Identity breach

Band7

lr1277 said:

If there is no one at 'home' to keep a copy, what are people supposed to do. Keep a copy in their suitcas I think was the suggestion.

This might have been good advice in pre-Internet times. Nowadays, it’s very easy to keep vital data securely online

lr1277

Band7 said:

lr1277 said:

If there is no one at 'home' to keep a copy, what are people supposed to do. Keep a copy in their suitcas I think was the suggestion.

This might have been good advice in pre-Internet times. Nowadays, it’s very easy to keep vital data securely online

Not entirely. I am sure you are aware of the lastpass data breach in December. You may feel at ease with the breach, but it does make me somewhat uncomfortable.

Details here:

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Eyeful

EmsyB12: 

1. If you must carry sensitive information around with you it should be in encrypted form. A good password manager will help with this.
    There are a number of good password managers around. Just do your research with due diligence, on the internet and Youtube. 

2. If you google "Lastpass data breach" you will find they have been attacked a number of times.
I suggest "Bitwarden"--(which is free) or " 1Password"--(paid for), both password managers are highly thought of. 

https://bitwarden.com/
https://1password.com/

Zanderman

Eyeful said:

EmsyB12: 

1. If you must carry sensitive information around with you it should be in encrypted form. A good password manager will help with this.
    There are a number of good password managers around. Just do your research with due diligence, on the internet and Youtube. 

2. If you google "Lastpass data breach" you will find they have been attacked a number of times.
I suggest "Bitwarden"--(which is free) or " 1Password"--(paid for), both password managers are highly thought of. 

https://bitwarden.com/
https://1password.com/

Alternatively written info (on paper) coded in a way only you know, without any labelling suggesting it's banking data, would probably suffice most of the time, and it doesn't need any online access, phone signal or battery. Doesn't even need to be complete, just clues that only you will understand.

But the bottom line is don't carry any info like that unnecessarily.

Going back on-topic (the OP wasn't actually asking how to avoid this, they were asking what to do now)  the advice from Band7 about CIFAS Protective Registration is good, as is their idea of opening a completely new account that cannot be affected by this.

Eyeful

But if you do have a smart phone or online access, you only need just the one reasonable long password or pass phrase (say 20 digits) to access all the information mentioned by the OP. 

Example:- Mary had a little red lamb =  21 digits long 

Band7

lr1277 said:

Band7 said:

lr1277 said:

If there is no one at 'home' to keep a copy, what are people supposed to do. Keep a copy in their suitcas I think was the suggestion.

This might have been good advice in pre-Internet times. Nowadays, it’s very easy to keep vital data securely online

Not entirely. I am sure you are aware of the lastpass data breach in December. You may feel at ease with the breach, but it does make me somewhat uncomfortable.

Details here:

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

As a satisfied Lastpass user for over a decade, I am a lot less worried about hackers getting a view of my encrypted data than about even the idea of putting my details in cleartext into a suitcase that I might never see again

[Deleted User]

Band7 said:

lr1277 said:

Band7 said:

lr1277 said:

If there is no one at 'home' to keep a copy, what are people supposed to do. Keep a copy in their suitcas I think was the suggestion.

This might have been good advice in pre-Internet times. Nowadays, it’s very easy to keep vital data securely online

Not entirely. I am sure you are aware of the lastpass data breach in December. You may feel at ease with the breach, but it does make me somewhat uncomfortable.

Details here:

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

As a satisfied Lastpass user for over a decade, I am a lot less worried about hackers getting a view of my encrypted data than about even the idea of putting my details in cleartext into a suitcase that I might never see again

I use them but would not personally put important logins in a password manager plus ensure I have 2FA switched on. 

nyermen

Lastpass had two design points that within security circles weren't great - firstly, they didn't encrypt all data (such as URL's incredibly) plus the encryption key was based on the password only

Some others (I happen to use 1password but I wont make any recommendations) encrypt the whole vault, and some also use a uniquely generated code as part of the encryption.  The code is then used to activate new devices (plus it must be saved somewhere in case of device failure) and isn't worth much if someone hacks you personally (as they can likely retrieve it from the device), but if there's a mass breach from the company (eg. the lastpass breach), then it would make them a lot harder to crack without hacking every corresponding device.

The issue with just password is that most people when asked to give a password, tend to use patterns which hackers could start with.  Not just "LetMe1n99" but the first letter of common phrases.  Coupled with unencrypted url's from lastpass, they would also know which vaults to focus on - ie. those with the most valuable login details).

For what its worth, i'm not aware there has been a mass cracking of the lastpass vaults, if any at all, yet at least.

Regards the luggage - hope it will turn up.  Very unlikely its theft, all those cameras etc, and the possibility of tracking the thief as they would be a passenger.

Band7

lr1277 said:

If there is no one at 'home' to keep a copy, what are people supposed to do. Keep a copy in their suitcas I think was the suggestion.

The thing people should consider carrying in their suitcase is a tracker tag, such as an AirTag or similar. But never a list of their passwords and other sensitive personal information.

p00hsticks

Costabit said:

I worked in lost and found baggage for over 20 years and can say that almost everyday I had to deal with a bag swap as you are describing.
It usually involved a passenger mistakenly taking the wrong bag and leaving their identical bag on the carousel. They then realise the mistake when they can’t open the combination at home and usually frantically return the wrong bag as they want their own one back.

But if that happens it should be fairly obvious from the fact that there will be a near-identical bag left unclaimed on the carousel, which doesn't seem like it's happened here...