c/cybersecurity-tips

Rant: My cousin's IT guy told me to stop reusing passwords... and he was right

Walked into a coffee shop and saw 20 laptops open on the same public WiFi

Was grabbing a drink at a local place downtown yesterday and counted at least 20 people working on laptops all connected to the same open WiFi network. No password required, no encryption, just free access for anyone within range. I sat there for an hour and watched people log into bank accounts, email, and even a payroll system. It takes like 2 minutes to set up a VPN on your phone as a hotspot, but nobody does it. Has anyone else noticed how careless people get with public networks at cafes?

I finally realized I was using password managers wrong for like 3 years

I had Bitwarden set up and everything, but I was still just copying and pasting passwords from it into login fields manually. Felt smart cause I was using unique passwords. Then last month my buddy watched me do it and was like 'dude, just use the auto-fill feature, extensions do it for you.' I didnt even know that was a thing. Felt so dumb. Anyone else miss obvious features like that?

Wasted $150 on a VPN that actually slowed my whole home network to a crawl

I signed up for a year of SecureSurf VPN last month and my streaming kept buffering on every device, so has anyone else run into a VPN that just kills your internet speed like that?

Found a card skimmer at a gas station in Tulsa last weekend

I stopped at a Phillips 66 off Route 66 around 9pm. The pump looked normal but the card reader felt a bit loose when I slid my card in. I wiggled it and the whole faceplate came off in my hand revealing a skimmer taped to the inside. I called the station manager and he said they check every morning but this one must have been put on that afternoon. Has anyone else started checking pumps this way or am I being paranoid?

TIL my password manager was storing passwords in plain text

I was at a coffee shop downtown about 2 weeks ago and this guy next to me was helping a friend set up a new laptop. He casually said, "if your password manager can show you your passwords without asking for your master password again, it's not really secure." That stuck with me so I checked mine and sure enough, every password was visible in plain text inside the app. I switched to Bitwarden that same night. Has anyone else switched tools after realizing their old one wasn't as safe as they thought?

Had a guy at a coffee shop in Portland show me how easy it is to clone a debit card

I was sitting at this little shop in Portland last month working on my laptop when this random guy sat down next to me. He saw me paying with my card and just casually said "you know I could copy that in about 30 seconds with a $50 reader from Amazon right?" I thought he was joking until he pulled out this tiny device from his bag and showed me how he does it. He literally swiped his own card through it and within seconds had the full number and pin on his phone screen. The scary part was how calm he was about it, like it was no big deal. He told me tap to pay is way safer because the chip data changes every time. Anyone else run into people like this who just casually drop scary tech knowledge on you?

Pro tip: that free PDF compressor site I used infected my whole network

Last Tuesday I downloaded a free PDF tool from a random site to shrink a set of blueprints for a client bid and within 2 hours my office PC was mining crypto so hard the fan sounded like a lawnmower, has anyone else had a work machine get taken down by a sketchy online converter?

Overheard a guy at the coffee shop say his lizard was a better password manager than LastPass

He claimed his bearded dragon named Frank could remember 12 different 20-character passwords by blinking patterns, which made me wonder if I should just train a pet instead of paying for a subscription.

Spent 20 minutes at the DMV watching people type passwords in plain sight

Was waiting for my number to be called and saw at least 5 people typing their login info into the kiosk while someone was right behind them looking over their shoulder. Nobody shielded the screen or anything. Made me wonder how many people just dont think about it when theyre in public. Has anyone else noticed this at government offices or other places where you have to log in?

I remember when 2FA meant a text message and nothing else

Back in 2014 I worked at a small office where the only security we had was a simple password that never changed. Then we got hit with a phishing attack that cost us about $3,000 in fake invoices. After that my boss finally let me set up two-factor authentication for everyone. At first people complained about the extra step but within a year it cut our security incidents down to zero. Now every site wants you to use an authenticator app or a hardware key and I think that's a good thing. Has anyone else seen their workplace push back on adding extra security layers?

Coffee shop wifi got me phished and I lost $200 in gift cards

I was at a Starbucks in Austin last month, typing away on their free network, when I clicked a link in an email that looked like it was from my bank. The page asked for my login and a verification code, and I typed it all in without thinking twice. Next thing I know, my email password got reset and someone drained $200 worth of gift cards I had saved in my account. I realized too late that the Starbucks network had no encryption and someone probably set up a fake login page on the same wifi. I immediately changed all my passwords from my phone's data connection, not the wifi, and reported the fraud to my bank. Now I always use a VPN on public networks, especially at coffee shops, and I double check any email links by hovering over them first. Has anyone else gotten burned by a public wifi trap like this?

Had a guy on Reddit tear apart my password habits last month

He pointed out that I was reusing the same 12 character password across 5 different accounts, so I switched to a password manager and now none of my logins share a single password, has anyone else had that awkward moment where you realize how lazy you were with security?

