Jump to content

Who do you trust?


Recommended Posts

My brain hurts. 

The day started with me reading documentation from my health insurance about changes in policy for 2022.  Then I was playing with my phone's settings and saw this "Link your phone to your PC"  in the helpful hints section.  This lead me to some microsoft website since my PC uses Windows. I then was asked to sign in and I got a pop up on my phone to see the authenticator ap gave me a choice of some numbers to prove I was me.  I chose the correct number to match me up and it failed and gave me a GIGO message "...from identity provider 'live.com' does not exist in tenant 'Microsoft' and cannot access the application... (RedirectionUxProd) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account." and then to add insult to injury it wanted me to answer a short survey and would I recommend authenticator.

This reminded me of the time last week when I was trying to access my social security account info online and they wanted pictures of my first born (front and back).  I gave up that day and I'm still getting emails reminding me to complete the my ID process.

I've also recently had to go through the nightmare of losing my phone and playing find my phone with Google.  Found the phone but  had some trouble unlocking google again once I found it.

I've not even dared to read the MULTI FACTOR AUTHENTICATION !!  I peaked at it and shuddered.

I'm getting too old for this. My short term memory is not as good as it used to be and remembering all my passwords is a nightmare.  Seems like everyone wants to jump in there and remember them for you.  How do you decide between the myriad of entities who are clamoring to meet your security needs? 

 

 

 

Edited by kali Wylder
wrong their there
  • Like 4
  • Thanks 1
  • Sad 1
Link to comment
Share on other sites

28 minutes ago, kali Wylder said:

How do you decide between the myriad of entities who are clamoring to meet your security needs? 

That's a good question - and I don't really have a solid answer.

I hate Microsoft for any security stuff because, since they dominate the desktop market, they are the target of most hacks and that makes me jittery. Also, every time they upgrade their OS, they make it harder and harder for me to see 'under the covers' so to speak and to actually control my computer - and that just pisses me off.  I do still use a Windows computer because I'm too freakin old to learn a new OS (mac) and some of the software that I use only has a windows version (yeah, the stuff is really old).  To this day, I still only use their Edge browser when I can't get a website to work on either Firefox or Chrome.

I hate Google mostly because they seem to dominate too much of the online world.  They'll do anything to get more data about people and use it in various ways to make them more money.  For a long time, I avoided using Chrome - until Firefox started getting really bad about performance and many of the plugins weren't working correctly.

For many years I used Mozilla Firefox exclusively for my browser and used their internal password Manager - but only on the computer because I had (and still do to some degree) a big distrust of security for any 'cloud' based product.  Ultimately, I needed my passwords available on multiple computers and I wasn't too sure about trusting Firefox for that - or who to really trust in the "cloud" world.  I ended up asking a good friend that works in security and he recommended LastPass to me.  I trusted him and so that is the product I use to (hopefully) protect all of my passwords (around 600, the last time I checked).  When I needed to add an authenticator app to my phone for a work website, since I had already been using LastPass for a while and was happy with  the product, I chose the LastPass authenticator.  Assuming LastPass is telling the truth, they have had only one security incident, back in 2015, and none of their encrypted data was compromised in that event.

At work, almost all of our teams use KeePass to store various passwords for systems/applications/databases that need to be shared with the team.

 

Side note about my fear of the 'cloud' - I still avoid many cloud items.  The only things in my home connected to the internet are the computers, the phones, and the TV.  I don't have an Alexa or anyone else's version of such.  My take on it is basically 'if it is on/connect to the internet, it is vulnerable and likely to be hacked at some point'.

 

Edited by LittleMe Jewell
  • Thanks 3
Link to comment
Share on other sites

1 hour ago, LittleMe Jewell said:

For many years I used Mozilla Firefox exclusively for my browser and used their internal password Manager - but only on the computer because I had (and still do to some degree) a big distrust of security for any 'cloud' based product.  Ultimately, I needed my passwords available on multiple computers and I wasn't too sure about trusting Firefox for that - or who to really trust in the "cloud" world.  I ended up asking a good friend that works in security and he recommended LastPass to me.  I trusted him and so that is the product I use to (hopefully) protect all of my passwords (around 600, the last time I checked).  When I needed to add an authenticator app to my phone for a work website, since I had already been using LastPass for a while and was happy with  the product, I chose the LastPass authenticator.  Assuming LastPass is telling the truth, they have had only one security incident, back in 2015, and none of their encrypted data was compromised in that event...

 

 

Thanks! I will look up LastPass and see if it might fit my needs.

Like you, I dis-trust the big names like Microsoft and Google but am stuck with them.  And I still use Firefox as my main browser most of the time.  I had Firefox's Lockwise password manager on my phone but removed it because half the time it was jumping in and trying to put in passwords for me in the wrong place and got too annoying.  For many years I also used Abine's Blur for passwords and to generate single use email addresses  but that product is also annoying these days as it jumps in whenever there is a prompt.

  • Like 1
Link to comment
Share on other sites

Marina Hyde.

