c/cybersecurity-tips

I used to think my old passwords were fine until my Netflix account got hacked last week

Someone in Moscow logged into my account and changed the email, locking me out. I realized I'd been using the same password for years across a bunch of sites. I had to contact support and finally set up a password manager, which I should have done ages ago. Anyone have a good method for cleaning up old, reused passwords across a ton of accounts?

Warning: My cousin in Phoenix said 'I just use the same password for everything, it's easier' and I almost lost it.

We were at a family BBQ last weekend and he said that while logging into his bank app on his phone right in front of me.

My home network was a mess until I switched from a single password to a guest network

For years I just gave everyone my main Wi-Fi password when they visited, which meant like 20 random phones and laptops were on my network. Last week my smart lights started acting weird and I realized my nephew's friend was probably messing with stuff. I set up a separate guest network with a different password in about 10 minutes using my router's app. Now visitors get internet but can't see any of my other devices, and everything works perfectly again. Anyone else set up a guest network after a weird tech issue?

Back in 2008, my entire email got hijacked from a library computer in Tacoma. It taught me a hard lesson about public Wi-Fi.

Just realized how exposed my info was at a coffee shop in Denver

I was working there yesterday and saw a guy just glance at someone's laptop screen and then type something into his phone. Honestly, it made me think about how many people just leave their email or bank login visible in public. What's your go-to move to keep your screen private when you're out?

My neighbor said 'if you have nothing to hide, you don't need a VPN' and it got me thinking about privacy versus convenience.

I heard him say that while we were talking about internet bills last week, and it made me wonder if that attitude is why so many people skip basic security steps, or if he has a point about not overcomplicating things for normal users.

Talked to my sister who works at a clinic in Portland about their new patient portal.

She mentioned they had to do a full security audit because one employee clicked a phishing link in a training email. It made me realize how much a single click can cost a whole business, not just one computer. What's the best way to run a fake phishing test for a small team without freaking everyone out?

I paid $80 for a 'premium' password manager that just locked me out of my own accounts.

I started putting a piece of tape over my laptop camera and people act like I'm nuts

My bank account got hit with a weird $200 charge about six months ago, and my IT friend said a camera hack was possible. So I cut a tiny square of black electrical tape and stuck it over the webcam. It costs nothing and takes two seconds. Now my coworkers joke about it, but guess who hasn't had a single sketchy login alert since? I know it's a small thing, but it's a physical block that no software bug can get past. Has anyone else tried this simple fix, or do you think I'm just being paranoid?

My neighbor's router went from a default 'admin' login to a 16-character random password after his kid's laptop got a virus.

He saw a pop-up for a 'free game' on some sketchy site his son visited, and the whole home network got locked down for a weekend while they cleaned it up, which makes you wonder how many people are still just clicking on anything, right?

Overheard a guy at the coffee shop say he uses his dog's name plus '123' for all his passwords. That's a huge risk, right?

My friend told me to skip the password manager and just write them down

He said it was simpler and more secure than trusting an app. I tried it for about six months, keeping a small notebook in my desk. Last month, I had a pipe burst in my home office and the notebook got soaked, making half the logins unreadable. I spent over two days trying to recover access to my bank and work accounts. Now I use a proper password manager with a backup code printed and stored safely. Has anyone else had a physical backup plan fail on them?

Update: I used to think a strong password was enough, but my neighbor changed my mind.

I was talking to my neighbor, who works from home, and he said his company got hit by a phishing email that looked exactly like a real login page from their own IT team. He told me, 'The password didn't matter, I almost typed it right in.' That hit different because it was so simple and close to home. Now I see that a password manager and turning on two-factor auth are just as important as the password itself. Has anyone else had a close call with a really good fake login page?

TIL my friend's 'password123' approach is way worse than my password manager

He spent 45 minutes locked out of his email after a simple phishing test, while my manager auto-filled everything in seconds. What's the weirdest password fail you've seen a friend have?

Spent $40 on a Yubikey last year and it just stopped a login attempt from another country

Just realized I was setting up my home router wrong for years because I never changed the default admin password.

A friend casually asked for my router's login during a game night last year, and when I told him it was just 'admin' and 'password', he gave me a look that said everything.

Why does nobody talk about how bad the 'strong password' advice really is?

I was setting up a new account for my bank last week and their system forced me to create a password with a capital letter, a number, and a special character. I thought that was the right way, but then I read a report from a security group in Austin. They said those rules actually make people create predictable, easy-to-crack passwords like 'Password1!'. The real tip is to use a long, random phrase you can remember. Has anyone else switched to using passphrases instead?

I finally stopped telling people to use a password manager after my cousin got locked out of his whole digital life in Austin.

He lost his master password and the recovery key, so now I suggest writing unique passwords on paper and keeping them in a safe place instead, which seems crazy but actually works.

My buddy told me to skip the password manager and just use a notebook

Honestly, he said writing them down in a physical book was safer from hackers, so I tried it for about six months. Ngl, I lost the notebook during a move and got locked out of my main email for a week. Has anyone else had a friend give them security advice that totally backfired?

I finally switched from a free VPN to a paid one and the difference is insane

Honestly, I was using a popular free VPN for about a year, thinking it was fine. Last week, I read their privacy policy and saw they log your connection data and sell it. I switched to a paid service, ProtonVPN, for $5 a month. The speed is way better and I actually trust their no-logs claim. Has anyone else made a similar switch and noticed other benefits?

A friend called my password strategy 'lazy' and honestly, they were right

I used the same base word with different numbers for everything, like 'summer2024' for my email and 'summer2023' for my bank. My friend, who works in IT, saw me type it and said 'That's just asking for trouble, man.' I switched to a password manager last week and let it create random 16-character strings for each site. Has anyone else had a hard time trusting a program with all their logins at first?

My home server got hit with a weird login attempt from a city I've never been to

I was checking my logs yesterday and saw a failed SSH login from an IP in Jakarta, which is wild because I live in Ohio. I had a weak password on a test account I forgot about, so I changed it and set up fail2ban right away. Has anyone else had something like this happen, and what did you do next?

Finally got my mom to stop clicking every email link by setting up a simple rule on her phone

I told her for a year to be careful, but after a fake invoice almost got her, I configured a filter in her email app to flag anything with 'invoice' from unknown senders. Anyone have a better way to handle this for someone who isn't tech-savvy?

Vent: My friend's 'secure' password was just the word 'password' with a 1 at the end. He argued it was fine because it had a number.

Spent $40 on a Yubikey and it actually stopped a login attempt

I got one after my friend's account got taken over, figured it was just extra work. Last month, I got an alert for a login from a city I've never been to, but the Yubikey blocked it because they didn't have the physical key. It's annoying to plug in every time, but that one alert made it worth it. Anyone else have a close call that made you finally use hardware keys?