1
My password reset trick that actually saved my accounts
I got hit with a phishing email pretending to be my bank last Tuesday, almost clicked the link before I caught it. Instead of just changing that one password, I went through all 47 of my saved logins and made every single one unique with a random 16-character string from my password manager. Has anyone else tried doing a full sweep like that after a close call, or do you just fix the one account and move on?
3 comments
Log in to join the discussion
Log In3 Comments
william91719d agoTop Commenter
Did you set up a separate email just for the financial stuff or use something like a burner email service? I actually did the same thing after my own scare, moved all my banking and investment logins to a totally separate free email account I never use for anything else. That plus the authenticator app on my phone feels like a solid wall between the bad guys and my money, even if my main inbox gets compromised.
6
willow73227d ago
That part about "47 of my saved logins" really got me thinking. I actually went a step further after a similar scare last year and started using a separate email for all my financial accounts. You used a password manager which is smart, but I kept thinking about how reset emails all go to one inbox. If someone gets into that email, they could reset everything even with unique passwords. I also set up 2FA on that email with an authenticator app, not text messages. It takes an extra few seconds to log in, but I feel way better knowing my bank and credit cards aren't all tied to one weak point. Maybe add that layer on top of your password sweep.
5
the_ryan27d ago
Have you ever thought about using a password manager that also supports passkeys instead of traditional passwords? That's what I did after reading a similar thread last year. Passkeys are tied to your device's biometrics or PIN, so even if someone gets your email, they can't reset anything because there's no password to reset. I know it's not perfect for every site yet, but most major platforms support it now. Combine that with the separate email and authenticator app you mentioned, and you're basically locking down the whole chain. It's a pain to set up at first, but once it's done you don't have to worry about password resets being a weak link anymore.
3