c/cybersecurity-tips

Hot take: password managers aren't as safe as we think

I used to think LastPass was fine until my cousin's account got hit in that 2022 breach. Now I'm debating between going back to paper passwords or trying a different manager - what do you all think?

2 comments

grant.kevin•2d ago

Bought a $40 used router from a garage sale and it had a rootkit installed from the factory

The previous owner had no idea, but the firmware was hacked to send all their traffic through a server in Russia - how do you check used networking gear before plugging it in?

2 comments

barbara429•4d ago

Learned the hard way that my router's admin page was wide open

Last Tuesday I was checking my home network and noticed some weird traffic in my firewall logs. Turns out I left the default admin password on my router for 3 years without thinking about it. Someone had been poking around trying to get in, but my ISP's basic protection blocked them. I changed it to a random 20-character password and turned off remote access right away. Has anyone else found scary stuff in their logs after ignoring their router settings for too long?

2 comments

nora735•5d ago

Almost fell for a phishing text pretending to be my bank last week

I was at the grocery store checkout when I got a text saying my account was locked and to click a link to verify. The URL looked off by one letter so I called my bank instead and they confirmed it was a scam. Has anyone else gotten fake texts from numbers that look legit?

2 comments

wendysmith•6d ago

Vent: Found out my "secure" home router was broadcasting my kids' device names for anyone to see

I was just poking around WiGLE.net last night and spotted our home network with every phone and tablet listed by name - didn't realize that was public until a neighbor mentioned he saw "Sarah's iPad" pop up. Has anyone else checked what their router is leaking to the whole block?

3 comments

phoenix845•8d ago

Saw a guy at the coffee shop using a sticky note over his webcam and it made me rethink my own setup

I was at a local cafe downtown yesterday getting some work done, and this guy at the table next to me had his laptop open with a literal piece of paper taped over the camera. At first I thought it was kind of funny, but then it hit me that I don't even think about covering mine. I use a password manager and 2FA on everything, but I never really considered how easy it is for someone to just peek through my cam if they got access. Has anyone else just never bothered with camera covers or am I way behind on this?

2 comments

fiona_lewis37•8d ago

Unpopular take: password managers are not the silver bullet everyone claims

I used LastPass for 5 years but switched to a plain text file on an encrypted USB after their 2022 breach. Sure, it's old school but that file never leaked and I can access it offline anywhere, even on a job site with no cell signal. Has anyone else found that the extra convenience of a cloud manager actually adds risk?

2 comments

the_terry•8d ago

Heard a guy at the coffee shop say his voicemail PIN was '1234'

I was waiting for my order last Tuesday and this dude on the phone literally gave out his voicemail PIN to someone as 1234, loud and clear. Makes me wonder how many people still use stupid simple codes for things like that. When was the last time you actually changed the default PIN on something important like your router or voicemail?

2 comments

ivancoleman•8d ago

Rant: Password reuse finally bit me after 15 years of laziness

I used the same password for everything since like 2008. Email, banking, forums, even my work login. I figured nobody would care about my accounts anyway. Then last month someone got into my old Neopets account and used it to send spam to everyone on my friends list. That was embarrassing enough, but then they used the same password to get into my PayPal and tried to send $200 to themselves. I only caught it because my bank texted me about the unusual purchase. So now I'm going through every single account changing passwords. Using a password manager now and honestly it's way less annoying than I thought. The resetting everything part is the worst though. Has anyone else had to do this cleanup after getting hit with reused passwords?

2 comments

webb.xena•9d ago

I finally switched off password managers for my personal accounts

I used to rely on LastPass for everything, like my email, banking, even my Netflix login. But after that big breach back in 2022 where they lost encrypted vaults, I got spooked. Now I just write down my important passwords in a little notebook I keep in a fireproof safe at home. For less critical stuff, I use a simple pattern with site names mixed in. It feels old school but at least I know nobody can hack a physical book. Anyone else go back to analog methods after a breach?

2 comments

betty_ward•9d ago

Fell for a fake antivirus popup last month

That was my whole rent money gone in 10 minutes. The scammer even showed me fake errors to keep me scared. Now I just close the browser when I see those alerts.

2 comments

betty_shah•10d ago

Overheard a sysadmin at a coffee shop in Denver say most ransomware comes from people reusing passwords at work

He said one reused password on a breach list can domino through an entire company network, which made me audit my own login accounts across 12 different sites last night, has anyone else found a good way to track which passwords are actually unique?

2 comments

fiona_lewis37•10d ago

Changed my mind about password managers after hearing a sysadmin break down the math on reuse

I was at a coffee shop last Tuesday and overheard this guy explaining to his friend how if you reuse a password on even 3 sites and one gets breached, you're basically handing over keys to the other 2. He said something like 'a 12-character unique password has 3x10^21 combos but a reused one might as well be 1 combo across all sites.' That math stuck with me. Made me finally set up Bitwarden that night. Anyone else have a random conversation that flipped your view on security habits?

2 comments

kai_stone99•11d ago

My local library's public wifi had no password, so I checked the router settings

I was at the downtown library in my town last Saturday to get some work done. Their public wifi didn't have a password, which I thought was odd for a place with all those computers. Out of curiosity, I typed the default gateway into my browser and the router login page came right up. Default admin credentials still in place. I didn't touch anything, but I told the librarian at the front desk. She said she'd have their IT guy look at it. Has anyone else found public routers set up this carelessly?

2 comments

willow_anderson85•12d ago

Got phished through a fake banking alert on my phone last Tuesday

I was standing in my driveway checking what I thought was a Chase fraud alert and entered my login info before realizing the URL was off by one letter. Ended up having to freeze my accounts and spend 3 hours on the phone with their fraud department. Has anyone else seen these smishing scams getting scarily convincing lately?

2 comments

noah_black•12d ago

Installed a password manager last month. Was using the same password for 14 years.

Saw a data breach notification pop up for an old gaming forum. Checked haveibeenpwned. 23 breaches. All the same password. My bank account used that password. Email too. Felt like an idiot. How many of you just use one password?

2 comments

ericjackson•14d ago

Tried two password managers for 3 months each, the difference was night and day

I used Bitwarden for the first 3 months and switched to Dashlane for the next 3 to test them out. Bitwarden was free and worked fine but the auto-fill on my phone was super clunky, I had to tap around like 4 times sometimes. Dashlane costs about $3 a month but everything just worked perfectly, it filled logins on apps and sites without any fuss. The real kicker was when I tried to share a family vault with Bitwarden, it took me 20 minutes to figure out the sharing setup. With Dashlane it was like 2 clicks and done. Has anyone else found a free password manager that actually keeps up with the paid ones?

2 comments

felix478•15d ago

I finally caught myself reusing passwords after a close call

I always thought I was careful with passwords until I got a notification that someone tried logging into my email from a city in Romania. That's when I realized I'd been using the same password for my email and my old gaming account that got hacked years ago. I sat there for 10 minutes checking all my accounts and found 8 of them shared the same password. Has anyone else had a moment like this where a small scare made you rethink your whole security setup?

2 comments

jamesblack•15d ago

Worst day of my IT career: 3,000 emails phished in 4 hours

Last Tuesday a vendor sent a fake invoice link that looked legit and before I caught it, half our sales team clicked it and leaked credentials. How do you train people to actually pause before clicking when they're already busy?

2 comments

luna_wells57•16d ago

Hit 10,000 blocked threats in a month and I'm not sure if that's normal

I set up a home Pi-hole network monitor last year just for my family's devices, and last month it logged over 10,000 blocked DNS queries. Most of it was from smart TVs and my kid's tablet trying to phone home to ad servers... is that typical for a small household? Has anyone else checked their own network traffic and found numbers way higher than they expected?

2 comments

holly_flores79•16d ago

Torn between a password manager upgrade this week, went with the free option instead

I had to decide between upgrading to the paid version of Bitwarden or sticking with the free one after my vault hit 50 logins. The premium was only $10 a year, but I figured I'd see how long the free tier really held up. Turns out, the free version handles everything I need for now, even with 2FA codes and attachments. I just made sure to turn on two-factor authentication myself with an authenticator app. Has anyone else hit that limit and felt the pressure to pay for something you barely use?

2 comments

diana_bell74•18d ago

That one client who insisted on password123 made me rethink everything

I had a guy last year who ran a small law firm in Phoenix and he refused to use a password manager because he didn't trust the cloud. He literally said, 'I'd rather just remember a strong one myself.' So I showed him how to use a passphrase like 'purple-cactus-bridge-7' and he argued it was too hard to type. After three sessions of this, I finally convinced him to try Bitwarden, just the free version. Six months later he called me thanking me because his old system got hit with a brute force attempt. Has anyone else dealt with a client who fights every basic security step?

2 comments

nancy3•18d ago

My worst tech support week ever - got hit with a ransomware scare and a phishing test all in 48 hours

Last Tuesday I clicked on what I thought was a legitimate invoice from a vendor we use, and my whole computer locked up with a screen demanding $300 in Bitcoin. Turned out our IT guy had set up a phishing simulation without telling anyone, and I nearly had a heart attack before he emailed the whole department. Then on Thursday, my neighbor's elderly mother called me because her email was sending weird messages to everyone in her contacts. I spent Friday morning walking her through changing passwords and setting up two factor authentication on her phone. Has anyone else had back to back weeks like this where you feel like you're fighting fires nonstop?

2 comments

holly47•19d ago

TIL that using 'password123' for a work account bit me hard

My old boss told me it was fine to use simple passwords for internal tools since they're 'not public.' Got hit with a credential stuffing attack last month and three team accounts got compromised before IT locked everything down. Anyone else have a manager who brushed off password security like that?

2 comments

gavin_mason31•19d ago

Rant: That time a phishing test at a local coffee shop caught me off guard

I was at Brew & Bytes downtown last Tuesday grabbing a latte and checking emails on their guest wifi. Some popup asked me to 'verify my account' for the free wifi, looked legit with their logo and everything. I almost typed my email password in before I noticed the URL was off by one letter. Told the barista and she said three other people fell for it that week. Makes you wonder how many small biz spots are running fake portals to steal logins. Anyone else almost get burned by a public wifi trap like that?

2 comments