Gunbroker/Zelle hacks

[praveen]

Right now I almost never log in because this site keeps me logged in across sessions on the same device (cookie?) If you go to 2 factor will that be impossible, and we'll have to log in every session?
-

Not necessarily. It depends on the 2FA algorithm. Generally, most 2FAs will designate a device as trusted after an initial prompt for a time based token and this trust will expire after a certain period ( say a month ) and that’s when you get reprompted.
However, like I said, it all depends on how many accounts get hacked. That’s why strong passwords please.

 

[HenWinter]

I checked GunBroker several times, but never made purchases there. Also, I looked through the GunBroker reviews and found no information about scams. Thanks for sharing this info, I now have doubts about whether to order anything there.

 

[Brians356]

I checked GunBroker several times, but never made purchases there. Also, I looked through the reviews and found no information about scams. Thanks for sharing this info, I now have doubts about whether to order anything there.

One doesn't purchase from Gunbroker, but from the entity posting the ad or auction. "Buy the seller". Before you even bid it's easy to start examining the seller. Look at their past transactions total, and their rating. If they've sold hundreds or even thousands of items, have more than one item currently listed, and have a high rating, keep going. If it's a brick-and-mortar store, like a gun shop or pawn shop, with a phone number and street address (verifiable on Google Maps) and someone answers the phone and responds comprehensively to questions about the item and themselves, that's good. There's no such thing as 100% safe in this world. Some people keep their money in a sack under their bed. Others trust their instincts about the real world.
-

 

[ErikET]

How do us old guys suppose to remember that? We still use something like this 1234password

I'm a big fan of using a short phrase, something that doesn't look like an obvious password to a keylogger but the length alone leads to an extremely complex password that's not easily guessed. "Add burgers and buns to the list." is a much more complex password than !#$R@!DSARD!@@#!! or some other auto generated keyboard barf because it simply has way more potential characters.

There have actually been a number of data privacy research studies that have criticized the fact that we've sadly trained people to make dumb, impossible to remember, worse passwords by adding complexity to shorter passwords and simply making super obvious passwords that are easier to identify and steal.

I know this is a response to an old question, but data privacy and healthcare is literally the hill I'm going to die on.

 

[dcali]

Don't overthink it, guys. Use a decently long password not made up of words, and don't use the same one everywhere.

One trick I use for important passwords is to draw a picture on the keyboard. Makes it practically random, but easy to remember.

One thing a lot of folks don't quite appreciate is how important your email password is. Never, ever use the same one for your email as for anything else. So much nonsense can be done with a hacked email account.

 

[Evan]

Use a password manager that is offline, like Keepass to store and manage long passwords. Not Lastpass or Bitwarden which are cloud services.

Use dice words for passphrases you need to remember: https://www.eff.org/dice