If you have it best to do venmo as well, of memory is correct PayPal owns venmo so I wouldn't be surprised if they were the same database

Sent from my motorola edge 2024 using Tapatalk

It gets very frustrating that regardless of the precautions I take, businesses I deal with and even some that I don't will get hacked and spill my info

Anyway, thanks. PW changed to MARRULEZ69420

Doesn't the two-factor authentication help to prevent your account to be hijacked?

This is such a fu%* Erie post because im also baked but I just finished changing PayPal password because I couldn’t remember the password and needed it for the desk top.

I thought TFA only applied to doing stuff like making changes to your account not everyday transfers and payments?

Sent from my motorola edge 2024 using Tapatalk

Noted. Thank you.

When I make payment to A mcarter member for paintball related items it will ask everytime to login the TFA or others paypal login requirement to pay for stuff.. So unless the ph# associatated get comprise then that A bigger issue instead.

Amended. Thanks for the update

No, I will not be doing this.

Friendly reminder to all - always turn on two-factor (2FA) and use a password manager so that every account gets a unique password. The browser-based manager is fine for low-risk accounts like forums, but use something more secure for anything financial related. My personal recommendations are KeePass if you like to keep things self-hosted or Proton Pass if you don't mind someone else hosting and want better browser integration. Or use all three; browser for low-risk items, Proton for medium risk, and KeePass for high-risk items (e.g. financial accounts)

I prefer bitwarden but yes, password managers and 2FA are the way to go nowadays. Any site that can touch my money, 2FA.

How in the world are password managers safe? Bitwarden, Lastlpass? They get hacked too, right? And when that happens there will be another thread about changing your passwords. I’m never supposed to write my password down but I can give it totally to any 3rd party? Can anyone explain that? Anyone?

Some people feel safer if they have a bunch of hoops to jump through. Overwhelmingly when people are stolen from its through social engineering methods that no tech can stop. Change your password every hour, it won’t improve anything.

Myself, and the vast majority of all users, have spent more time dealing with IT because of their own screwups than because of any actual nefarious activity. I’d so much rather be hacked than have to deal with two factor identification on every account I have.

I will second Zeta here. Very well said. Although many very good suggestions were given about general safety practices, nothing is 100% safe. If someone really wants your money or your info, they can get it.

Never forget, the almighty credit reporting agency Experian let the info of 200 million people get loose. Chances are, your info is already out there. I’m surprised PayPal hasn’t been hacked yet.

Your question is wrong. Using a password manager and having to give PWs to a 3rd party are not mutually inclusive. That's what I was on about above when talking about using KeePass for high-risk accounts. The way it works is that it will create an encrypted file container (e.g. "Zetas Potatos.PDF") that holds your heavily encrypted data safe and obscure. When you open KeePass, you navigate to and open your obscure file container, enter the encryption password or provide a key file, and then it will show your database of passwords. No third parties involved. And if you have concerns about the KeePass app itself, go audit the code as you like - it's free and open source. Many others have audited the code as well, so you can review their work too if you like: https://keepass.info/ratings.html Notably, EU-FOSSA audited the code in 2016 and found no issues.

As for those 3rd parties, I agree with you - there's a huge attack surface area when it's always online and easily identifiable as a PW database. Still, it's safer than using one password for everything and is more obscure than the browser-based PW manager. The convenience is the real draw for them since they can auto-populate your credentials for you. I recommend them for low and medium risk accounts.

It's not meant to stop the Yakuza from getting the off shore account numbers that you funneled their money into, or to prevent you from giving credentials out to a "hacker" sitting in a sweaty office in New Delhi... It's meant to stop the millions of bad actors online from stealing from you or just annoying you through automated attacks that systematically exploit a few known vulnerabilities or exposed credentials.