c/cybersecurity-tips

The Tuesday my entire team got locked out because of a simple password reset link

A guy at a coffee shop in Austin showed me why my password was a joke

Honestly, last month I was working at a cafe and this guy next to me just leaned over and said, 'Dude, I can see your password from here, it's just your kid's name and 123.' He was right, it was my daughter Lily and the year she was born. He didn't mean to be rude, he just said he works in IT and sees it all the time. He told me to try a passphrase instead, like three random words with a number. I switched to something like 'correcthorsebatterystaple99' and it feels way safer. Has anyone else had a stranger give them a security wake-up call like that?

Serious question, has anyone else had their smart home turn against them?

I was working from my apartment in Denver last Tuesday when my smart lights started flashing on and off. Then my thermostat shot up to 90 degrees. I checked my router logs and saw over 200 login attempts from an IP in a country I've never visited. I had to pull the plug on everything, factory reset my router, and set up a separate guest network just for my smart devices. It took me about three hours to get everything secure again. What's the best way to lock down a smart home setup without making it a pain to use?

My home server got hit with a ransomware note on Tuesday morning

I woke up to a text file on my desktop saying all my family photos were locked. I checked and my backup drive was still plugged in but the sync hadn't run in three days. I unplugged the network cable right away and started checking logs. Has anyone else had to deal with this and what was your first step after disconnecting?

Showerthought: my password system was a joke until my friend's Instagram got hacked

I used to just add a '1' to the end of the same basic password for everything, but my friend in Austin had her account taken over last month after a data leak. Now I use a password manager and make a unique, long password for every single site. Does anyone else think password managers are overkill, or are they the only real way to go now?

My home network got hit with a weird attack last Thursday, and my old password habits were the weak link.

Hot take: People still think a strong password is enough

I keep seeing friends and even some clients at my small IT job in Denver just make a long, complex password and call it a day. The problem is they use that same password everywhere, so if one site gets hacked, they're all hacked. I saw it happen last week when a client's email got taken over because they used the same password on a gaming forum that had a breach. What's a better habit you've seen people actually stick with for keeping accounts separate?

Overheard a guy at the coffee shop say 'my password is just my dog's name and 123', and honestly, we're doomed.

I thought my password was strong until my friend's Instagram got hacked

My friend in Chicago texted me last week asking if I'd sent her weird DMs, and I hadn't. Her account was taken over. We figured out she used a simple password like 'Summer2024!' across a few sites, and one of them had a data breach. I realized I was doing the same thing, just adding a number and symbol to an old word. What's a better way to make unique passwords for everything without needing a notebook?

Pro tip: I used to think one password for everything was fine... until my old email got popped last year.

Now I use a password manager and make a new, long password for every single site. It took my bank flagging a weird login from Florida to finally make me change. Anyone else have a story about what finally got them to lock things down?

Serious question, why do coffee shops still have open wifi with no guest network?

I was at a cafe in Chicago last week and saw a guy on his laptop, logged into the same open network everyone uses. He was checking his bank account. That's just asking for trouble on a public connection. The shop should at least set up a separate guest wifi to keep customer traffic apart. Has anyone seen a place that actually does this right?

I chose a password manager over writing them down in a notebook

Everyone in my office swears by the notebook method, but I started using Bitwarden last year after my sister's account got hacked. It's just faster and I don't have to worry about losing the book. Does anyone actually feel safer with a physical list?

Vent: The coffee shop Wi-Fi in Denver was asking for way too much info

I stopped at a place called The Grind on 16th Street last week and tried to connect to their guest network. The login page wanted my full name, email, and phone number just to get online. I gave a fake name and a burner email, but it still felt wrong. Has anyone else run into public Wi-Fi that asks for personal details like this?

My friend said he doesn't bother with a password on his home wifi

We were at his place in Denver and I asked for the wifi password. He just shrugged and said, 'It's open, man, easier for guests.' I told him that's basically putting a welcome sign out for anyone driving by to snoop on his network traffic. He argued that with WPA2, it's a hassle and nothing bad has happened in two years. I still think an open network is a huge, unnecessary risk, even in a quiet neighborhood. How do you convince someone that basic security isn't just an inconvenience?

My friend in Seattle still uses the same password for everything

We were at his place last week and he logged into his email right in front of me. I saw him type 'Seahawks2014' and asked if that was his only password. He said, 'Yeah, it's easy to remember.' I tried to explain how risky that is, but he just shrugged. How do you convince someone who doesn't think they're a target?

My home security camera got hacked last month and I found out the hard way

I was just sitting on my couch when I heard a voice come from the camera in my living room. It was some guy just talking nonsense, trying to scare me. I felt my stomach drop. I had bought that camera two years ago because it was cheap and had good reviews, but I never changed the default password it came with. I just plugged it in and forgot about it. I unplugged it right away and spent the next three hours resetting every smart device in my house. It turns out the camera was on a list of known weak devices that bots scan for. Has anyone else had a smart device get taken over, and what did you do to lock things down after?

Showerthought: I used to think paying for a password manager was dumb

Then I spent $40 a year on one and it caught a reused password on a site that got hacked last week. Anyone have a cheaper alternative they like?

I spent $200 on a 'premium' password manager that was worse than the free one

Everyone says you need a paid password manager for real security, so I bought a year of a fancy one last fall. It cost me $200 and the interface was so slow it added 10 seconds to every login. The auto-fill broke on half my banking sites, and their support took 3 days to reply with a generic help article. I went back to my old free manager after 4 months and my life got easier. Has anyone else found that paying more for security tools doesn't always mean better?

I set up a new firewall rule at work and it blocked our own email server

I was trying to tighten up our office network in Chicago by adding a rule to block all traffic from a specific country code. Turns out our email server routes through a data center there, so nobody got any external messages for half a day. I learned to always check where your own services are hosted before you block a whole region. Has anyone else had a rule backfire because they didn't map their own traffic first?

Appreciation post: My home network was way safer after I switched from a default router password to a full passphrase

For the longest time, I just used the admin password sticker on my router. Last month, a friend who does IT told me to change it to a random 4-word phrase like 'correct-horse-battery-staple'. I did, and the next week my ISP flagged a brute force attack that the old password would have failed against in minutes. The passphrase stopped it cold. Has anyone else seen a real difference after making a switch like this?

Rant: I just read a report that 60% of small businesses that get hit with ransomware go under within six months.

Found that stat in a PDF from the local chamber of commerce's cybersecurity webinar, and it makes me wonder how many shops around here are just one bad click away from closing for good.

Can we talk about the time my neighbor's smart fridge got hacked?

It happened in my building in Chicago about two months ago. Someone got into their Wi-Fi through the fridge and sent weird messages from their other devices. It made me realize how important it is to put smart home gadgets on a separate guest network. Has anyone else set up a separate network for their smart stuff?

My uncle insisted on a password manager for years and I finally gave in

He kept saying my old method of using a base word with variations was weak. Last month, a site I signed up for in 2021 got breached and my reused password got out. I got alerts for login attempts on three other accounts within a day. Setting up the manager was annoying, but it definitely stopped the domino effect. Anyone else have a stubborn habit they had to break for security?

I found out my 'strong' password was in a data breach from 2022 because I used it on a fishing forum.

Question about using a password manager for my whole family

I set up a shared vault for my wife and kids last month, thinking it would make things easier. The weird thing was, my son's old video game account got hacked anyway, even with a strong password from the manager. Turns out he had used that same password on a fan forum years ago, and that site had a data breach. I learned that a manager is only as good as the passwords you put in it... you still have to check for old leaks. Has anyone else had a strong password fail because of an old account they forgot about?