Babble Community

c/cybersecurity-tips

7

faithcampbell•21h ago

Appreciation post: my neighbor who showed me why password managers matter

Last Tuesday my neighbor Bob came over because his bank account got drained. He had used the same password for everything since 2009. I sat with him for two hours setting up Bitwarden and generating strong passwords for each site. It took him a while to get used to it, but now he says he sleeps better at night. Makes me wonder how many folks still use the same password for email and banking. Has anyone else helped a relative or friend switch to a password manager recently?

17

josepha32•3d ago

Last week my old tablet got hit with ransomware and I almost lost everything

I was backing up photos from a camping trip 3 years ago when a popup froze my screen. Thought it was a glitch at first. Took it to a shop on Main Street and they said it was a crypto locker. Had no backup since February. Cost me $150 to get the files back. Do most people actually keep backups or just hope it never happens?

6

jennifer204•3d ago

Just saw my friend get hit with a ransomware attack in 20 minutes flat

He clicked one sketchy link in an email and within 20 minutes his entire business files were locked. Has anyone else had to deal with getting data back after something like this without paying the ransom?

28

kaih36•5d ago

That security conference in Chicago changed how I think about password policies

I went to this regional cybersecurity meetup in Chicago a few months back, and a guy from a local bank got up and said something that really bothered me. He claimed their 90-day password rotation policy was the gold standard, and everyone nodded along like that was the smartest thing ever. But here's the thing - my pest control business had the same rule for years, and it just made people write passwords on sticky notes or use simple patterns like "Summer2024!" So I actually stopped enforcing forced rotations for my employees about a year ago. Instead we switched to requiring 12-character passphrases like "bluefrogeatsgravel" and only reset if there's a suspected breach. It's been way less frustrating for everyone, and we haven't had a single account issue since the change. Has anyone else stopped forced password rotations and seen better results?

16

smith.anna•7d ago

Am I the only one who still sees people using the same password everywhere?

I checked my cousin's accounts after he got hacked last week and found he used "password123" for his bank, email, and Netflix. He thought a password manager was too much trouble, but now he's out $400 from a fake Amazon order. I've been using a free manager since 2019 and never had an issue. Has anyone else tried to help a friend switch to one and just given up?

12

tara793•7d ago

The shift from password managers to passkeys feels like 2010 all over again

I remember back in 2012 when I finally got my dad to use a password manager after he got hacked on eBay. That was a game changer back then. But now I'm seeing more sites push passkeys and I'm honestly on the fence. Last month I set up a passkey on my Google account and it took me 20 minutes to figure out how to back it up across devices. Meanwhile my old LastPass setup still works fine for the 47 accounts I've got saved. Has anyone else switched fully to passkeys or are you sticking with the old way?

18

jenny_hall•11d ago

Pro tip: That Target data breach in 2013 made me rethink my whole password system

I worked retail at a Target in Minneapolis when the breach happened, and seeing how easily they got into our payment system was wild. Now I'm torn between using a password manager with 20+ character random passwords or just keeping it simple with a few strong passwords I actually remember. What do you guys do for your personal accounts after something like that shook your trust?

18

uma_taylor47•11d ago

My worst cyber week ever started with a fake email from my own boss

Last Wednesday I got an email that looked exactly like our CEO asking me to buy $50 in gift cards for a client reward. I almost did it too because it came from inside our company system. Turns out someone hacked his email and was sending those to everyone in our department. Three other people fell for it before IT caught on. What security tools do you use to catch these internal email spoofs before someone clicks?

14

price.gavin•12d ago

Warning: I tried a free VPN vs paid one for 3 months and got hacked anyway

Honestly I thought a free VPN was fine for basic stuff like checking email on public wifi. Ngl the free one slowed my connection to a crawl and the paid one from ExpressVPN seemed solid. But after 3 months I still got a phishing email that grabbed my login for a gaming site in Ohio. Tbh I learned that VPNs don't protect you from everything and I should've focused on 2FA instead. Anyone else find that their VPN gave a false sense of safety?

13

murray.drew•12d ago

Saw someone say password managers are a single point of failure so they don't use one

Overheard a guy at a coffee shop in Denver telling his friend that password managers are too risky because if someone gets your master password, they have everything. I get the concern, but I think that logic is backwards. Without a manager, most people just reuse the same 3 passwords across 50 sites, which is way more dangerous in practice. A single data breach at some random forum exposes your bank login too. I've been using Bitwarden for 4 years now with a strong master password and 2FA, and the peace of mind is huge. Has anyone else dealt with that argument and found a way to explain why the tradeoff is worth it?

1

taylor.sean•13d ago

PSA: My two-factor auth app failed me at the worst possible time

Last Wednesday I was trying to log into my bank account to pay a bill that was due that day. My authenticator app just refused to generate a code, kept showing an error message instead. I had to call customer support and wait 45 minutes to get a temporary bypass code. Now I keep a list of backup codes in my wallet just in case this happens again. Has anyone else had an authenticator app just stop working on them?

11

young.nora•16d ago

Discovered a keylogger on my work laptop after 3 years of using the same password everywhere

I finally checked my password manager report last Tuesday and saw my main login had been used on 47 sites, including a sketchy forum from 2021. Has anyone else found out they were reusing passwords way longer than they should have?

6

anthony129•17d ago

Learned the hard way that free VPNs aren't worth it

I signed up for one of those free VPNs last month to save $10, and within a week my browsing got 3 times slower and some random ad network started popping up on my phone. Turns out the free ones often sell your data anyway, so I basically paid with my privacy instead of cash. Ended up spending $48 for a year of Mullvad and it's been solid. Anyone else get burned by a free VPN before?

