c/cybersecurity-tips

Chat with an IT guy at my dentist's office made me paranoid about my router

He saw my phone's WiFi list and asked if I still had the default admin password on my router. I said yeah probably, and he just shook his head and said "you're basically handing your keys to the neighborhood." Has anyone else actually gone through and locked down their router settings or is that just overkill?

A hacker scared me straight last Tuesday after I clicked a fake FedEx link

I was just trying to track a package with my new shoes and typed "FedEx tracking" into Google. First result looked legit so I clicked it and put in my order number and zip code. It asked me to download a PDF to see delivery details so I hit download. Then my antivirus went crazy and popped up a warning about malware. I called my IT guy at work and he said I almost handed my login credentials to a phishing site. He showed me the URL was actually fedex-delivery-help dot com with a typo. Now I double check every link before clicking even if it looks real. Has anyone else had a close call with a fake shipping update scam

Switched from password manager to a physical notebook for my most sensitive logins

Used to keep everything in Bitwarden until a coworker got phished through a browser extension backdoor last March. Now I write my banking and email passwords in a pocket notebook I keep in a locked drawer at home. Has anyone else gone analog for high-risk accounts?

Appreciation post: the free password manager I ignored for 2 years

I finally switched from using the same 3 passwords for everything to Bitwarden last month. Kept putting it off cause I thought it'd be a hassle to set up. Took me maybe 20 minutes to import everything from my browser and now I don't have to remember 50 different logins. Has anyone else had that moment where you kick yourself for not making a simple security switch sooner?

Last month a fake "tech support" call cost my neighbor $2,800

My neighbor Jerry got a call saying his computer had a virus. They walked him through logging into his bank to "verify" his account. By the time he realized it was a scam, they had drained his savings. I told him next time hang up and call the number on his bank card, not the one they give you. Has anyone else had family almost fall for this?

PSA: Stop using "password123" for your home router admin panel

I helped my neighbor set up his home network last Tuesday and I was shocked at what I saw. He had a brand new TP-Link router but his admin password was still set to "admin" with no login required. Three years ago I got hacked through a similar setup where someone changed my DNS settings to redirect me to fake banking sites. It took me weeks to undo the damage and I lost access to two accounts before I caught it. That neighbor's router had been broadcasting for 6 months with zero security on the admin side. I showed him how to change it in 2 minutes and he had no idea that was even a thing. Has anyone else found routers in their family or friends' homes with the default passwords still active?

Why does nobody talk about public WiFi traps in coffee shops?

I was at a Starbucks in downtown Austin last week, checking my bank app on their free WiFi. Two hours later, I noticed $350 missing from my account. Turns out someone set up a fake hotspot with the same name, and I connected to it by mistake. Has anyone else dealt with this kind of skimming trick?

Caught a phishing email because of one weird formatting trick

I almost clicked on a fake invoice yesterday from what looked like our shipping vendor. The email looked perfect except the font was slightly off in the body text. Turns out they copied the real email template but used a different default font. I checked the headers and the reply-to address was a Gmail instead of the company domain. Forwarded it to our IT team and they confirmed it was a targeted phish. Now I check font weirdness on every suspicious email. Anyone else got a small visual clue that saved them from a scam?

Had to choose between a 2FA app or SMS codes for my bank account

I picked the authenticator app because it felt safer, but then I dropped my phone in a puddle outside the 7-Eleven on Elm Street. Spent two hours at the bank with my license to prove I was me just to reset everything. Funny enough, the branch manager said they still get people who use SMS and get their SIM swapped instead. Anyone else had a 2FA recovery fail like this?

Pro tip: Stop using the same password for everything

I used to just rotate between three passwords for all my accounts until my email got hacked last month and they got into my Amazon, Netflix, and even my bank. After that I spent an afternoon setting up Bitwarden and now every single login has a unique random password. Has anyone else had a wake-up call like this that finally got them to use a password manager?

Random YouTube comment on a scam call video made me rethink my whole approach

Some guy said 'just let it ring, no voicemail no problem' and honestly I realized I've been overcomplicating spam call blocking for years. Has anyone else found that ignoring unknown numbers completely is actually the simplest 100% fix?

That free antivirus from my ISP flagged my own damn payroll script

I was running a quick Python script to generate pay stubs for my small business last Tuesday and suddenly Norton blocked it as a trojan. Has anyone else had their antivirus freak out over totally legitimate code you wrote yourself?