My buddy told me a 12-character password was overkill until he got hit by a credential stuffing attack

I've been telling my friend Mike for years to use a proper password manager and set up 2-factor authentication. He kept saying 'nobody cares about my Steam account' and used 'football98' for everything. Last month someone got into his email, then his bank, then his PayPal. Cost him about $400 before he noticed. He finally listened after that. Has anyone else had that one friend who just refuses until something bad happens?

Surpassed 1,000 unique passwords in my manager last week

Everybody says reuse passwords and call it fine, but I hit 1,000 distinct logins across sites and devices and never had a breach. How many are you actually sitting on before you'd admit the advice might be overblown?

PSA: Hit 50 phishing attempts in one day last Tuesday and it shook me up

I run a small shop out of my garage, just me and one other guy, and last Tuesday we got hit with 50 phishing emails in a single day. That's more than I usually see in a whole month, and one of them actually looked like it came from our payment processor. I clicked on it by accident before I caught myself, and that moment of panic made me realize how fast these scams are evolving. Has anyone else seen a spike like that recently, or am I just unlucky?

Finally blocked a phishing test at work after failing 3 times

My company does these fake phishing email tests every month and I kept falling for them. Last week I finally spotted one that looked like a Slack message asking me to reset my password. The big clue was the sender address had an extra letter in the domain name. I reported it to IT within 2 minutes and got a nice note from my boss. It felt good to finally catch one after feeling stupid for so long. Does your workplace do these tests and have you gotten better at spotting them over time?

Serious question, has anyone else had a keylogger slip through on a work computer?

I was at the fire station last Tuesday, using the shared computer to order some new gear parts. I typed in my credit card number, and the site flagged it as a duplicate transaction from an hour before. I froze. I ran a full scan with the free version of Malwarebytes we have, and it came up clean. A buddy on shift who does some IT stuff on the side told me to check the running processes in Task Manager. We found a weird one called 'svchost_helper.exe' that looked off. We killed it, rebooted, and I changed every password I could think of from my personal phone. It was a real wake up call about shared machines. What other free tools do you guys use to catch stuff like that?

Just changed my mind about password managers after my cousin's account got hacked

I always thought keeping passwords in my head was safer than any app, even after my cousin in Austin had his Instagram taken over last month. He showed me how his password manager created a 20 character random one for that account, and the hackers couldn't get past it even though they got his email. I downloaded Bitwarden the next day and spent an hour putting in all my logins. Has anyone else switched from memory to a manager after something like that?

Saw a report that said 80% of cyber attacks start with a simple email trick

I was reading the Verizon Data Breach Report from this year (you know, the big one they put out) and it said a huge number of attacks begin with phishing. It made me think, we spend so much time on fancy firewalls but maybe the real weak spot is just someone clicking a bad link. Do you think training people to spot fake emails is more important than buying new security software?

My neighbor said he uses the same password for his bank and his streaming service

I was helping him set up his new smart TV in Portland last week, and he just said it out loud like it was no big deal. He uses his dog's name and his birthday for everything, even his online banking. I tried to explain that if one site gets hacked, they have the key to everything else. He just shrugged and said he'd never had a problem. How do you get through to people about this without sounding like you're lecturing them?

Heard a neighbor say 'my password is my dog's name plus 123' at the coffee shop

I was waiting in line yesterday and the guy in front of me was talking on his phone about his bank account. He said his password was his dog's name and the number 123. That's so easy to guess! It made me check all my own passwords. I spent an hour last night making them all longer and using a password manager. Has anyone else had a moment like that that made them finally upgrade their password game?

PSA: I saw a public library in Denver running Windows 7 on their catalog computers

I was at the main branch downtown last Tuesday and noticed all the public catalog stations still had the old Windows 7 desktop. On one hand, I get it, libraries have tight budgets and updating dozens of machines is a big cost. But on the other hand, that OS hasn't had security updates in years, which is a huge risk for public computers handling personal logins. It made me wonder if the risk of a data breach is worth the savings on hardware. Has anyone else seen outdated systems in public places that made you nervous?

My 'secure' password was in a breach and I didn't know for months

I got a weird email from a friend about a social media account I don't use, so I checked Have I Been Pwned on a whim. Found out a password I'd recycled for years was in a breach from 2022. The site that got hacked never even notified me. I'd been using that same password base for my streaming and shopping logins. How do you guys keep track of which passwords are compromised without checking every single site manually?

Spent $60 on a password manager and it just saved my bacon

I got a weird email last week from a site I barely use, saying my password was changed. I panicked, but my password manager (I use Bitwarden, for the record) showed me that login was unique and strong. Turns out, the site itself got hacked and was sending out fake alerts to cause more chaos. Because my password was different everywhere else, nothing else got touched. That $60 for the family plan last year just paid for itself about ten times over. Anyone have a good method for convincing family members who still use 'password123' for everything to finally make the switch?