TexasCHLforum.com

Rafe wrote: ↑Mon Dec 13, 2021 7:13 pmWhenever feasible, for sensitive accounts I always opt to use two-factor authentication. Bit of a pain, but worth it. We even used it as a product from RSA over 15 years ago at a company I worked for. That particular method never caught-on widely, though. We were issued a little key fob manufactured by RSA (in case Andy is reading, not that RSA; RSA Security LLC, now owned by Dell). Each key fob was unique, and every three minutes (I think that was the duration) the fob would display a new numeric code. The code was synched with the RSA servers, so we had to enter our password plus the code to log in; impossible to log in without the key fob.

Today the most common two-factor auth method is to to send you a numeric code via an SMS text message to your cell number on file and have that code expire in a few minutes. You're still hosed if you need to log-on but have lost your phone...or dropped it in the bay that time you lost all your firearms while boating off Galveston.

I used that RSA fob back in the day. Worked just fine, I thought.

Currently use Google Authenticator frequently for 2FA.... Works reliably and has a growing base of websites that can use it. One application for 2FA makes things simpler. I prefer not to use SMS, since that requires me to give up my mobile number, when it's appropriate not to.

Rafe wrote: ↑Mon Dec 06, 2021 12:14 pm

RoyGBiv wrote: ↑Mon Dec 06, 2021 11:56 am
Lots and lots of creative criminals on the internet.

Yep; and we didn't mention another local-computer favorite: Trojan key-loggers.

I had to answer a call... busy morning.
Thanks for the added info... Great reminder on WiFi encryption. I had to double check that "Low" risk uses WPA2 on my router.

03Lightningrocks wrote: ↑Mon Dec 06, 2021 11:29 am Time for armature hour folks. How does someone go about "hacking" a password? Is this something they do by using your user name or do they have to get access to your computer?

There are many ways... Here's a couple...

1. "Hacking" generally refers to gaining access to a companies data... a data breach. Maybe they find a flaw in the operating system and "exploit" it. Maybe a careless worker gets "phished".... example.... You give your name, address, phone, and set up a login and password at.... Walgreens. Someone hacks into Walgreens data and gains access to your information. Now they know your login and password... If you use that same login/password combination to get into Amazon, then the hackers might try to log in to your Amazon account and send themselves things. (Amazon is not a great example because they have better security and will ask you to confirm log ins from new devices, but, just an example).

2. Phishing..... You receive and email, or text or phone call... The email warns you that your bank account or your eBay account has been locked and please click the link to reset your password. You click the link and it takes you to a site that looks very much like Bank of America, you enter your login, old password and new password. Now the thieves have your login and "old password", actually your current password, and can clean you out.

Lots and lots of creative criminals on the internet.

https://portswigger.net/daily-swig/data-breach

I use LastPass and BitWarden. LastPass recently went from being free for personal use to only being free on one type of device (computer / portable). I'm finding BitWarden to be a good substitute, but, LastPassk was better integrated with applications I use. I may pony up and pay for the premium version of LastPass, but I'll give BW a bit more trial time.

Took me a while to go through all my passwords and update them to randomly generated 16 character strings. But, I feel much better having done it. The motivation for me was a data breach that exposed a user name / password combination that I used frequently for low-risk websites like this forum. Little of any real value is at risk if someone hacks my account here, and many similar places. After a reported data breach, I had to go through and update any website of any importance to a new user/password. I figured it was a good time to get started with a password manager/generator.

About the only passwords I still keep only in my head are for banking.