c/cybersecurity-tips

Spotted a cafe in Denver with their wifi password taped to the register screen for everyone to see

Has anyone else seen a public place do something this risky, and what's the best way to politely tell a business their setup is a hacker's dream?

3 comments

morganhill•2d ago

Am I the only one who sees people still using the same password everywhere?

My friend in Austin asked me to help with her email last month, and I saw she used the same password for her bank, her social media, and a shopping site. I showed her how a breach on that shopping site meant all her other accounts were open too. I set her up with a free password manager that day, and she said it was way easier than she thought. Has anyone else had to gently explain this to someone recently?

3 comments

faith684•2d ago

My home server got hit with a ransomware note after I skipped one update

Ignored a patch for my NAS for maybe two weeks, figured it could wait. The cleanup and restore from my offline backup took three full days of constant work. How often do you guys actually apply security updates, immediately or in batches?

3 comments

graceblack•3d ago

Vent: My friend called my password habits 'lazy' and honestly, it stung

We were grabbing coffee and I mentioned I had to reset a few accounts. He just looked at me and said, 'You still using your dog's name and your birthday, aren't you?' It was so spot on I couldn't even deny it. He told me that pattern was basically handing a key to anyone who glanced at my social media. It really got to me, so I spent the next Sunday afternoon, like three hours, setting up a password manager. I forced myself to make all new, totally random passwords for my main email and bank logins. It was a pain, but now I don't have to remember any of them. Has anyone else had that moment where a simple comment made you finally overhaul your whole setup?

2 comments

amy_foster79•5d ago

My neighbor's smart doorbell got him robbed in Phoenix

He told me 'it's fine, the app has a password' while the default admin login was still active. The guy who broke in just looked up the model online. Anyone else seen people skip the basic setup steps?

2 comments

christopher_wells4•5d ago

I finally bought a hardware wallet for my crypto and it's a no-brainer

Spent about $80 on a Ledger Nano S Plus after seeing a friend get drained from a fake wallet connect site. It keeps your keys offline so those phishing links can't touch your actual coins. Anyone have a good routine for checking the address on the device screen every single time?

2 comments

felixt31•5d ago

Got a text about a package I never ordered, and it almost got me last Tuesday

The link looked real, but I checked the sender and it was a random number, so I deleted it and reported it as spam instead of clicking.

2 comments

felixt31•5d ago

Question about switching from a password manager to a physical security key

I argued with my friend in Denver for months that my password manager was enough, but after he showed me how a $50 Yubikey could stop a phishing attempt cold, I bought one last week and it's already saved my main email account.

2 comments

holly713•6d ago

So I just found out my 'strong' password was a famous movie quote...

For like two years, my main password was 'MayTheForceBeWithYou2022' because I thought adding numbers made it safe. The tip-off was when my bank's new system flagged it as 'commonly used' and refused it. I checked a password strength site and it said it would crack in under 4 seconds... I felt so dumb. I always told my family to use long passwords, but I never checked if mine were actually good. What's a better way to make a long password that isn't just a famous line?

2 comments

brown.gavin•6d ago

Reading an old report from 2010 made me realize how much easier it was to be a hacker back then.

I was looking through some old security papers from my college days and found a study from the University of Maryland. It said the average time between a computer being connected to the internet and getting its first attack attempt was 39 minutes. That was in 2010. I just ran a test on a fresh virtual machine last week, and it got a scan in under five minutes. The tools are just faster and more automated now. It really shows you can't leave anything exposed, even for a short coffee break. What's the fastest you've seen a new system get hit?

2 comments

joelh64•7d ago

I was sure those 'password manager' apps were just another thing to forget about, but after my cousin in Chicago had her email hacked last spring, I downloaded one and it's stopped me from reusing the same three passwords everywhere.

Has anyone else found a specific feature in a password manager that really sold you on it?

3 comments

adam_adams•9d ago

I watched my friend's kid get a 'free game' and it was a total security mess

He clicked a pop-up ad on a sketchy site, downloaded a file called 'game_setup.exe', and ran it without a second thought. The whole thing took maybe 30 seconds. I had to explain that you can't just run files from anywhere, and that 'free' often means malware. It made me realize how many people still don't get the basics of checking downloads. What's the simplest way you teach someone to spot a risky file?

3 comments

miam75•9d ago

My cousin's kid called my password 'grandpa level' and honestly, he had a point

At a family thing in Boise last month, my 14-year-old nephew saw me log into my email and just said 'Uncle Mia, that password is grandpa level, you just added a 1 at the end of your old one.' I was using 'Spring2023!1' and thought it was fine. I changed all my main stuff to use three random words with some numbers now, like 'cactus-truck-42-battery'. Has anyone else had a kid totally roast their security habits?

3 comments

chen.casey•9d ago

Can we talk about the time a free USB drive almost got me

This was about six months ago at a local tech conference in Austin. Someone was handing out branded flash drives at a booth, and I grabbed one without thinking. When I plugged it into my laptop at home, my antivirus flagged it instantly for a trojan. I had to do a full system scan and wipe the drive. It made me realize how easy it is to get tricked by something that looks harmless. Has anyone else had a close call with a physical device like that?