Compared free password managers against a paid one and the difference was night and day

I used Bitwarden free for 6 months then paid for 1Password last month, and the paid one's auto-fill on mobile apps is SO much smoother it's not even close. Has anyone else found free options just don't cut it on Android?

Found out my old passwords were all cracked in under 2 minutes

I was messing around on haveibeenpwned last night after seeing a post here, and decided to check how fast some of my old passwords would get cracked using a free online tool. Turns out my 'secure' password from 2015, which was like 10 characters with a number and symbol, got cracked in 47 seconds. I used to think I was being smart mixing in special characters, but those hashcat algorithms just blow through that stuff now. The crazy part was seeing that a simple 8 character password takes literally milliseconds to crack if you're using GPU clusters. I found a site called hashcat.net that shows benchmark stats, and it scared me straight. I switched to a password manager with randomly generated 16 character strings and turned on 2FA everywhere after that. Has anyone else run their old passwords through a cracker just to see how fast they fall?

Why does nobody ever talk about 2FA backup codes?

I set up two factor on my email account a couple years ago and thought I was all set. Then my phone got water damaged on a job site last month and I was totally locked out. It took me 3 days to get back in because I never saved those backup codes they gave me. Has anyone else run into this and found a good way to store them safe?

That cheap wifi router at the coffee shop in Denver taught me a lesson

I was working from a coffee shop near Union Station last week and noticed their free wifi was asking for my full name and phone number to connect. I typed in "Mickey Mouse" and a fake number and it worked anyway (hint hint, don't give real info to public hotspots). Has anyone else seen these excessive login requirements popping up in cafes around town?

My password manager autofill failed during a Zoom screen share last week

I was walking a client through setting up their new business email on a Zoom call and my Bitwarden autofill popped up with my personal banking password right on screen. Luckily nobody saw it long enough to read it, but my heart stopped for a second. I had to quickly minimize the window and pretend I was showing something else. I ended up disabling autofill entirely and now I just copy-paste manually from the vault. Has anyone else had a close call like this with their password manager on a video call?

Why does nobody talk about backing up password managers locally

I lost access to my password manager for about 8 hours last month when their server went down. It wasn't a big deal for me because I keep a local encrypted backup on a USB drive in my desk drawer. But I talked to three coworkers who all use the same cloud-only service and none of them had a backup plan. If that outage had lasted a couple days they would have been locked out of everything from email to banking. I use KeePass for the local copy and update it every Sunday night. Has anyone else set up a local backup for their passwords or do most people just trust the cloud?

Pro tip: stop using the same password for your email and bank accounts

I was cleaning a client's house last week and she asked me to check her email for a confirmation number. She handed me her phone and I saw she was logged into her email, bank, and Amazon all with the same password. I asked her about it and she said 'isn't that normal?' lol. I guess it is for a lot of people. But if one of those sites gets hacked, now they have access to everything. Has anyone else noticed friends or family doing this and had to convince them to change it?

Changed my view on free VPN services after a rude awakening

I used to think any VPN was better than none, so I ran a free one for about 2 years. Then my bank in Omaha flagged a login from Russia, and I lost $350 before they reversed it. The free service was selling my data to cover their costs, plain and simple. Has anyone else had a similar wake-up call with a "free" security tool?

Question about password managers after hearing my coworker's security story

Last week my coworker Dave told me he uses the same password for everything since 2018. Said he just changes one number every time a site forces a reset. He got his email hacked twice last year and still won't switch. I've been thinking about trying a password manager but I'm not sure which one is simple enough for someone like him. Has anyone here convinced a stubborn person to actually use one?

Had a chat with my dad last night about his old Yahoo password

He said he still uses "password123" because he's never been hacked, and now I'm worried about how to convince my 68-year-old pops to switch to a manager without making him feel dumb, anyone else deal with stubborn relatives?

Unpopular opinion: that password manager I paid $60 for was a complete waste

I bought into the hype last spring and dropped $60 on a fancy password manager subscription. Thought it would keep me safe from all my bad habits, but I ended up spending 3 hours trying to figure out how to export my old passwords from a CSV file. The auto fill never worked right on my phone at the grocery store checkout, so I just went back to writing stuff in a notebook. Has anyone else had better luck with something simpler or am I just missing the point?

Got hit by a fake tech support call last week and almost fell for it

Some guy called saying he was from Microsoft and my computer had a virus, and he had me pull up some system log. I caught on when he asked for my credit card to fix it, but the log looked real enough to scare me for a minute. Anyone else had these calls and found a quick way to spot them before wasting time?

PSA: I ran a free antivirus for years, but switching to a paid one last month caught three things the free one missed...