Are you in danger?

[Dub]

David posted and I responded.

Apr 5, 2023 12:27:13 GMT -5 Dub said:

Apr 5, 2023 12:11:04 GMT -5 david said:

I just got a call from my B-I-L. He has been hacked and the hacker changed passwords on his financial accounts.

Make sure you are using two-factor authentication on your accounts!

I use Sentinel Authenticator everywhere that supports 3rd party 2FA. It’s way more secure than SMS text. Dongles can also be very secure.

I also use the mSecure password manager for all my logins. Passwords are encrypted, random alphanumeric strings at least eighteen characters long.

I also have security tools installed on all my devices as well as our local area network.

I’m not immune from attack but pretty darn close.

Anyone curious about their security can check the link below to see if your information has been made publicly available. The site is hosted by the 1Password service but there is no requirement to use their service.


haveibeenpwned.com/

[david]

Thanks, Dub. Most of us are not keeping up with the newest technologies and scammers are becoming more clever.

For any with access to the AARP Magazine, this month's edition has an excellent article on scams and how to avoid them.

[majorminor]

Two factor Authentication means 1) keyed in internet password then 2) getting a texted PIN to enter?

[Cosmic Wonder]

Apr 5, 2023 14:57:46 GMT -5 majorminor said:

Two factor Authentication means 1) keyed in internet password then 2) getting a texted PIN to enter?

Yep

[Dub]

Apr 5, 2023 14:57:46 GMT -5 majorminor said:

Two factor Authentication means 1) keyed in internet password then 2) getting a texted PIN to enter?

That's one way and probably the simplest. It's better than no 2FA at all.

Much better is to use a third-party app. There are lots of these now and if you're looking for one, I'd advise against using one from companies that have a history of wanting your data, such as FB, Google, Microsoft, etc. These apps generate a six-digit code that is unique to your account on a given Web site and is changed every 30 seconds or so. When you log in that way, the site you are using will ask for the code. You then go to your 2FA app, copy the code they display for your login, and paste it into the site you wish to use. There is virtually no way a hacker or bot could get access to the code.

An even more secure strategy is to get a "dongle," a physical device that you plug into a USB port, that does the same trick. It generates a random code that is used when you log in. This code isn't sent or transmitted in any way and there is no way for it to be intercepted.