2

kellys78•1mo ago

PSA: Nearly got my business accounts cleaned out at a coffee shop in Austin last week

I was at a place called Brew & Bytes on South Congress, connected to their free WiFi to check some estimates, and within 20 minutes my phone started showing weird login alerts from my bank. Turns out someone was running a fake hotspot that looked legit, and I almost typed my password into a phishing page that popped up. How do you guys verify a public WiFi network is actually the real one before you hop on?

8

sarah818•1mo ago

Two-factor authentication stopped working on a Sunday morning and I almost lost my entire client portfolio

I was sitting at a coffee shop in Austin about 6 months ago trying to get into my project management dashboard. The 2FA code from my authenticator app wouldn't match no matter what I did. I tried 3 times, reset the app, checked the time sync. Nothing. Turned out the issue was that my phone's clock had drifted by about 4 minutes because I had automatic time zone turned off from a trip. I had to dig up backup codes from a folder I almost deleted. That 20 minute panic attack made me realize how fragile that whole setup is. Has anyone else had a close call because of a tiny setting like the time zone?

13

hugo_robinson25•1mo ago

Unpopular opinion: I ditched password managers for a hardware key setup

Everyone in this community swears by password managers like they're the only way to stay safe online. But I got tired of relying on a single vault that could get compromised or lock me out. About 6 months ago, I switched to using a YubiKey for my main accounts and a physical notebook for the rest. Yeah, it feels old school, but I sleep better knowing my passwords aren't stored in the cloud anywhere. The catch is I have to manually type in longer ones for less important sites, but that's like 3 extra seconds. Has anyone else gone back to basics with hardware keys instead of a manager? I'm curious if I'm just being paranoid or if others see the same risks I do.

3

ray_campbell46•1mo ago

Used a password manager for 6 months after saying they were overkill

I used to think password managers were just another subscription to pay for, but my buddy in IT convinced me to try Bitwarden after I got locked out of my bank account for the third time. Turns out remembering 20 different passwords is impossible without reusing them everywhere, which is exactly what I was doing lol. Now I don't have to reset my Netflix password every week because I kept forgetting it. Has anyone else had a moment where a simple tool saved them from their own bad habits?

20

ellis.susan•1mo ago

Unpopular opinion: password managers might not be for everyone

I tried LastPass for about 6 months last year after hearing how secure it was. But I got locked out twice because I forgot my master password and had to reset everything. Maybe it's just me but I think some people are better off with a notebook stored in a drawer if they can't keep track of one password.

23

clairen85•1mo ago

I finally cracked and bought a password manager after losing $50

I lost $50 in Amazon gift card credit because someone guessed my weak password. I had the same password for like 6 years and used it on 10 different sites. Someone got into my account and bought a bunch of digital crap with my credit. Now I'm using Bitwarden and it's annoying but I feel a little less stupid. Anyone else have a wake up call like this that made them change?

11

ryantorres•1mo ago

That talk with my buddy about password managers really got me thinking

I was grabbing coffee with my friend Mike last Tuesday, and he mentioned he uses the same password for everything, even his banking. I told him about password managers, but he said he didn't trust putting all his eggs in one basket. It hit me different because I just assumed everyone knew how bad that was, especially after we had a fire at an office building last year that started from a data breach. Has anyone else had a friend who just won't budge on password safety?

26

matthewmartin•1mo ago

Showerthought: My 2FA app broke at the worst possible time

Last Tuesday I was trying to get into my work email from a new phone and my authenticator app just crashed on me. Had to call IT and wait 45 minutes for a backup code while I stood in the warehouse with a pallet jack halfway down an aisle. Has anyone else had a backup method fail when you needed it most?

3

hart.sage•1mo ago

Talked to a sysadmin buddy in Dallas and he flipped my view on password managers

I used to think password managers were just another target for hackers to grab all your logins at once. Last week my friend Mark in Dallas explained how they actually encrypt everything locally before it ever hits their servers. He said the biggest risk is people reusing passwords across sites, not the manager itself. Now I'm thinking about ditching my sticky notes for Bitwarden. Has anyone else switched and regretted it or found it way easier than they expected?

13

susan_wright34•1mo ago

That pentest report that called me out on MFA gaps

Got a pentest report back last October from a client in Austin. The tester pointed out we had 12 legacy accounts still using SMS-based MFA instead of app-based authenticators. I argued it was fine for months until they showed me how easy sim swapping actually is. Switched all those accounts to Microsoft Authenticator push notifications within a week after seeing their demo. Has anyone else had a pentester call out something you thought was secure but really wasn't?

1

ericj45•1mo ago

TIL that 'free' VPN apps can actually be a data trap

I tried one of those free VPN apps from the app store to watch a show while traveling, and it popped up a bunch of sketchy ads and slowed my connection to a crawl. Turns out they were selling my browsing data to third parties the whole time, which is basically the opposite of what I wanted. Has anyone else had a free tool like that backfire on them in a weird way?

2

eva_thompson•1mo ago

My password manager setup was a mess until a coworker called me out on it

I used to keep all my passwords in a spreadsheet on my desktop and thought that was fine because it had a password on the file. Then a guy on my mail route saw it over my shoulder and said "if someone gets into your computer, they have everything" and that hit me hard. I switched to Bitwarden last month and set up two-factor authentication, but has anyone else had trouble getting family members to use a password manager too?