Really getting tired of hacking now

FoxEye · 16 Mar 2021 at 17:01

pepp77 said:
Whereas I interpreted it as him saying or it could be that somehow you have a keylogger on your computer. Which to me was a valid statement. How YOU choose to read that is on you, not the poster.

Does not follow.

I interpreted the statement as it was written. There is no debate about that.

You chose to insert the word "could" which wasn't written.

You then assert that your insertion of the word "could" to make the sentence different to how it was written is the more logical interpretation.

I disagree.

Here, for reference, is the statement as written:

muon said:
It's your own fault for letting your microsoft account get hacked.

Losing control of you email account is asking for serious trouble. Why don't you have 2FA for the microsoft account?

Worse still you have a keylogger in your computer which again requires you to have fallen for a trick.

"You have a keylogger." As written, that is a statement of fact, not speculation.

englishpremier · 16 Mar 2021 at 17:05

robfosters said:
How is it my fault? And what is 2FA anyway?

Is the most annoy thing in the world billed as security and something for our convenience. When in reality its a massive inconvenience almost as bad a those bank card readers.

Delvis · 16 Mar 2021 at 18:00

englishpremier said:
Is the most annoy thing in the world billed as security and something for our convenience. When in reality its a massive inconvenience almost as bad a those bank card readers.

Nooooo no no no, those things literally are the bane of existence.

Diagro · 16 Mar 2021 at 18:04

englishpremier said:
Is the most annoy thing in the world billed as security and something for our convenience. When in reality its a massive inconvenience almost as bad a those bank card readers.

Sigh....

Burnsy2023 · 16 Mar 2021 at 19:05

Bouton Aide said:
Yep. Bitwarden locks when you reboot or by a time period.

I would argue that BitWarden isn't necessarily anymore secure than Chrome as a password manager. The main reason I'd recommend a password manager is if Google doesn't have all the features you need. I wouldn't encourage anyone to move from Google as a password provider if that works well enough for them.

Deleted member 77746 · 16 Mar 2021 at 19:07

Burnsy2023 said:
I would argue that BitWarden isn't necessarily anymore secure than Chrome as a password manager. The main reason I'd recommend a password manager is if Google doesn't have all the features you need. I wouldn't encourage anyone to move from Google as a password provider if that works well enough for them.

Bitwarden is much better, has many more features for free.

Malevolence · 16 Mar 2021 at 19:10

What features do you need for a password manager beyond storing passwords and 2FA?

Burnsy2023 · 16 Mar 2021 at 19:12

Bouton Aide said:
Bitwarden is much better, has many more features for free.

It's more feature rich, sure, but it's not really better at the core job of storing passwords. For people that just want that, I'd argue that Google actually does a more convenient job of it. For those users who come from no password manager at all, I think Google is a better first step until they need more features.

Burnsy2023 · 16 Mar 2021 at 19:14

Malevolence said:
What features do you need for a password manager beyond storing passwords and 2FA?

Secure notes, such as being able to store passport details etc. Being able to get a family member to be able to get access in case of emergency. Being able to get to passwords on all your devices. API access if you're so inclined.

englishpremier · 16 Mar 2021 at 21:08

Diagro said:
Sigh....

You may sign all you want, but when companies decide it's a good idea to use an sms code for 2fa every time you change IP address, it becomes a real pain. Especially when abroad when you a) may not have your UK SIM card in, b) have little or no signal on your UK sim so the messages may take hours to come through.

Similar story if you break a phone, or like my Sony phone where only part would screen would work and since I was on a Caribbean island is was a while before I could get a new phone.

Email is slightly better, then you've got a load of junk emails to clear out all the time.

It is simply not designed for people that travel often (using various wifis), are frequently out of UK, or those that aren't glued to a phone every time they want to logon to a check their bill (Vodafone), mess around with taxes (HRMC which thankfully now has an app), Do anything with their banking (Santander - good riddance), look at their account (coin metro), book somewhere to stay (airbnb) the list goes on.

mikeo · 16 Mar 2021 at 21:38

englishpremier said:
You may sign all you want, but when companies decide it's a good idea to use an sms code for 2fa every time you change IP address, it becomes a real pain. Especially when abroad when you a) may not have your UK SIM card in, b) have little or no signal on your UK sim so the messages may take hours to come through.

