c/cybersecurity-tips

TIL a $20 hardware key beats a free authenticator app for my main email account.

After my phone died and locked me out for 6 hours, I realized the key doesn't rely on a device that can break or get lost, so what other single points of failure should we ditch?

My cousin's kid got a weird text and it freaked me out

Honestly, last month my 12-year-old cousin got a text saying his game account was locked and needed a password reset. He almost clicked the link right away. I was over at their place in Springfield and had to explain it was a phishing attempt. The sender's address was a jumble of letters, not the real company. Has anyone else had to walk a younger family member through spotting a scam like that?

My neighbor asked me why his smart light kept turning on at 3 AM

He said it started after he downloaded a free app to control it, and I realized he never changed the default password on the router. We sat down and I showed him how to set a strong one and turn off remote admin access. It's crazy how one simple step can open up your whole home network. Has anyone else had to walk a friend through securing their smart home stuff?

I used to think my router password didn't matter until my neighbor's kid got into my network.

I had the default 'admin' and 'password' combo for years, then my smart TV started showing weird search history last Tuesday. I changed it to a 12-character mix of letters and numbers, and the problem stopped. How often do you guys actually change your router passwords?

My friend's smart fridge tried to email everyone in his contacts

We were at his place in Seattle last weekend when his new smart fridge got hacked and started spamming weird grocery lists to his entire Gmail contact list. Turns out he never changed the default admin password from 'password123'. What's the dumbest default password you've seen on a new device?

Saw a public library in Denver still using Windows 7 on their help desk PCs

I was at the main branch in Denver last week and noticed all their public help desk computers were still running Windows 7. The librarian said they keep them offline, but that's a huge risk if someone plugs in a bad USB drive. Has anyone else seen places using old, unsupported systems in public areas?

Update: After wiring my new house for internet, I found that turning off WPS on the router just causes more problems than it fixes.

Pro tip: I once spotted a data leak and wasn't sure what to do

Should you always tell someone about a security risk you find?

The change from simple passwords to multi-factor auth puzzles me

I get why it's needed, but all those extra steps feel like too much sometimes.

My shift on VPN necessity after a security scare

I used to avoid VPNs thinking they were unnecessary for casual browsing. After encountering a malicious hotspot that logged my data, I now use one consistently. What event made you rethink a common security practice?

PSA: I caved and tried a password manager after my cousin got hacked.

Turns out, letting it create and store complex codes is way safer than my old sticky note system.

Redid my home office and spotted a big security flaw with my router

While setting up my new home office after some redecorating, I logged into my router. I found it was still using the default admin password from when I first got it years ago. What's the best way to regularly check and update these settings to stay safe?

My take on letting close friends hop on my home network

I know everyone says to never share your Wi-Fi, but I think that's too rigid for real life. My best friend from college stays over often, and I let her connect to my network without a second thought. She's not tech-savvy, so I set up a separate guest network with a basic password that changes now and then. Once, her phone got a weird pop-up, and we checked it together, which turned out to be a harmless ad. If I had locked her out, she might have used public Wi-Fi, which is way riskier. Sure, there's a chance something could go wrong, but I keep my main devices on a different band and run regular scans. Trusting people you know well can actually make your digital circle safer because you help each other spot issues. My advice is to use guest networks and have honest chats about online safety with your pals.

Showerthought: My high school mascot is not a secret anymore...

I was making a new account and it wanted my high school mascot for security... I've talked about that online so much. Isn't that a pretty weak way to protect an account?

Password reset links that vanish in minutes drive me crazy!

I tried to reset my password for an important account, but the link expired before I could use it! This seems to make security worse, not better, because it pushes people to use weak passwords they can remember easily. How do you deal with this without giving up on strong passwords?

Skipping sleep got my account breached. Don't be like me.

Was up late for days. Clicked a bad link without thinking. Now I make sure to rest before handling sensitive stuff.

From my experience, forcing password updates too often backfires

People just add a number or use old passwords again. What's your view on this practice?