That said.. logging in on FF right now I saw a flash of what all I can say was - file structure from root. With the graphic of root + subs and exposed oh my best not to say. Like a badly configured (insert filesys and db an oh my LAMP but probably WAMP access manager broken by middle management). Trust the Lab. Never trust middle management esp in tech

So, outside of personal, Marina Hyde (gruan)

Link to comment
Share on other sites

Did you know that Windows has peer to peer network sharing turned on by default? That means when someone in your area is downloading a Microsoft update, your computer might be uploading it’s data to that other computer?  I turned that “feature” off.

  • Like 1
Link to comment
Share on other sites

2 hours ago, Bree Giffen said:

Did you know that Windows has peer to peer network sharing turned on by default? That means when someone in your area is downloading a Microsoft update, your computer might be uploading it’s data to that other computer?  I turned that “feature” off.

*Windows 10 and up

Link to comment
Share on other sites

1 hour ago, Bree Giffen said:

Did you know that Windows has peer to peer network sharing turned on by default? That means when someone in your area is downloading a Microsoft update, your computer might be uploading it’s data to that other computer?  I turned that “feature” off.

Oh really?  How does one turn it off?

Link to comment
Share on other sites

51 minutes ago, kali Wylder said:

Oh really?  How does one turn it off?

Windows / Settings (the gear when you click the windows icon in the lower right) - then click Update & Security, Advanced Options, then Delivery Optimization (near the bottom) - then turn off 'Allow downloads from other PCs'.

  • Like 2
  • Thanks 5
Link to comment
Share on other sites

6 hours ago, kali Wylder said:

This reminded me of the time last week when I was trying to access my social security account info online and they wanted pictures of my first born (front and back).

:S That sounds really dodgy! 

I normally use the same word, which is an obscure place in the world, with a deliberate typo, and then a 2 or 3 number combination. So then if I forget which PW's for which site, I just play around with the numbers. And I have my crypto keys written in pencil in books xD

@LittleMe Jewell I also try to avoid the cloud! My nan reported problems with her Alexa and then somebody called her out of the blue, offering to help on Amazon's behalf...and she got viruses put on her PC 😡 It all got resolved, but it's scary how easy it is for people to do it...

 

  • Like 1
Link to comment
Share on other sites

7 hours ago, kali Wylder said:

This reminded me of the time last week when I was trying to access my social security account info online and they wanted pictures of my first born (front and back).  I gave up that day and I'm still getting emails reminding me to complete the my ID process.

 

This sounds far fetched. Are you talking about the  United States Social Security account online? I've never had to show a picture of my first born let alone the front and back of the picture to get into my account.  Besides the back of the picture would mostly like be blank.  How would they even verify that? It's not like they have pictures of everyone's children on file for verification. LOL. Did they want a baby picture or a grown up picture or what?

All you do is answer security questions and they confirm the information via your credit report. Even when signing up initially. I've forgotten my password and simply did a password reset. Granted the requirements are very strict as to what they allow for a password. 

I hope this was said as a joke because it's simply not true.

Edited by Sam1 Bellisserian
Link to comment
Share on other sites

8 hours ago, Sam1 Bellisserian said:

This sounds far fetched. Are you talking about the  United States Social Security account online? I've never had to show a picture of my first born let alone the front and back of the picture to get into my account.  Besides the back of the picture would mostly like be blank.  How would they even verify that? It's not like they have pictures of everyone's children on file for verification. LOL. Did they want a baby picture or a grown up picture or what?

All you do is answer security questions and they confirm the information via your credit report. Even when signing up initially. I've forgotten my password and simply did a password reset. Granted the requirements are very strict as to what they allow for a password. 

I hope this was said as a joke because it's simply not true.

I was exaggerating.  They did want me to upload pictures of my ID though.

Link to comment
Share on other sites

13 hours ago, Bree Giffen said:

Did you know that Windows has peer to peer network sharing turned on by default? That means when someone in your area is downloading a Microsoft update, your computer might be uploading it’s data to that other computer?  I turned that “feature” off.

I just don't remember very well these days.  I went to check that per @LittleMe Jewell 's instructions and found to my relief that I had already turned that little feature off. Can't recall doing that but I'm so relieved to see that I did.

Edited by kali Wylder
Link to comment
Share on other sites

12 hours ago, LittleMe Jewell said:

Windows / Settings (the gear when you click the windows icon in the lower right) - then click Update & Security, Advanced Options, then Delivery Optimization (near the bottom) - then turn off 'Allow downloads from other PCs'.

The directory was slightly different for me, with the Advanced Options beneath Delivery Optimization, but otherwise fine.  What bothered me was the Windows comment that "We noticed that you regularly use your device between ‏‎07:00 and ‏‎23:00".  Oh dear.  I do have a life, you know, really.

As for the topic - I have a little list of passwords.  Never been hacked so far, but then I don't allow anyone to see me typing them, nor do I look at iffy things.  I use Kaspersky, and sometimes consider using their password security feature but I prefer my list.

