I got 3 new alerts from CreditWise from Capital One

[Big Frank]

I got 3 new alerts from CreditWise from Capital One yesterday. One of them was specifically about the Eye4Fraud data breach in February. My full name, complete home address, phone number, and email address were all found for sale on the dark web. As far as I know, they didn't get my password, which I immediately changed anyway, or the last four of my credit card number. But this fraud prevention service was apparently used by someone whose site I was shopping on at some point. No telling who or when. And THEY got hacked. I'm getting bunches of phishing emails in my inbox on a daily basis, plus even more that go straight to the spam folder.

I think I posted about this when I found out about it, but the same info ends up being sold over and over again on the dark web. And sometimes it's just posted so anyone there can have it for free. I think that's why I got more alerts, now. And since I have a cell phone, I don't say another day, another dollar like some people do. Now I say, another day, another 20 phishing texts from Canada. Plus an occasional one from the U.K., and other countries, too. I think it was last week I found out this isn't called phishing when it's done by text, it's smishing, short for SMS (Short Message Service) phishing. The first thing I do every day when I pick up my phone is block and report spam, delete, repeat, repeat, repeat. Sooner or later they have to run out of phone numbers, and some days it seems like it's slowing down quite a bit. Some days.

Some of my friends act like I'm paranoid for using a more private browser instead of Microsoft Edge or Google Chrome, using a private search engine, blocking tracking cookies, and not wanting Google and Microsoft collecting and selling all my data to anyone with a buck. When Luxottica in Italy was hacked and they got my account information from Oakley, they act like it was my fault, like I'm doing something wrong. My friend's wife says stuff like, I need to quit going on those weird porn sites, or, I must be doing something illegal. When they got the internet at their cabin this year I didn't ask for access, and they made it clear I wasn't going to get it. They don't mind Google and Microsoft selling people any and all information they can gather, except their SSANs. They no longer ask me why I have a 32 character password when I sign in on my laptop. It's because I can only remember 16 characters and remember in what order to enter the same 16 characters the second time. Anything more than that is way too much for me, so my password manager takes care of the other 400 passwords, most of which are either 25 or 30 characters long, including uppercase and lowercase letters, numbers, and special characters, as ALL passwords should. If your password doesn't have all four of those things, well, you might also like to open carry an unloaded gun.

It's a lot harder to brute force attack a system if there are a trillion trillion possible combinations, rather than a million. My reason for longer, more complicated passwords is something like that. But some people still use passwords like "password" or "p@$$w0rd" and it gets cracked in a microsecond. If the people who are supposed to be handling the security of my information get lazy and do something like that and get hacked, it's not my fault, by I still suffer for it. At least my friends could cut me some slack, even if the rest of the world won't. And the next time I see a Canadian flag, I'll be singing, loudly if not well, Screw Canada! That frozen empty land! That's MY anthem. - Rant over. -

https://en.wikipedia.org/wiki/Brute-force_attack

[Timothy]

Sounds familiar.  I closed and moved to a new bank, canceled all my cards and froze my credit bureau accounts.

[Big Frank]

That sucks.

[Rastus]

I have spoofed my birthday, misspelled my name, misspelled my address, transposed my zip code, mother's maiden name, etc. whenever possible.  I think doing those things helps as well.

So when you hear that a password can be cracked in some amount of time...that's generally the time it takes to run through all possible combinations to get to a password.  The time to enter it and get a response is much longer. 

[Jim Kennedy-ar154me]

I know a lot of places are now asking people to use passphrases instead of passwords. Something over 20 characters long. I can think of a few good phrases instead of words. I just can't repeat most of them here!

[Sponsor]

[Timothy]

That sucks.

It does suck because direct deposit SS checks require you to keep the old account open for two or three months!

[Big Frank]

Then it sucks even worse than I thought.

[Big Frank]

I know a lot of places are now asking people to use passphrases instead of passwords. Something over 20 characters long. I can think of a few good phrases instead of words. I just can't repeat most of them here!

I have a secret backup passphrase in case I forget the password to my password manager. My passwords and other personal information are kept encrypted so that nobody but me can see them.  It's 12 random words of various lengths, 4-9 letters each that they gave me and said write it down so you don't forget it. It's over 80 characters if you count 1 space between each the words. I have one written copy in my gun safe that I may have written the word passphrase on. I can change my passphrase anytime I want to and it will generate another 12 words at random that are only able to be seen once my account is signed into. I can erase it forever any time I want to, but haven't in case I lose that paper with my passphrase. If I lose the paper and forget my password, everything will be unavailable to everyone including me.