Hmm just had an actual legit email that someone logged into my MyGov account with email and password.
-
Hmm just had an actual legit email that someone logged into my MyGov account with email and password. Doesn't seem like they got past the 2-factor though, but still. It was an old-ish password that has maybe been leaked by whichever one of the hundreds of companies have been hacked and had my details. Anyway. Password changed now and Passkey added for an extra step. Interesting that MyGov is now recommending disabling password login completely and using only Passkeys.
-
@phocks Oof. I had that with booking.com, someone kept trying to reset my password even though I had 2fa. I randomised my email address and it stopped it.
-
@ash Strange! I kinda like the idea of different emails for difference services, but I have so many that I will definitely get mixed up, and then I'll get locked out of my password manager or something and then I'll just be out on the street with no internet services at all then I'll run into the wilderness and live happily ever after
-
@phocks that's why you keep backups!
-
Matt Cengia (seeking work)replied to Ash K 🏳️🌈 last edited by
@ash Ah, I see you keep your backups on secure media (that most folks these days wouldn't be able to access)!
@phocks Re Passkeys, they're generally considered as secure as password+second factor these days, given both the strength of the key, and the usual security around where/how it's stored (in a password manager or on a security key or mobile device on your person). I wouldn't be relying on them exclusively though:> Apple Keychain has personally wiped out all my Passkeys on *three separate occasions*.
-- @firstyear