!!Passwords!!

[tim_w]

I recommend the open source password manager app KeePass it has a open source authenticator included in the password manager same as google auth. It allows for very long high entropy passwords and can automate a large portion of the login process. Any password manager with a master pasword recovery feature means you are not the only one that can open your database of accounts & passwords. Always make a backup copy of your password manager database file on regular basis. KeePass can make a schedule to do this as can other apps. You will need tombe willing to spend a bit of time to use any manager outside the built in ones in your browser apps to use them effectively and efficiently.

Just remember security and anominity are not the same thing and can be mutually exclusive. But both can be deep dark bottomless holes.

For most its enough to simply insure you are not the low hanging fruit.

Strong unique passwords for each account with 2FA is a minimum threshold.

 

[Muddyboots]

For most its enough to simply insure you are not the low hanging fruit.

This is by far the best advice for everyone. Its no different than having security and lighting at your house so bad guys move on to next easy button.

 

[Philward]

I would change it and use two factor authentication

Under the password and security tab

View attachment 600088

What app? Text message? The options are ; a FIDO U2F device(need to look that up), generated by an app on your phone(not generated since a code is sent to you in a text message), and email (which is not recommended).

I use 2 step for many things but they have never been worded as either of the first 2 options. It's either call, text, or email.

 

[Akredneck]

Thanks for heads up.

 

[Darryle]

What app? Text message? The options are ; a FIDO U2F device(need to look that up), generated by an app on your phone(not generated since a code is sent to you in a text message), and email (which is not recommended).

I use 2 step for many things but they have never been worded as either of the first 2 options. It's either call, text, or email.

Google Authenticator

Privacy Hawk is a great service to look for vulnerabilities on the web, comprised passwords, emails, your private information, it will find it

 

[tim_w]

Just so people not as in the know of IT security what exactly Google Authtenticator is and does. First it is basically doing what the code you get on your phone to enter for a login is doing. In fact it is taking the output of that programnand txt it to your phone. The act of sending to your phone is convenient from both admin and client perspective but it actually increasing the threat or attack vectors hackers have to target.

With the authenticator app local on your phone or laptop desktop. It has a long key much as an encryption key spevific to your account which us provided by the site you are logining into. You save that master key in the authenticator app. Via C&P or QR code etc. It then uses that code to generate a one time passcode that also has a time component. You enter that code on tge site it is used to verify tye natch to the master key and ensure its within the time period and your login goes thru. The time component prevents attacks thru replay attacks using past codes etc. Theses apps will also generate usually 10 static codes. These are emergency backup one time use codes. You are somewhere on some other phone computer no access to your auth app. You can use one of these codes. Obviously you nedd to keepnthese codes safe.

This stuff can seem a bit overwhelming but in use its quite simple. Open the app and you get a code c&p it done. Setting up the account is name it c&p the master key save. Done. If your not tech savy as many getting a bit long in the tooth maybe ask your children or grandchildern to help ya out.