Troy Hunt who runs website Have I Been Pawned announced that he was hacked by a sneaky phishing email
2 Likes
All I can say is “d’Oh!”
Wow. Going to have to share this with my team at work. It’s hard enough to try to keep the “regular business users” aware of possible phish attempts. Thanks for posting this - it will be quite useful!
The single action that led to the breach is why I am not a proponent of the advice often given to Mac users to “just be careful” when thinking about security measures. We are all human and we make mistakes, especially when we are in a rush, distracted, or tired. Relying on constant vigilance as sole protection requires perfection. I don’t think any of us can reach that standard very often, especially with something that is constantly changing and morphing.
3 Likes
Agreed. I’m in favor of Troy’s comment about trying to get more companies to support passkeys (which are phishing-resistant). I’ve tried to set up passkeys wherever I possibly can. At work, I’ve flipped all of my MS Authenticator stuff to passwordless. Note that I have two different phones (work and personal) and I’ve set both up on Authenticator so that an equipment failure is less impactful. I also invested in a couple of Yubikey devices to have other options – although I honestly prefer using the biometrics included in Apple devices (macOS/iOS). It’s to the point I almost feel exposed when I have to use Windows natively - Windows Hello is OK, but I like the biometrics better.
1 Like
Another comment - this is why I like 1Password’s Watchtower feature - it lets me know if I have any credentials where the security can be improved - either with Passkeys, or two factor auth, and it lets me know if I’m ever stupid enough to use the same password in multiple locations (one of those FIX IT NOW problems). Proton Pass has a similiar functionality (Pass Monitor), although it doesn’t seem to include Passkey support. I assume that other Password Managers offer similar functionality, but those are the two I use.
I do check the Passkeys directory from 1Password on a fairly regular basis to see if anything new has popped up:
1 Like