3 comments

sage_ramirez42•10d ago

Serious question, I used the same password for everything for like 10 years until my cousin's Netflix got hacked from a breach.

It was a huge wake-up call that a single leak could unlock my whole digital life, so what's the easiest way you guys actually manage a bunch of different strong passwords now?

3 comments

eric723•11d ago

Warning: My neighbor's kid just got scammed out of $50 from a fake game download link

He clicked a 'free V-Bucks' ad on a video site, and it got me thinking how we only talk about this stuff with adults... has anyone found a good way to explain these risks to younger teens?

3 comments

chen.casey•11d ago

PSA: I keep seeing people skip the 'update later' button on their phone

Last week, my neighbor in Sacramento asked me to look at her phone because it was acting slow. I checked and she had over 30 app updates and a full system update pending for 'maybe 6 months'. She said she always hits 'remind me later' because she's busy. I explained that many of those updates fix security holes that bad guys can use. Has anyone found a good way to make updating a habit without it being a pain?

3 comments

masonm70•12d ago

My brother told me to stop reusing my old password pattern and I'm glad I listened

For years, I used the same base password with a number and symbol tacked on for each site, like 'Treeguy78!' for everything. My brother, who works in IT, kept saying it was a bad idea, but I figured it was fine. Then, about two months ago, I got an alert that my info was in a breach from some old forum I signed up for. Because I used that pattern, I had to change passwords on over 20 accounts in one night. It took me three hours. Now I use a password manager and let it make random ones for me. Has anyone else had a close call that finally made them switch their password habits?

2 comments

dixon.spencer•12d ago

TIL my old password system was a joke

Had all my accounts on a single password with slight variations. A friend in IT asked me to guess how long it would take to crack it, said 'maybe 3 hours'. He ran it through a tool, said 17 seconds. Anyone else have a wake-up call like that?

3 comments

kim693•13d ago

Pro tip: I saw a public charging station in the Denver airport that made me really nervous

I was waiting for a flight last Tuesday and noticed a free USB charging hub near gate B45. It looked normal, but I saw three people plug their phones directly into the ports without a second thought. Those ports could easily be set up for data transfer, not just charging, which means a hacker could access your phone in seconds. I always carry my own AC plug and a charging-only cable for this exact reason. It takes up almost no space in my bag and blocks any data connection. Has anyone else seen these in other airports and avoided them?

2 comments

maryt62•13d ago

I thought my dad's old password book was a bad idea, but it saved my whole family

Honestly, I used to give my dad a hard time for keeping all his passwords in a small notebook he kept in his desk. I told him for years it was a huge risk and he should use a password manager like I do. Then, about three months ago, my mom's main email got hacked. The hacker locked her out and started trying to reset passwords for her bank and other stuff. It was a total mess. My dad pulled out his book, found the answers to her old security questions from like 2005, and we got the account back through the provider's help line. The hacker had changed the security answers to new fake ones. Tbh, that little book, locked in a drawer at home, turned out to be the only backup that worked. Has anyone else had a simple, physical backup plan actually save them when digital stuff failed?

3 comments

thea_wood86•14d ago

My neighbor's kid got into my home network because I never changed the default router password from 'admin'.

After that scare in April, I now use a 15-character passphrase with numbers and symbols, and I'm curious if anyone else has a good method for creating and remembering strong, unique passwords for every device?

3 comments

felix_lane99•16d ago

Am I the only one who thinks a password manager is a single point of failure?

I mean, I get why people push them, but I had a real scare about six months ago. I was at my shop in Tacoma, trying to log into my business bank account, and my password manager just wouldn't sync. The main vault was on my shop computer, but the mobile app showed a blank list. I spent a solid two hours on the phone with their support, totally locked out of everything. I had to use the 'forgot password' link on like 15 different sites, which was a nightmare. It made me realize that if that one master password got compromised or the service glitched, I'd be in a bad spot. Now I keep a physical notebook in my safe for the most important logins, which feels crazy to say online. Has anyone else had a password manager fail on them and what did you do?

3 comments

grace_allen•17d ago

Remember when a simple virus scan was enough?

Last month, my home server got hit with a crypto locker that hid in a fake invoice email. I thought restoring from my backup drive would take an hour, tops. It took me three full days to realize the ransomware had been dormant for a week and encrypted the backup too. I had to rebuild everything from an offline backup I made a month prior, which meant losing a lot of recent photos. It was a brutal reminder that backups need to be air-gapped and checked often. Anyone else have a backup plan they thought was solid that totally failed?

3 comments

mitchell.val•17d ago

PSA: I thought a password manager was overkill until my email got hit

For years I just used a few simple passwords for everything, thinking 'who would bother with my stuff?' Then last Tuesday my main email got locked out. The recovery showed login attempts from a place in Romania. It took me two full days to get back in and secure everything. I finally set up Bitwarden and it made me realize how weak my old system was. Has anyone else had a close call that finally pushed them to use a password manager?

3 comments