OT - Grumpy Old Man Thread

[MikeDeTiger]

Since coming back to work after the Christmas/New Year's break......I've actually had to work at work, a lot.  

They don't seem to know I got threads here to keep up with.  

Grumpy.  

[FearlessF]

see the union steward  

[utee94]

see the union steward

The WHO?

[FearlessF]

I think he works for the government

[MrNubbz]

Since coming back to work after the Christmas/New Year's break......I've actually had to work at work, a lot. 

They don't seem to know I got threads here to keep up with. 

https://youtu.be/l8ukak8P2vY

[MikeDeTiger]

Our Amazon account was apparently hacked, as we learned that someone had purchased a watch for $788 and had it delivered to the Houston area.  Resetting the password and disputing the charge with the credit card company was pretty quick and painless, but just idea of the whole thing and having to deal with it after we're getting home from work, and tired, and trying to enjoy some supper, made me grumpy.  They canceled the card and will ship a new one within five business days, so, no Amazon purchases til then.  

1)  I'm really familiar with my wife's internet activity, and mine even more so, obviously, and I can't think of how the password got compromised, other than a data breach with Amazon itself.  It doesn't surprise me when small/local businesses suffer data breaches, but I kinda expect better from Amazon.  Of all companies, they should have the best and the brightest in security, I'd think.  Yet, my stepson's Amazon account was compromised in a data breach just last year.  Makes me wonder how common this is for them.  Or if it's not that, where did one of us fall victim to a phishing scheme?  Mysteries like that bug me, because if I don't know what went wrong, I can't take better precautions in the future.  

2)  The delivery address on the fraudulent purchase is right there.  I've never known a credit card company to investigate fraud or turn info over to law enforcement, but then, I don't know much about how they operate.  Maybe they do.  They didn't ask any info about the fraudulent purchase, however.  It does make me want to send an anonymous letter to that address near Houston saying I know what you did and where you live.  Be looking over your shoulder.  

3)  It wasn't even a cool watch.  For nearly $800, I expect something swanky, something that looks like the product of handmade craftsmanship in Germany, or somewhere like that.  I didn't read the features on the purchase order, but the photo just looks like some kind of digital something that can track your steps and whatever.  Big deal.  Seven hundred and eighty-eight dollars???

4)  Time to learn how to set up passkeys.  I'm tired of this.  Another credit card was compromised twice last year, once was my wife's fault for something that she should have known better, and once was my fault for falling for something that I normally would never, but it happened at the exact time that a very unusual set of circumstances was going on that made the whole thing seem believable, and I fell for the phishing because of it.  I know passkeys won't stop cc compromises due to direct phishing for card info, but it should put an end to the hacking of websites with cc info stored on them.  

/Grumpy

[FearlessF]

makes me grumpy just hearing this from you

public hangings for the convicted
and worse for those that prey on the elderly & disabled 

[betarhoalphadelta]

1)  I'm really familiar with my wife's internet activity, and mine even more so, obviously, and I can't think of how the password got compromised, other than a data breach with Amazon itself.  It doesn't surprise me when small/local businesses suffer data breaches, but I kinda expect better from Amazon.  Of all companies, they should have the best and the brightest in security, I'd think.  Yet, my stepson's Amazon account was compromised in a data breach just last year.  Makes me wonder how common this is for them.  Or if it's not that, where did one of us fall victim to a phishing scheme?  Mysteries like that bug me, because if I don't know what went wrong, I can't take better precautions in the future. 

Does the Amazon password get used on ANY other web sites? If so, it might be more likely that another site was hacked and they tried your (or your wife's) password and login credentials from that other site on Amazon. 

If you reuse passwords amongst multiple sites, you're only as protected as the least secure amongst them. For example, I trust that @Drew4UTk knows his stuff regarding security, but I wouldn't share my email and banking and Amazon passwords with my cfb51.com account password. 

This is why I use LastPass to manage my passwords. I have unique and complex passwords for every site I visit, including this one. I have two passwords (my email and my bank) that are NOT stored in LastPass, only in my own head, in case somehow LastPass got hacked. Because my email specifically would be the canary in the coal mine that would alert me to someone trying to change passwords at other sites, and so email is the one thing I can't allow to be compromised. 

[MikeDeTiger]

Does the Amazon password get used on ANY other web sites? If so, it might be more likely that another site was hacked and they tried your (or your wife's) password and login credentials from that other site on Amazon.

If you reuse passwords amongst multiple sites, you're only as protected as the least secure amongst them. For example, I trust that @Drew4UTk knows his stuff regarding security, but I wouldn't share my email and banking and Amazon passwords with my cfb51.com account password.

This is why I use LastPass to manage my passwords. I have unique and complex passwords for every site I visit, including this one. I have two passwords (my email and my bank) that are NOT stored in LastPass, only in my own head, in case somehow LastPass got hacked. Because my email specifically would be the canary in the coal mine that would alert me to someone trying to change passwords at other sites, and so email is the one thing I can't allow to be compromised.

