c/cybersecurity-tips

My buddy insisted I turn on two-factor for my email, and I'm glad he did

He kept saying 'just do it, it takes two minutes' after his own account got hit, so I finally set it up last month. A few days ago, I got a login attempt from a city I've never been to, and the text code stopped it cold. Do you think 2FA is annoying or absolutely necessary for everything now?

Remember when a password manager felt like a crazy luxury?

I spent about $40 a year on one back in 2015, and my friends thought I was nuts. It saved me last year when my old email got hit in a big data leak. The manager flagged all my reused passwords, so I only had to change a few instead of a hundred. Anyone have a good method for getting family members to actually use one?

Just found out most people reuse the same password across 10+ sites

I was reading a report from Google's security team last month and it blew my mind. They said the average person uses the same password for at least 10 different accounts. That means if one site gets hacked, attackers can try that same email and password combo on everything else you use. I checked my own old password manager and realized I used to do the same thing with an old password from like 2018. It's so easy to just add a number or symbol and call it new, but that doesn't really help. Now I use a password generator for every single login, no matter how small the site seems. Has anyone else made the switch to completely unique passwords and noticed it's actually less stressful?

A guy at the coffee shop in Boise told me his 'password123' got his email hacked

He said it happened after he used the same password on a forum that got breached... what's the simplest way you explain to people why that's a bad idea?

Shoutout to using a password manager over my old notebook

I kept all my logins in a physical notebook until my apartment got broken into in Austin. Now I use Bitwarden, and the auto-generated passwords feel way more secure. Has anyone else made a similar switch and noticed less stress about account breaches?

Had coffee with my aunt last weekend and she told me she uses the same password for everything, 'just with different numbers at the end'. It really hit me how common that still is.

I thought my dad was being paranoid when he told me to put tape over my laptop camera. Then my friend's webcam light turned on by itself.

Had to choose between a free VPN and paying for one after my bank flagged a login from another city

Went with the paid NordVPN plan and it's been solid for 6 months, no more weird alerts. Anyone have a good free alternative that's actually safe for checking accounts?

Showerthought: My dad's old 'write it down' password system made more sense after a talk with my niece.

She asked me how to make a password for her new school email, and when I started explaining special characters and password managers, she just said, 'But Grandpa keeps his on a piece of paper in his wallet, and no one has ever stolen it.'

I just found out my whole family was using the same password for everything for years

PSA: I lost $75 to a fake invoice email that looked real

Got an email last week that looked exactly like a bill from a tool I use for work. It said my payment failed and to click a link to update my card. I was in a hurry, so I did. The site looked right, but I put in my real card info. Two days later, I saw three small charges I didn't make, totaling $75. My bank caught it and is fixing it, but it was a hassle. Has anyone else seen these fake invoices getting really good lately?

TIL my smart speaker was listening to a private talk about a trip and then showed me ads for hotels in that city

I was on the phone with my sister last week, planning a surprise visit to Austin for her birthday. We talked about dates and I mentioned I needed to find a place to stay. I never searched for it online. Two days later, my smart speaker's companion app had a whole list of hotel deals for Austin right on the home screen. It felt like a direct line from my living room to an ad server. I know these devices listen for wake words, but hearing a private conversation turn into targeted ads was a real shock. It made me think about how much data we give away without realizing it. I've since gone into the device settings and turned off a bunch of 'personalization' options. Has anyone else had a creepy moment like this that made you change your smart home settings?

PSA: I used to think a $50 antivirus was enough, but after my neighbor in Phoenix got his bank account drained last month, I now run a full security stack with a password manager, 2FA on everything, and weekly backups.

What specific extra layer, besides the usual stuff, do you think most people are still missing?

Hot take: I stopped using a password manager for a week and it was a disaster

I thought I could just remember a few strong passwords for my main accounts, but after locking myself out of my bank's website on a Tuesday, I had to admit defeat. The 'trick' of using a memorable phrase with numbers and symbols just doesn't scale past three logins. Anyone else tried to go password-manager-free and regretted it?

Appreciation post: My home server got hit with a weird port scan last night

I was just watching a movie around 11 PM when my phone lit up with alerts from my firewall. Something was hitting my home server on a bunch of random ports, like 8080, 4444, and 3389. My heart sank because I just set that thing up a month ago to host some personal projects. I immediately logged in and checked the logs. The traffic was coming from an IP I didn't recognize, and it was trying a bunch of common admin login pages. I had a moment of panic, but then I remembered the basic rule: block first, ask questions later. I added a firewall rule to drop all traffic from that IP and changed my SSH port from the default 22 to something non-standard. It was a stressful hour, but it worked. Has anyone else dealt with a scan like this and have tips on what to check next? I'm worried I missed something.

Checked my password manager stats and saw I had 87 unique passwords saved. That number hit me.

Overheard a guy at the coffee shop say he uses the same password for everything

He was telling his friend it was easier to remember, and it made me think about my own habits. I checked my password manager and realized I had over 20 accounts with weak variations of the same old password. How do you actually convince someone to start using unique passwords?

My home network traffic looked like a ghost town for a month, then a wild party

About six months ago, I set up a simple network monitor on my router. For weeks, the logs showed almost nothing, just my laptop and phone. Then last Tuesday, the graph spiked with hundreds of new device connections I didn't recognize. Turns out my smart TV had a default setting turned on, making it a hotspot for the whole apartment building. I changed one setting and the traffic went back to normal. Has anyone else had a 'smart' device quietly open up their network like that?

I dropped $80 on a 'premium' VPN that barely worked for a month

I signed up for a year of this service because the ads said it was the fastest and most secure. The first week was fine, but then my speeds dropped to less than 5 Mbps, making streaming impossible. I spent hours with their support, who just told me to switch servers over and over. It was a total waste, and I had to buy a different one. Has anyone else had a VPN just fall apart like that?

Rant: The coffee shop near my office in Austin has a public Wi-Fi login page that looks super fake

I was at a spot on South Congress yesterday and their free network login asked for an email and a birth year. The page had a weird URL and no SSL padlock. It got me thinking, is it ever okay for a business to ask for any info on a public network, or should they just offer a simple click-through? Where do you draw the line between basic data collection and a real security risk?

Overheard a guy at the coffee shop bragging he uses the same password for everything because 'who would target me?'

That mindset is exactly why my cousin in Boise had his bank account drained last year after a breach at a small online store he used once.

I bought a 'lifetime' VPN subscription for $200 and it was gone in a year

Saw a deal online for a VPN service that promised a one-time payment for a lifetime account. I paid $200 upfront, thinking I was set. The service worked fine for about 11 months, then the company just vanished, their website went dark, and my app stopped connecting. Now I'm out the cash and had to scramble to find a real service. Has anyone else gotten burned by a 'lifetime' tech security deal?

My brother told me to stop using the same password for everything. I ignored him.

He said it was a huge risk. I figured my accounts were fine. Then my old Yahoo email got popped last year. Someone used it to try and get into my bank. Took me two full days to lock everything down. Had to change over 30 logins. Anyone else learn this the hard way? What password manager do you actually trust?

My sister's kid asked me why I put tape over my laptop camera and it made me think about basic security habits.

Vent: I used to think a simple password was fine until my old email got hit in that big 2023 breach

I mean, for years I just used my dog's name and my birth year for everything, idk, it was easy. After seeing my old Yahoo account on a leaked list, I switched to a password manager and now every login is a unique 16-character mess. Has anyone else had to rebuild their whole digital life after something like that?