Soldato
- Joined
- 21 Oct 2011
- Posts
- 22,460
- Location
- ST4
Really getting tired of hacking now
- Thread starter robfosters
- Start date
Confirmed Sheep.
I've switched from LastPass earlier tonight to Bitwarden. Yesterday LastPass made changes to it's free service where you can only use it's service either on a desktop/laptop OR mobile device. Bitwarden offers both for free.
True generally speaking but as someone else mentioned if OPs PC has been compromised it's possible there's a keylogger or some other nasty running on the PC.
LMAO. Straight to the most important website.
These sites offer multilayer encrytion that they can't just browse themselves. If it really was one big lie, someone would catch them out.
The UK needs more internet safety education. Not just in schools but for older people who missed it, and regular refreshers anyway as things change. It's essential for national security, mental health, and election integrity so it's shocking it doesn't already happen.
There's plenty of information out there. People need to take responsibility for themselves.
Lots of us probably used Chrome for storing passwords in the past. The issue I have with this is that it works in the background right from signup. You'll be prompted to save and people often don't want the hassle with these things and quickly click OK. Eventually you'll see a thread like this and look at your Chrome data only to realise you've stored your personal addresses for your family, friends, your phone number, credit cards, all the passwords you've used previously and anyone else that's used the PC (family, friends, guests) will immediately have had access to this often without the owner knowing. Older generations frequently aren't aware of these things as well as they should be.
Agree in principle, but disagree for the reason quoted above. Password managers mostly excel for multiple devices such as PC/Mobile where Chrome isn't the sole use.
Soldato
- Joined
- 3 Jun 2005
- Posts
- 3,329
- Location
- The South
Ideally you would have a backup security key in case of emergencies in the same vain as having backup codes.
I think you would have to be pretty unlucky for a sim swap attack to happen but the recent issue around NetNumber (https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80) does open your eyes a lot wider to SMS OTP.
Isn't using a password manager a bit like putting all your eggs in one basket? What if that service gets compromised?
Also does my head in when I'm helping people with IT support (not my job!) and they try a different browser or something and have zero idea what their passwords are because "it was just saved before" .... Sigh!
Also does my head in when I'm helping people with IT support (not my job!) and they try a different browser or something and have zero idea what their passwords are because "it was just saved before" .... Sigh!
Have you tried to get into your paypal account without going through 2fa..Even if its enabled
Sim swap happened to me a few weeks ago.... They hacked my O2 account, did a sim swap. changed my Paypal password and spent 1800 at Ikea.
I hit the roof with O2 as its defo their end thats the issue.
If someone had hacked my PC they wouldn't have spent 1800 at ikea they would have emptied my business bank accounts
Permabanned
- Joined
- 9 Aug 2009
- Posts
- 12,234
- Location
- UK
Yeah potentially. Can negate that with an offline password manager like KeePass and let the browser remember passwords for convenience.
I don't know what any of my passwords are except one.
The one that gets me into 1Password.
BitWarden, Lastpass, and I assume many of the others use end-to-end encryption.
This means your passwords are encrypted before being sent to their servers and synced between your devices, and can only be decrypted with your master password.
As long as you don't use a weak or compromised master password (if you use / have ever used your master password elsewhere consider it compromised) you'll be fine.
A handy feature of Bitwarden, Lastpass, etc, is you can export your passwords to a csv file which you can store offline somewhere. That way if you manage to forget your master password or they disappear you can still get all your passwords back.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
yeh.
its ridiculous having 2fa when Paypal are happy ignore it without any lengthy reset process in place.
It took less than 5 mins to sim swap, Reset Paypal password (despite having 2fa) and spend £1800 at Ikea.
I periodically export a CSV to a memory stick that lives in my desk drawer. Bitwarden does duties on my phone and desktops/laptops.
Most my passwords are generated programmatically, no hope of remember any of them!
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
oh it did, did it? Have you reported this to paypal as a security problem?
Yes I have. But its how they do things. You just click the I'm still struggling to log in and they'll text you a code.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
uhm, why don't you use an app instead of a text notification?
I think your misunderstanding what i mean.
They hackers bypassed the 2FA on my account by asking paypal (via a link on paypal) to text them a reset code. Paypal then text them a pass reset code
He's the one who put it there! we got him red handed
Soldato
- Joined
- 3 Jun 2005
- Posts
- 3,329
- Location
- The South
That's ***** luck but do you know if it was socially engineered or an inside job?
Networks definitely need to up their game and put in place a lot more safeguards to prevent sim swap attacks though.
How do you keep it sync'd across multiple devices?
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
They wouldn't have been able to if you used a 2FA app rather than a text message auth.