Similar story if you break a phone, or like my Sony phone where only part would screen would work and since I was on a Caribbean island is was a while before I could get a new phone.

Email is slightly better, then you've got a load of junk emails to clear out all the time.

It is simply not designed for people that travel often (using various wifis), are frequently out of UK, or those that aren't glued to a phone every time they want to logon to a check their bill (Vodafone), mess around with taxes (HRMC which thankfully now has an app), Do anything with their banking (Santander - good riddance), look at their account (coin metro), book somewhere to stay (airbnb) the list goes on.

While taking on board what you are saying, if not 2FA, then what?

Genuine question (IE. not taking the ****).

PS. Checked the "recent activity" on my Microsoft account and at first glance it looks quite scary the number of attempted login's / sync's that have been tried in even the last 30 days! Though I have had this Microsoft account for a number of decades now.

englishpremier · 16 Mar 2021 at 21:50

if you never needed 2fa authentication before, you don't need it now. hacking attempts have been going on since the dawn of the internet. 2FA gives added peace of mind, but there is a price to pay for it in terms of convenience. My point was that many sites over use it. It should only be forced on people for the most crucial things, and in many cases there's no need for it at all.

Santander's app would be an example. They like to send an SMS code if you want do something with your account. Starling on the other hand I just have to enter my password if I want to do something such as add a new payee. Faster and easier, and no less secure given that we're not hearing of Starling accounts be compromised. So Santander could easily do away with it if they wanted.

I think it's the same as anything in life. The more protection you add, the more freedoms you lose or inconvenience. Just need to strike a balance.

Kreeeee · 16 Mar 2021 at 21:54

mikeo · 16 Mar 2021 at 21:55

englishpremier said:
if you never needed 2fa authentication before, you don't need it now. hacking attempts have been going on since the dawn of the internet. 2FA gives added peace of mind, but there is a price to pay for it in terms of convenience. My point was that many sites over use it. It should only be forced on people for the most crucial things, and in many cases there's no need for it at all.

Santander's app would be an example. They like to send an SMS code if you want do something with your account. Starling on the other hand I just have to enter my password if I want to do something such as add a new payee. Faster and easier, and no less secure given that we're not hearing of Starling accounts be compromised. So Santander could easily do away with it if they wanted.

Fair enough, I see your point

PS. The only one I'm "that" concerned about, is my Microsoft account and that's had 2FA since it first became available.

PPS. Only account that I have ever had hacked, was STEAM. And what a sod that was to get sorted. This was pre STEAM GUARD though.

Minxy · 17 Mar 2021 at 08:11

Is Authy the best place to start?

Demon · 17 Mar 2021 at 15:25

Kreeeee said:
Eurgh... I don’t really want to get into the details but any password manager that syncs over the internet is bad.

All of the ones we have had audited have been insufficient.

A bit more info would be welcome, I use Bitwarden and assume their 'syncing' would use at least an asymmetrical modern encryption method, or is that not the case/not really secure etc?

We develop various services that exchange information to/from Hospitals and it goes through external security audits, currently we use one of the many asymmetrical encryption schemes and we've gained the authorisation to allow data to be synchronised over the internet. I keep thinking we should move to OTPs since it's easier to revoke/limit access if one gets compromised but people think I'm being too paranoid.. and quite frankly I'm far from an expert, I just understand the basic concepts..

Mind you, Any cloud based password manager including Google and Apple is 'syncing' passwords etc, surely no well known password manager should be so obviously insecure?

Spill the beans! Don't name names, but surely you can hint at the weakness?

Deleted member 77746 · 17 Mar 2021 at 15:35

Minxy said:
Is Authy the best place to start and is it free to use please?

I moved away from Authy to 2FAS Auth, interface was better IMO.

Minxy · 17 Mar 2021 at 16:21

Bouton Aide said:
I moved away from Authy to 2FAS Auth, interface was better IMO.

So is the idea that you use this and remove your other existing 2FA details?

Deleted member 77746 · 17 Mar 2021 at 16:35

Minxy said:
So is the idea that you use this and remove your other existing 2FA details?

I only use this now as my main 2FA app as it backs up to iCloud.

Minxy · 17 Mar 2021 at 17:18

Bouton Aide said:
I only use this now as my main 2FA app as it backs up to iCloud.

Thanks for your help