[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 13/10/18 20:03, Simon Waters wrote: > you really must start using a password manager This cannot be overstated. If you don't have a photographic memory, you NEED one of these. No exceptions! > if all your current passwords are not yet unique You need serious help. No exceptions. Use the password manager and spend however long it takes to go through every single one of your user/password combinations for every service login you ever touch and update EVERYTHING to a randomised strong password and then make sure it works... twice. If you're still a bit apprehensive about the password manager to start with, write a master paper copy down if you have to, and then lock that up safely for now. Destroy it later once you're happy using the password manager and are confident with it day to day. You still have to commit to memory things like your phone pin/passcode, your PC username/password and of course the master unlock to the password manager itself but anything else, put in the password manager. If you haven't done this yet, stop reading this email and go and do it now. Yes, you! You know who you are... Apologies Neil for diverting your junk thread but this is required stuff, and directly relevant. Part of why these spam emails like the threatening ones you've just had are so convincing is precisely because people weren't practising good security (no password managers and unique strong passwords per site) in the first place. As Gordon says: > Use a unique password for every site then you can instantly identify which site. Yet another advantage of doing things properly: you can tell straight away what's leaked if one of your (unique) passwords suddenly appears on haveibeenpwned or wherever. Also Neil, does your mail provider not do any spam filtering at all? Are they not even setting X-spam headers for you during transport so your mail client gets a much needed helping hand in sorting out the trash? It's entirely possible that they actually _do_ but it needs to be manually enabled in your providers control panel (plesk or whatever). Have a look. Cheers -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq