We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Have you been hacked?
Options
Comments
-
Lots of good answers already.
Would also add, think about limiting the damage that would be caused if you were hacked. For example, don't store payment card details on retailer websites. Never use a retailer website that doesn't have a physical address to contact.
The device accessing the internet is most likely to be affected by hacking so keep as little as possible stored on that device's hard drive and move everything else to external drive/usb stick/cloud storage making sure they are not continuously plugged into the device.
Plus regularly shutting down the device, don't keep it continuously running or connected to the internet.1 -
Another thing is to only use devices with an operating system which is being actively updated with security patches and make sure your are applying them.
So no Windows XP or unsupported phones (which can be as new as 2 years old with some Andriod based manufacturers).2 -
I'm looking forward to passkeys being used more, as they are phish resistant and unique to every site without having to generate complex passwords, and have a locality about them (e.g. you need to be near for bluetooth mobile to reach the browser, or your own computer for built-in T2 chips the OS provides the browser)
Browser integrated password managers also have some phish resistance. They wont usually warn you if you manually enter login details to a phishing website, but the default way to use them is to let them fill in the form for you, which they'll only do if on the domain that was saved with the password entries.
Of course banks will still just go with their banking apps for desktop login, which if just push authentication or codes is still subject to remote push-based attacks or social engineering asking for codes. (though talking about quite a bit more sophisticated attacks fewer people would encounter)1 -
To answer the OP question:
No, I haven't had personal data or internet banking hacked to my knowledge.
All my personal data is on external hard drives or SSD or USB which are only plugged into a device when using the contents and are virus scanned automatically when plugged in.
I have had a small amount of credit card fraud, which has always been detected by the bank's systems, some of which may have been from online shopping.
I would think that hacking incidents are more common than may appear to us as individuals because a lot of people who are victim to it feel too embarrassed to admit it to their friends.2 -
I know people who have been potentially phished, but due to finding out about it early I've mentioned or they've realised and they've reset their passwords soon after entering their login.
1 -
Yes, passkeys will be good. They need to ensure they work seamlessly across operating systems to be really useful though.AndyTh_2 said:I'm looking forward to passkeys being used more, as they are phish resistant and unique to every site without having to generate complex passwords, and have a locality about them (e.g. you need to be near for bluetooth mobile to reach the browser, or your own computer for built-in T2 chips the OS provides the browser)0 -
Yes, I've only heard 1Password considering syncing them across devices so far (but not looked much further). In other cases where not sync-able, it'd just be a matter of supporting registering multiple passkeys to an account.400ixl said:
Yes, passkeys will be good. They need to ensure they work seamlessly across operating systems to be really useful though.AndyTh_2 said:I'm looking forward to passkeys being used more, as they are phish resistant and unique to every site without having to generate complex passwords, and have a locality about them (e.g. you need to be near for bluetooth mobile to reach the browser, or your own computer for built-in T2 chips the OS provides the browser)
Though bluetooth passkeys from mobiles at least decouples it from the desktop that's authenticating where no password manager is needed (if the website removes the password requirement).0 -
... Hi OP ... @RG2015 ... I know where you got the idea from ... excellent topic.
I would give myself 5/10.
I don't think I've been caught by malware but I have had bad effects from software and hardware glitches, and from anti virus software which in one case deleted 1,000s of my gaming mods in zip files when the default safe capacity was exceeded.
- I'm aware of e-mails spam/phishing and report them
- I'm up to date with Microsoft Windows 10 and its security which runs automatically
- BT seem to provide a level of internet security
- I don't select options (or do as the case may be) on finance websites to ensure I'm considered a 'public' unsecured user
- I keep my browsers up to date
- I do keep account numbers and passwords in .doc files, unprotected
- My passwords and memorable data are quite complicated but are kept in the .doc files
- I try and keep a balance between security and ease of access but do become frustrated when I'm auto logged out after a couple of minutes (I'm a bit slow and a poor typist). I have so many bits of important information and need to access my files on my slow laptop.
- I do perform regular backups to the clouds and portable hard drives etc
- I allow google play to do preinstalled checks
- I don't play online games
- I don't engage in online social interactions outside this forum and website help chats.
So I've got away with it RG.
1 -
I will never understand the marketing of passkeys/biometrics replacing passwords, but I'm the type who would prefer a choice of factors, e.g. passkey + password. Yes, passkeys are more secure, but what if I also want a complex password? Someone could just knock me unconscious or chop my finger off, or just physically manhandle me without needing to acquire additional knowledge to bypass another barrier.
For the most sensitive of actions:
Password + Touch ID + Face ID + Voice ID + Card Reader (+ debit card + card PIN) + YubiKey + app-generated OTP + country/IP restrictions.
Can I please?
None of the silly 'memorable information' or 'security questions' which I've never answered honestly since they first appeared decades ago. Having to provide even selected characters of the answers over the phone to another human is ludicrous; HSBC/First Direct want the whole thing!
0 -
Sigh - you really don't need a 20 character password. If you're using a password manager then a crazy length doesn't matter so much, but there may be the odd occasion you need to type this into a phone (or shout to your partner across the room) and a 12 character (random) password with symbols is more than enough if you're not holding the nuclear football.400ixl said:Ideally you will use a unique email address for every site and a unique complex password for each site as well.
You would need a password manager to achieve this as the normal human could not remember the passwords without writing them down.
Passwords would be complex such as ^wXFm#G8*eYtpUJa2hus and 4S&e%kEa$R$tTW!xH^7h
Try remembering 50+ of those and which website they belong to.
2
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards