Microsoft Authenticator saves the day. I was in the grocery store when I got the notification on my phone that someone was trying to sign in to my Microsoft account. I could tap Approve or Deny. I tapped Deny. I saw it again a couple of minutes later, and tapped Deny again.
Use 2-Factor Authentication (2FA) on every account that allows it. Don’t put it off any longer. Use this weekend to secure all your accounts, and start 2024 with better security.
@paxterrarum I think I have most of my accounts with 2-Factor or some form of protection of having to answer two to three security questions (if it doesn't have 2-F). Though the questions account I think are only two.
It definitely is important!
@NaomiSkarzinski @paxterrarum and use 2FA apps whenever possible. I had a friend who had $10K+ stolen from a SIM swap attack. I use a password manager and email anonymizer for every new account but MFA with anything remotely financial. The only long term problem with the anonymizer is if the service shuts down at some point in the future. There is such a thing as too much security I suppose!
One of the main reasons I don't keep banking apps on my phone. What I do have to confirm I do via the Authy app. Reminds me, I do have one account that still texts me, need to see if that institution now has ability to go through the Authy.
I don't trust password managers in the least. I have a spreadsheet with a 16 character password encryption. And that is never in the cloud anywhere.
@NaomiSkarzinski @paxterrarum I used to use LastPass but now use Bitwarden, which is open source. As a computer scientist I've looked at the code and it's doing what it's supposed to do. The database is end-to-end encrypted meaning that what's stored in the cloud and then synced between devices is never decrypted except in the memory of my devices. I generate a new 15 char password for every new account so the spreadsheet would be cumbersome. I rotate the master password every 6 months.
@hallmarc @NaomiSkarzinski @paxterrarum
Been pleased with BitWarden as well.
I've heard good things about Bitwarden and looked it up when it was recommended here many, many, moons ago. I simply don't trust anything on the cloud as far as passwords are concerned.
That being said, you're right about the spreadsheet. But I'm willing to put up with the hassle. Now, if my life situation was different, wasn't as much of a stay at home person, travelled more with laptops and other devices, etc., then I would probably gulp and do Bitwarden.
@paxterrarum I have been getting those things about trying to get into my MS account and denying them as well. I’m also trying to figure out WTF the point of hacking into it is! Stealing my certs?
@NoMansWoman
They don't know how valuable an account may be until they get into it. Maybe with yours, all they can do is pirate a few Microsoft licenses using your credit card on file. At the other extreme, one of my clients did have his Microsoft account breached.
He's a contracted attorney.
For Microsoft.
@paxterrarum no credit card on file - my employer gets vouchers for us to use so I’m safe on that front. But man, they try on the regular. Almost always trying from NYC, China, Iran, or Russia!
@NoMansWoman Yesterday I also had attempts made from Croatia and Germany. Oh - and also from the good ol' USA.
@paxterrarum here f'ng here.