WiFi Security

[Sunset]

My passwords are long unless limited by the site (as some are stupid enough to limit them).
I feel a 30 character password is long enough, all random characters.

Yes, I use a password manager, so each password is different for all 200 sites I visit.

And I use 2 factor authorization, And I'm still WORRIED.

After all, some sites don't store my password encrypted (which should be criminal by itself).

 

[timo2]

The site below is run by Troy Hunt, a highly reputable person. Pop your email addresses in it and you'll see how many companies have lost it along with who knows what other data. If you click Passwords at the top try your favorite password (but not a current one) and you'll see how many times someone else (or you) had it lost in a data breach.

https://haveibeenpwned.com/

Ray

thanks for this site. It was interesting to see which specific breaches I was associated with. Since I was in the OPM breach, I just assumed everything I ever did prior to that was compromised, but some of these breaches are newer.

 

[Kroeran]

I wonder if starting fresh with a new email might be prudent.

What exactly are the bad guys able to do with breached information ?

 

[target2019]

I wonder if starting fresh with a new email might be prudent.

What exactly are the bad guys able to do with breached information ?

With enough stolen ID facts they can prove they are you, and steal your identity.

 

[timo2]

With enough stolen ID facts they can prove they are you, and steal your identity.

right. they don't have to get all the stolen ID facts in one place either. They can piece them together from disparate sources.
and they don't have to be stolen, they could be something you provided to someone on line. High school for instance. wedding date, etc

 

[Dalmore]

Wifi Security

"I'm still waiting for a confirmed report of anyone actually having their bank details stolen by someone who was sitting in Starbucks watching the WiFi"

Good point. I'm new to "wifi" and just a little skeptical.

The only reason to be wary using Starbuck's wifi is that anyone on the network can TRACK what you are doing.

If you go to BofA.com and log on, your ID and password are encrypted and you are as safe as safe can be. However, the bad guy will know you went there. Say that after checking your bank statements, you go to Joe's Retirement Planner and log into that insecure website. Now the bad guy know two things about you: You're email address and that you are a member of BofA. With that knowledge, the bad guy can set up phishing attacks against you to try to steal your password at a later date.

 

[sengsational]

The MO of the bad guys lately has been distributed credential stuffing. I guess I'm not on the WiFi topic, so I'll keep it short. This attack is dependent on people reusing passwords < Don't Do It. Ever!

 

[FIREarly]

Do you feel secure accessing your VG, Fido, TDA etc accounts on your own secure wifi? What about on other wifi (restaurant, airport etc)? I've always been leery of wifi on general. But then again it is 2019.

Coz

I feel confident accessing financial sites and purchasing online from my home secure network. I try not to use any other network to do this. On rare occasions it will happen, such as MSFT dropped to the low end of its window during this specific time and I purchased shares from my phone. This is not advised. Phones are less secure, even if they say they are secure. If there is less hardware in the device it does not have the same power to protect itself.

Try to never do any secure work from open/public wifi. Many of us have probably done this from time-to-time but it is not recommended.

GO MSFT!!