F
12
c/cybersecurity-tipsmurray.coramurray.cora1mo ago

Spent 2 years using "Password123" for my bank because I thought two-factor meant two letters

Realized my mistake when the bank called me at work in Omaha to ask if I was trying to log in from Russia. The lady on the phone said "sir your password is on a list of the top 10 worst passwords of all time." I told her I thought the two-factor thing was the password and the SMS code. She was quiet for like 5 seconds. Has anyone else mixed up basic security terms and only found out from a fraud alert?
3 comments

Log in to join the discussion

Log In
3 Comments
jamie_webb67
jamie_webb671mo agoMost Upvoted
So you thought the same way I did about passwords before? Man, I was exactly like that. I used "Summer2020" for everything because I figured the numbers made it bulletproof. Then my friend who works in IT showed me a list of the most hacked passwords online. My jaw dropped when I saw mine near the top. Now I use a password manager with random gibberish for each site. Changed my whole way of thinking about what "secure" actually means.
6
emmam89
emmam891mo ago
Wait, they actually called you at work? That's wild... I'm just picturing you sitting there at your desk in Omaha and getting a call from your bank about Russia. The silence from the lady for five seconds must have been so awkward, like she was processing the fact that you thought two letters made it secure. I had a similar thing happen with my email password once, I thought "password" with a capital P was enough to fool anyone.
3
the_susan
the_susan1mo ago
Oh man, that silence must have been deafening! I actually just read an article about how banks are getting super aggressive with fraud detection now, like they track login locations and stuff. Apparently a lot of the fraud starts from places like Russia or Nigeria, so when their system flagged your login from there it probably triggered some serious red flags. The lady on the phone must have been internally screaming, like "this poor guy thinks two letters are a fortress." I heard something similar about passwords too, how people still use "password123" or "qwerty" thinking that's clever. It's kind of funny but also scary how naive we can be about this stuff.
0