this post was submitted on 10 Jul 2023
37 points (100.0% liked)
Cybersecurity
5856 readers
14 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It honestly sounds like you did everything right. I would’ve suggested everything you did. Credit freeze is #1, then passwords is #2. You did great.
As for your question, I’ve actually used several monitoring services and have had an overall positive experience but it’s definitely a mixed bag and YMMV. Some info I get is very specific and therefore helpful. Sometimes it’s extremely generic ie an alert that your primary email has been found on the dark web…. Ok, I would’ve gotten a similar repose with an “have I been pwned” search. I’ve been involved in like 15 days breaches, I fully expected that email to be found on the DW by now.
I also got these services all for free. One is permanent via my credit union which is great. I’ve gotten others as consolations from companies that have had breaches with my data.
I personally think it’s worth it to her even if she has to pay for a year or two and reevaluate from there, given her situation.
I'm trying to find if she can get one free maybe through 1password. I know they have a basic service that basically checks if a login has been compromised like have I been pwned. Do you know if any credit cards offer a service?
Oh jeez yes I believe master card does, I believe with citi 2% cash back all purchases cards. Please verify that first.
A question on what you said. Why change the passwords, though, unless she reuses or uses schemes at the first place? SSN & credit card info seem to leak quite a bit nowadays.
So sorry I don’t understand your question, schemes? Reuses schemes?
Generally speaking it’s always a good idea rotate passwords/secrets if any form of compromise is suspected . It’s just good practice, imo.
Yes CC info doe leak often, easier remedied with a cancellation, les so with SSN. We should not be using that for ID purposes in the first place and I hope we stop that practice.
Thx for stating your opinion. Sorry for being unclear. reuse = use same passwords in different accounts; schemes = password patterns with some reused portions.
I understand entirely now what you meant, the phrase I haven’t heard before!
In that case though, I’d say, with schemes yes definitely, as you’re more at a disadvantage because you follow a pattern, vs not doing so and having a unique password ( and ideally a unique username/ email for every account! Use a email forwarding service like simple login!)
I think they meant when users have dumb patterns for their passwords like if your lemmy pwd was
Evok3lemmy!
and your reddit password wasEvok3reddit!
, etc.