breach

I used to think 2FA was just a hassle for no real gain. Then my buddy Dave got his Instagram hacked last spring because he refused to turn it on. The hacker posted crypto scams to his 5,000 followers before he could even log back in. Dave spent 3 weeks dealing with support and lost a bunch of followers who thought he went nuts. I turned on 2FA for my email and gaming accounts that same night. The app takes maybe 10 extra seconds when I log in, which is nothing compared to his headache. Has anyone else seen a friend get burned by skipping basic security like this?

2 comments

-1

tessa_roberts1•22d ago

Found a free tool that saved me from a phishing disaster

I clicked a link in an email that looked like it was from my bank, but something felt off after I entered my password. I used a browser extension called NoScript to check the page source, and sure enough, the form was sending data to a weird Russian domain. It blocked a few scripts from loading, which is why the site looked broken. I changed my password and enabled 2FA on everything within 10 minutes. Has anyone else used a script blocker to catch a fake login page before it was too late?

2 comments

riverp37•23d ago

Starbucks wifi in Denver got me phished last month

I connected to their guest network to check my bank app and woke up to $340 in fraudulent charges the next morning. Anyone know a good way to verify public wifi before logging into sensitive stuff?

2 comments

wrenstone•23d ago

Friend of a friend swore by password managers, but my dad's old method of sticky notes never failed him once in 30 years

I was at a BBQ in Austin last summer and this IT guy kept saying my dad's sticky note system was a security nightmare waiting to happen, but the dude had his whole digital life locked inside one app that got breached twice last year. Which side do you lean on when you've seen both work and fail firsthand?

2 comments

dakota_rivera•24d ago

Unpopular opinion: That $50 'password manager' app I bought was a total waste

I dropped $50 on this fancy password manager called VaultGuard Pro last month thinking it would be the ultimate security fix. But honestly, the free browser-based option I was using before worked just as well and didn't lock me out twice like this one did. Has anyone else tried a paid security tool that just wasn't worth the cash, or am I missing something?

2 comments

hall.ruby•26d ago

Heard a coworker say 2FA is a scam, made me think

Overheard Mark saying SMS 2FA is a honeypot. He read some report about SIM swapping being the real risk. I kinda get it but my Gmail got hit without it. Do you guys use authenticator apps or skip 2FA altogether?

2 comments

fisher.diana•27d ago

Switched from a password manager to plain paper for my most important logins

I used to keep everything in a password manager app on my phone and laptop for about 4 years. Felt super secure until my phone bricked during a software update two months ago and I couldn't access a single account for 6 hours. My brother laughed at me while I was sitting on hold with customer support. So now I write down my top 10 logins for banking, email, and my retirement account on a piece of paper that stays in my fireproof safe. I know it sounds risky but honestly I trust physical theft over digital lockouts now. Has anyone else here gone back to a paper system for critical stuff or am I just being paranoid?

2 comments

johns18•29d ago

My $40 password manager subscription finally paid off last month

I've been paying for Bitwarden Premium for like 4 years now (you know, the $10 a year version) and honestly thought it was just for convenience. But last month when I got that weird login alert from my old Yahoo account, the breach report showed me exactly which sites to change - saved me from a headache I didn't even know was coming. Anyone else have a security tool that felt like a waste until it actually did its job?

2 comments

loganhart•29d ago

Heard a guy at the coffee shop say he clicks every link in spam emails for fun

I was grabbing a latte downtown near 5th Street yesterday and this dude straight up told his friend he opens random links from Nigerian prince emails just to see what happens. Like is that a game to you or do you actually want your identity stolen? Took everything in me not to pull up a chair and explain basic phishing 101 to a grown man who should know better. Has anyone else overheard some truly reckless cybersecurity habits in the wild?

2 comments

rose_hart31•29d ago

Is using the same password for everything really that bad?

I keep seeing people argue that a strong single password is fine with two-factor authentication, but after my cousin got his email hacked last month because he reused a password from a forum leak, I'm wondering which side is actually right here?

2 comments

wade558•1mo ago

Warning: my old router went from fine to hacked in 2 weeks

I noticed my internet got super slow at night about a month ago. Didn't think much of it until I checked the admin log and saw connections from IPs in Russia and China. Turns out my 5 year old router had a known vulnerability I never patched because the manufacturer stopped sending updates. Has anyone else had an old router get compromised without realizing it?

2 comments

anthony_fox90•1mo ago

My password reset trick that actually saved my accounts

I got hit with a phishing email pretending to be my bank last Tuesday, almost clicked the link before I caught it. Instead of just changing that one password, I went through all 47 of my saved logins and made every single one unique with a random 16-character string from my password manager. Has anyone else tried doing a full sweep like that after a close call, or do you just fix the one account and move on?

3 comments

charlie_fisher45•1mo ago

Used to think password managers were a hassle until my accounts got hit

I always figured remembering passwords myself was good enough, never used a manager. Last month someone got into my email through a reused password from a forum breach. After resetting everything and setting up Bitwarden, I honestly wish I'd done it years ago. Has anyone else had a close call that pushed them over to using one?

2 comments

caseyw12•1mo ago

Warning: Found out my "secure" password manager was copying plaintext to clipboard all along

I was at a coffee shop in Austin last Friday working on some freelance stuff. Went to paste a password into a login field and accidentally hit paste into a text document instead. There it was, my bank password just sitting there in plain text. Turns out my old manager app had a setting I never turned off that kept a copy in the clipboard history. I figured since it was an encrypted vault, everything was handled safely. But nope. Had to change like 30 passwords that weekend. Has anyone else had a similar clipboard leak scare?

2 comments

the_blair•1mo ago

Password manager almost got me hacked last Tuesday

I was using a free password manager for like 3 years and thought I was being all secure. Then I noticed one day it was syncing my passwords to a public cloud server without telling me. A buddy in my IT meetup group pointed it out when he saw the traffic logs on my phone. Now I check every single app's data settings before I install it. Has anyone else caught their "secure" apps doing shady stuff in the background?

2 comments

jamesmason•1mo ago

That $60 network analyzer saved my bacon after a ransomware scare

I dropped 60 bucks on a little pocket-sized network traffic monitor after ignoring warnings for years, and last month it caught a weird spike in outbound data from my thermostat. Turned out some sketchy IoT device was phoning home to a known C2 server, and I cut it off before anything got encrypted. Anyone else had a cheap gadget actually pay off bigger than expected like that?

2 comments

holly_gonzalez61•1mo ago

That $40 password manager saved my butt after a data leak

Back in March I got an email that my email was in some breach database. I had been using the same password for everything for like 5 years. Paid $40 for a year of Bitwarden premium and spent an afternoon changing all my logins. Has anyone else had their whole setup exposed and had to scramble like that?

2 comments

the_zara•1mo ago

That old wifi password issue ate up 2 hours of my Friday night

Spent ages trying to connect my Roku to the guest network at my friend's place. Turned out they had MAC filtering on and never told me. Anyone else deal with friends who set up security but forget to explain it?

2 comments