[JeffL0]

Perfect illustration of why using unique passwords and enabling 2FA is critical to account security today... go to your MS account, click the avatar and choose "My Profile", then Security, then "View my sign-in activity".

[B58-M340iX]

Uh, wow...had no idea account access was attempted so many times each day.

[nyalpine90]

[RickFLM4]

Same pattern but not nearly as frequent as either above.

[JeffL0]

Adding Geofencing options to login would mitigate much of this (until the asshats figure that all they'd have to do is use a VPN to spoof originating in the desired region), but thanks Microsoft, for making that a business-account feature only.

[iminhell1]

LOL
Just looked. I haven't signed in in a year? I don't use the account. Thing is I have a pretty simple password for most everything. But it's something you have to know me to even guess. You won't just stumble into it.

But looks like it's time to anonymize another account.

[MurrayB]

WOW what a shock! Just added 2MFA Thank you!

[floridaorange]

While we are talking - Our bank account was hacked recently any suggestions?

[JeffL0]

Quote:

Originally Posted by floridaorange

While we are talking - Our bank account was hacked recently any suggestions?

Ouch, sorry man. All the obvious things, close account/reassign, change passwords to everything even remotely related (ACH's, direct xfers)

Water under the bridge, but was your bank account portal login protected with 2FA ?

Secret Squirrel tip for everyone: NEVER make the answer to secret questions actually pertain to the question! Easy to guess or social engineer. As long as you write it down or store it in a password manager, the question matters not, just that you can provide the correct answer... the correct totally unrelated answer. Example: "What is your pet's name?" - Pepperoni. "What city were you born in?" - Pepperoni. "What is your favorite color?" - Tuesday.

[Donut Lord]

Quote:

Originally Posted by JeffL0

Perfect illustration of why using unique passwords and enabling 2FA is critical to account security today... go to your MS account, click the avatar and choose "My Profile", then Security, then "View my sign-in activity".

This happens to me daily. Every hour on the hour.

[Donut Lord]

Quote:

Originally Posted by floridaorange

While we are talking - Our bank account was hacked recently any suggestions?

What is "hacked" in this situation?

No offense, but that is often a broad term that doesn't actually describe what happened and I can't suggest anything of value to you until I figure out how it happened to you.

[floridaorange]

Checks being cashed, AT&T bills trying to be paid, ACH transfers. Just a mess.

[zx10guy]

To add on this for accessing any sensitive accounts, some people use a dedicated laptop to only access those accounts. I also avoid using my phone too.

[DrVenture]

I let Apple assign complex passwords and use 2FA or an authenticator app. In addition I use VPN, anti-virus, anti-malware. I only access my financial accounts from my Apple devices. And I have all the credit bureaus frozen.

[DrVenture]

Quote:

Originally Posted by iminhell1

LOL
Just looked. I haven't signed in in a year? I don't use the account. Thing is I have a pretty simple password for most everything. But it's something you have to know me to even guess. You won't just stumble into it.

But looks like it's time to anonymize another account.

You may be underestimating the power of brute force attacks and data scraping. Using the same password for multiple accounts is not very wise.

My advice is to never be the low-hanging fruit.

[zx10guy]

Quote:

Originally Posted by DrVenture

I let Apple assign complex passwords and use 2FA or an authenticator app. In addition I use VPN, anti-virus, anti-malware. I only access my financial accounts from my Apple devices. And I have all the credit bureaus frozen.

If the VPN you're referring to is what these various services such as NordVPN and such, they're just proxy services and provide zero additional security. I hate the fact these proxy services use VPN in their name or literature to fool people into thinking all of their Internet traffic is somehow fully encrypted and secured using their services. You're not.

[eliphil]

Your right about the vpn’s they just hide your location. I use malwarebytes and will start using 2 factor more

[zx10guy]

Quote:

Originally Posted by eliphil

Your right about the vpn’s they just hide your location. I use malwarebytes and will start using 2 factor more

I call these services proxy services because that's what they are. You're partially correct with what they do. Their main purpose is to repackage your Internet traffic to an IP address in the block of addresses the proxy service owns. These IP addresses are assigned and tied to a geographical location. This is why many people use these proxy service to change their actual geolocation to another place that will bypass media blocks by content owners prohibiting people from another country/location from viewing it.

Those that are super paranoid utilize these services to block what their ISP can see with their traffic. The whole privacy angle.

Encryption works as a point to point/end to end protocol. The VPN part of these proxy services is you running a VPN client that generates an encrypted tunnel to the proxy service's VPN concentrator. Once your traffic gets there, it gets repackaged and dumped onto the Internet unencrypted.

If you want security that's end to end, ensure you are connecting to sites that utilize SSL encryption and have valid recognized keys issued by known certificate authorities such as Verisign.

The only other use that I could see as a valid reason to use a proxy service is if you are using lots of public WiFi hotspots. The VPN tunnel aspect of the proxy service will mitigate any man in the middle attacks. But frankly, I just utilize my phone's hotspot capability.

And technically, I can operate as a "VPN" provider. I have a set up where I'm running an SSL VPN concentrator to allow me to remotely connect securely to my home network from my phone or laptop. I've set up a policy which allows what's called "hair pinning" that loops any Internet traffic from my remote device through my home network and out looking as if the traffic originated from my home but I'm say overseas.