Edited by Garnet Psaltery
More info.
Link to comment
Share on other sites

I read all the articles about "how to secure your privacy online". I nod my head and say, "yes, we sure ought to do that. Those Tech Giants are messin' with our lives." And then I go right on using a web-based password manager, controlling my home by voice with Amazon Alexa (even my refrigerator is connected to the wi-fi), accepting cookies, and navigating with Google Maps...simply because it is so darned convenient.

I did delete my Facebook account a while back, for several reasons (including, but not mainly, privacy), and I use a VPN. But mostly, my life belongs to Bill Gates, Jeff Bezos, and Sundar Pichai. Not to mention the IRS.

It's not so bad. In fact, I welcome our new overlords.

  • Like 2
Link to comment
Share on other sites

I don't consider myself overly paranoid about security, but I do store different strong 12-character passwords in LastPass for accounts that I access on the Internet, and I change them regularly.  I don't use social media and don't have anything in the house connected to the Internet except my computer. 

  • Like 1
Link to comment
Share on other sites

Samsung had been emailing me about making sure I get my data taken care of before they cancel certain features that they won't be supporting anymore..

I went to check what data I would need to grab..

I come to find out , I didn't have any data that I needed to grab, because I pretty much just use my phone  as a phone.. hehehe

They were telling me to start using some microsoft cloud thing.. I was like, well I haven't needed them this far, So I more than likely won't need whatever it is that microsoft has..

I don't really ever cloud at all..

I don't twitter or instagram or face book or anything like them and also I use DuckDuckGo.. I just never really felt the need to get all social network or live for likes and stuff like that..

I don't trust any of them things and didn't feel too good about them when they first came around..

Just really glad I never made any accounts with any of them..:)

  • Like 2
Link to comment
Share on other sites

I use Apple's iCloud Keychain to store all my usernames and passwords and have 2FA enabled wherever possible. Codes sent to my iPhone automatically populate the 2FA window on whatever device I'm using to log in. It's hard to pass up that convenience. For those few services that aren't Keychain compatible, I store obfuscated username/password information in iCloud Notes. All my devices are password protected and have "Find My" enabled. Last year, my iPad was stolen. I tracked it all around Milwaukee before it settled down. I called the police and provided the address to retrieve it. Several hours later, I was informed that it had been recovered, but was given no additional information.

Like @Lindal Kidd, much of my home is internet connected, and Siri controllable, allowing her to be a constant source of amusement and aggravation. I've been online since I was a teen and have yet to be hacked, though I did lose data to virus-protection software, twice.

If I'm running on borrowed time, the interest rate I'm being charged is too low to bother me.

  • Like 3
Link to comment
Share on other sites

1 hour ago, Lindal Kidd said:

I read all the articles about "how to secure your privacy online". I nod my head and say, "yes, we sure ought to do that. Those Tech Giants are messin' with our lives." And then I go right on using a web-based password manager, controlling my home by voice with Amazon Alexa (even my refrigerator is connected to the wi-fi), accepting cookies, and navigating with Google Maps...simply because it is so darned convenient.

I did delete my Facebook account a while back, for several reasons (including, but not mainly, privacy), and I use a VPN. But mostly, my life belongs to Bill Gates, Jeff Bezos, and Sundar Pichai. Not to mention the IRS.

It's not so bad. In fact, I welcome our new overlords.

I wanted to laugh and thank you and like your post so I thought I'd just reply.  Yeah, Those are my overlords too.  I deleted my real life FB account many years ago but still have one as Kali Wylder.  I'm pretty careful to keep my real life details off but some of my real life friends are Kali's friends too because they know me. I don't friend anyone I don't actually know.

I respect most of the regular posters here in the forums as fairly trustworthy.  Many of you are far more tech savvy than I am and I like that about you.

  • Like 2
Link to comment
Share on other sites

I store most of my passwords locally, the downside of that is if my computer were to ever die I would lose all of my passwords... but - they are recoverable.  I could go through the process of backing them up, but I am lazy.  I use 2FA whenever it is available, as an added security measure.  I don't have that many accounts, if a site requires me to make an account I usually just move on to another site that doesn't.  

In general I don't like storing data on other people's servers.  I know it is the wave of the future, and it is convenient, but I like having all of my applications, games, etc, stored locally where I can access them without an internet connection.  I like making mods to games, I like taking a peek at how applications work, and I just like owning things myself.  The cloud takes a lot of that fun away, and often requires payment.  Second life is the exception, but even then I like to have my own regions stored on a networked computer via OS that I can access when the Internet goes out, or if SL ever goes under.

Link to comment
Share on other sites

4 hours ago, Ceka Cianci said:

I write all my passwords down on an actual note pad.. I don't keep them anywhere else.

I always use 7 zeros.
Of course I tell nobody in what order I put them.
That is my well kept secret.

  • Haha 5
Link to comment
Share on other sites

More seriously:
I trust

LL (more than 14 years and counting, without any problems, so why not)
Microsoft (as long as they don't call unsolicited from a sweatshop in India 😆)
My bank software
McAfee (I was once slightly in troubles with my PC, they fixed it perfectly within half an hour without extra charges)
Most of the Dutch news sites and several international news sites as well.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...