I'd have to check the pw list in my safe, because I'm bad at remembering most passwords these days, but iirc, the old password was unique, yet similar to other passwords.  

Agree about bank account password, I don't store it anywhere except on the printed list in my safe, and for all I know even that's not a good idea, but I figure if someone gets in my safe, I have bigger problems than stolen passwords.  It's the same reason I don't use or store the bank account's debit cards.  Those just sit in the safe as well until I need to go to the ATM (rare).  Banks don't tend to offer near the easy purchase-dispute protection and refunds for fraudulent activity that cc companies do.  Ours definitely doesn't.  It's the one password I do remember because I frequently use it, but I keep it on the hard list because my wife doesn't remember it and never will, and I want her to have easy access to all the passwords if something happened to me.  

I've thought about something like LastPass, but never did it.  I think at this time I'll probably just begin moving to the passkey technology.  I am resistant to new things I don't understand, because confusion feels worse than vulnerability (when no one I trust has made a personal recommendation--and I don't know anyone who currently uses passkeys), but several weeks ago I read as much as I could find on them, and though I never did get completely clear on the complicated math at the bottom of it, the general concept is pretty easy to pick up on.  As I say, I still hesitated because when I don't yet understand the brute mathematical process at the core, it's hard to adopt a technology that I don't fully understand.  But at this point I think I'd be happier trusting that it is what the easy, surface explanation says it is, and moving ahead with it.  

[847badgerfan]

Just changed my Amazon password as it was shared with a couple of other sites.

[SFBadger96]

A buddy who worked in the Secret Service (which, pre DHS, investigated financial crimes) in lifetimes past was frustrated that they would investigate 6-figure financial thefts, and the financial services companies (banks, etc.) that they were trying to protect treated them, the Secret Service, as a nuisance. The dollar amounts were too small for victimized financial services companies to care.

I keep wondering why the rampant fraud and phishing is so difficult to police. Someone smarter than me could probably explain it. Please feel free...

Honestly, without veering into politics (I think) if the government could prioritize that, I suspect people would care a lot more than about [name your hot-button social issue].

[MikeDeTiger]

I assume it's up to the financial institutions to rattle the cages on the government's actions.  They're the ones enduring the loss, having to refund people like me after fraud.

What I fail to understand is why those companies don't make more noise.  I read from multiple sources that they endure billions in costs per year due to fraud.  They might be huge, but even those kinds of companies have to feel it when we're talking billions.  

At any rate, soon I look for major companies--certainly the Big Tech ones--to stop with passwords and force us to use passkeys.  I could be wrong, but I predict that's the way things will move.  

[Drew4UTk]

Does the Amazon password get used on ANY other web sites? If so, it might be more likely that another site was hacked and they tried your (or your wife's) password and login credentials from that other site on Amazon.

If you reuse passwords amongst multiple sites, you're only as protected as the least secure amongst them. For example, I trust that @Drew4UTk knows his stuff regarding security, but I wouldn't share my email and banking and Amazon passwords with my cfb51.com account password.

This is why I use LastPass to manage my passwords. I have unique and complex passwords for every site I visit, including this one. I have two passwords (my email and my bank) that are NOT stored in LastPass, only in my own head, in case somehow LastPass got hacked. Because my email specifically would be the canary in the coal mine that would alert me to someone trying to change passwords at other sites, and so email is the one thing I can't allow to be compromised.

this site is pretty tight - our information goes nowhere that mother google can't see anyway, no matter what you do.  i track users insofar as geolocation, but that only to study WHERE they're from and how to go about blocking them.  its a very good thing there are few, if any, outside of CONUS who have interest in CFB... it's kinda a dead giveaway when approached from some of these nations.  

i use the multi-tiered approach, too, which is to say if it's not a very important thing I use one flavor of passkey... if it's a level up another... if they hold any kind of financial data they get the next tier... if it's a primary financial institution they get their very own.  all that said, that's usually not what get's folks access.. it's when they bust the door down and drain entire DB's of personal data - and then sell it.... those are usually skimmed for the low hanging fruit- which to them are organizations with weak systems in place such as local banks.  the harder targets are harder to get into (duh) and the hacker stands a good chance of being caught.  

i opened a business account at the bank closest to me... and online access... i literally rode the golf cart there and back to home/shop.... i received a text from them i assumed was some sort of welcome text- but it wasn't.... the account had already been breached.  i turned around and went right back up there and closed the account.  it's never happened (knock on wood) with a major institution, at least with me.  

[SFBadger96]

I couldn't access this site when I was in New Zealand. Not that I needed to, but I did try a few times. Just wouldn't work. Don't know what that was, but I suspect it had something to do with where I was.