Another aspect of using proxy services is all the overhead that is required. This will impact your network performance over just using your ISP natively.

[eliphil]

Quote:

Originally Posted by zx10guy

I call these services proxy services because that's what they are. You're partially correct with what they do. Their main purpose is to repackage your Internet traffic to an IP address in the block of addresses the proxy service owns. These IP addresses are assigned and tied to a geographical location. This is why many people use these proxy service to change their actual geolocation to another place that will bypass media blocks by content owners prohibiting people from another country/location from viewing it.

Those that are super paranoid utilize these services to block what their ISP can see with their traffic. The whole privacy angle.

Encryption works as a point to point/end to end protocol. The VPN part of these proxy services is you running a VPN client that generates an encrypted tunnel to the proxy service's VPN concentrator. Once your traffic gets there, it gets repackaged and dumped onto the Internet unencrypted.

If you want security that's end to end, ensure you are connecting to sites that utilize SSL encryption and have valid recognized keys issued by known certificate authorities such as Verisign.

The only other use that I could see as a valid reason to use a proxy service is if you are using lots of public WiFi hotspots. The VPN tunnel aspect of the proxy service will mitigate any man in the middle attacks. But frankly, I just utilize my phone's hotspot capability.

And technically, I can operate as a "VPN" provider. I have a set up where I'm running an SSL VPN concentrator to allow me to remotely connect securely to my home network from my phone or laptop. I've set up a policy which allows what's called "hair pinning" that loops any Internet traffic from my remote device through my home network and out looking as if the traffic originated from my home but I'm say overseas.

Another aspect of using proxy services is all the overhead that is required. This will impact your network performance over just using your ISP natively.

Thank you for the clarification, it’s so challenging to keep safe these days and the challenges evolve quickly.

[DrVenture]

Quote:

Originally Posted by zx10guy

If the VPN you're referring to is what these various services such as NordVPN and such, they're just proxy services and provide zero additional security. I hate the fact these proxy services use VPN in their name or literature to fool people into thinking all of their Internet traffic is somehow fully encrypted and secured using their services. You're not.

https://www.privateinternetaccess.co...vpn-encryption

I am certain it is not perfect, but some encryption is better than none. I still believe the anonymity to be quite useful. This VPN does no logging. The biggest complaint they get from security reviewers is that they are not located in a "privacy-friendly" country - they are in the U.S.

The company that I work for does not allow any remote access to their network without VPN. Their security experts believe it to be useful. I do agree with the gist of your post and appreciate the input. .

[zx10guy]

Quote:

Originally Posted by DrVenture

https://www.privateinternetaccess.co...vpn-encryption

I am certain it is not perfect, but some encryption is better than none. I still believe the anonymity to be quite useful. This VPN does no logging. The biggest complaint they get from security reviewers is that they are not located in a "privacy-friendly" country - they are in the U.S.

The company that I work for does not allow any remote access to their network without VPN. Their security experts believe it to be useful. I do agree with the gist of your post and appreciate the input. .

If you want to pay for the "anonymity" of these proxy services, by all means knock yourself out. But to think there is any additional security using these proxy services outside of the use case of preventing man in the middle attacks with public hot spots, you're fooling yourself and buying into their marketing BS.

I know VPNs. I've deployed them during the course of my work as a network engineer and deployed them for my own personal use. As I said, VPNs no matter what encryption algorithm or protocol is a POINT TO POINT technology. To break it down further so maybe you'll understand, the proxy services use a singular VPN tunnel from your end point (whether it be your router that supports the VPN client your proxy services uses or you install their software on your end point device) to their VPN concentrator. When you send Internet traffic, it gets encrypted through this tunnel that rides over your ISP service. When it reaches your proxy service which in this case is Private Internet Access, your Internet traffic is de-encrypted and then sent along however Private Internet Access' network is set up UNENCRYPTED. Private Internet Access strips the IP header info that is part of your packet and rebundles it with one of Private Internet Access' IP addresses it has in the block of addresses it purchased. Then Private Internet Access sends your Internet traffic on its way on the bare Internet; again UNENCRYPTED. The only time your Internet traffic stays encrypted through this mess is if you had initiated an SSL/HTTPS session with what ever web site or service on the Internet. This is that padlock you see in the URL when you access a website such as your bank. That SSL session would be the same regardless if you used that proxy service with Private Internet Access or not.

As I said, I've deployed plenty of VPN solutions in my time both remote access and site to site using 3DES, AES256, SSL TLSv1.2, and Suite B elliptical curve algorithm encryption schemes.

The big problem with these proxy services is the snow job they are doing with fooling people into thinking there is some increased level of security using their services when there isn't. And then people get lax with doing proper surfing habits and get smacked by a hacker or malware. Which makes these services pose a greater security risk than what they propose to solve.

[eliphil]

You’re right I can’t stand the Nord vpn commercials they are so misleading. I am working on new security protocols for my family and business using 2 factor whenever possible and password manager. We are installing a dns filter that helps limit malicious sites and I personally use malware bytes on all my devices. I am not a tech guy but conservative by nature and am always looking for suggestions to upgrade my home and business network