if they get your 2fa, you're screwed.
On 1/6/26 10:21, [email protected] wrote:
Got totally scammed. Login.gov supposedly sent me a very official
looking email saying someone had logged in a few hours ago. Nobody
logged in a few hours ago. I scanned the header and it looked legit.
It recommended that I change my password. Clicked the change password
button (without looking at the URL it was directing me to) and went to
a very official looking page.
But it only asked for the new password once. That should have stopped
me but I still clicked. Then immediately tried to login with the new
password and I realized I was cooked. So I immediately changed
passwords on sites that used that old password and properly changed
the password on login.gov
I am seriously considering going to a password managers. I know
nothing about them, how they work or if they are trustworthy. I use
2FA everywhere I can.
Opinions?
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
