Salt Typhoon -- would someone 'plain?

I am in the same boat you are.

In my case becoming a senior citizen has force me to give up my 007 license - much like Jethro when the Beverly Hilibillies ended - so also no need for sensitive texting.

Maybe if a person did online banking over a phone app - that might be a situation where encryption importance enters the picture?

 

Still sodium-free here.

Security measures have to proportional to the sensitivity of the data - and EVERYONE knows that cumin tastes like dirt.
Use a half pint of Guinness instead.
That will solve your moss problem too - at least on the sidewalks and drives since you will have people beating a path to your house to eat some of the chili.

Maybe give the other half of the Guinness to the pooches to calm them down.

 

There are people out there that are horrified that anything they do in public is actually… public.
Those people will put a very high level of importance to this.

Of course, there is info on texts that I don’t want to share.

• When I/family/friends are not at home
• Medical issues
• Where and when I am going somewhere

There are probably other bits of information I don’t want to share. While I don’t see this as a national emergency, I do think it is something people should be aware of.

 

i never give it a thought, maybe a mistake, but i can't think of anything i wouldn't want some stranger/criminal to know

 

I'm still a customer of a few services that consider sending me a six-digit number by SMS to be an adequate way of proving I'm me.

 

Serious question...is the SMS Verification bad? There is email verify but know that not secure. Some offer voice callback verification. Mostly thinking of my broker accounts...

 

If an adversary is able to eavesdrop on SMS or on a voice callback while signing in to your account, they're in.

I haven't heard whether this particular ongoing telecom attack really involves eavesdropping in real time that way, or just hoovering up a bunch of comms and reviewing them later. Obviously the code your broker texts you is if no use to the adversary as long as you used it first.

Some of the accounts I use have changed to at least allow, or even require, use of a TOTP app or token, instead of relying on a code over SMS. But not all of them.

 

My biggest concern is I don’t want to advertise to anyone ‘listening’ that the house is empty and ready to be burgled.

 

A government agency needs to be targeting you specifically, and they would just use a court order to access your accounts. All electronic communications can be spoofed or listened-in on. It's the massive volume of data that's transmitted, that makes it's almost impossible to listen-in on individuals. Again, there's easier ways to 'skin a cat'. IMHO

 

I've found that my nosy retired neighbors are the best defense. All it takes is some kind words, X-mas cookies, and airport trinkets - when I arrive back home. They even pickup any amazon packages on my door step if they've been there for more than 12 hours. They may be a bit intrusive if your a professional spy or something.....

 

That IS a serious question!

SMS verification is only one 'Two Factor Authentication.' and it's not bad for most things.
Brokerage accounts are out of my economic depth band but I would do a couple of things:

1. Bills and banking on a separate, dedicated machine - NOT the thing you carry with you everywhere you go watching cat videos and clicking on bait. I use a locked-down Apple device that's in 'Hellen Keller" mode when not in active use on a pretty dern secure home network.
If you live in one of America's crime ridden concrete jungles, you may want to lean away from WiFi for business dedicated machines.
Some people in my orbit have had pretty good success with a dedicated chromebook on a wired home connection - but this is only a five year solution until you have to get another box.
They're CHEAP and it may pencil out to be less expensive and more effective than a five year old 'usta-Apple.'

Due diligence, my friend!

2. See what protections your banks and brokers offer against unauthorized access, IN WRITING.
Banks are safe as houses (2008....) but I have been told by the Googles that the protection that brokerage accounts offer is somewhat conditional.
Again - I fix phones for a living. Find out what REAL Protections exist from several sources who are not financially vested in whether or not you change things, and not some know-it-all internet chucklehead.

I live in a small southern town in "God's waiting room" - or an older retirement neighborhood that is filled with older people, small yippy dogs, lots of Armed Forces - Retired license plates and American flags.
The HOA Nazis do not allow political signs but there are more than one semi-tolerated P45 flags.
They seem to draw the line at Brandon flags, though.
Property crime is not unheard of but there is a neighborhood facebook group that is more efficient and aggressive than CNN used to be back in the 80's.

I'm thinking that we're a hard target for porch piracy, and I'd rather try to break into an ICBM silo in Montana than go through this neighborhood jiggling door handles or looking in windows - Car or House.

USAF security isn't as well armed or as alert.

 

That's a good start. I don't use Chromebooks, but that's a professional preference. I'm more comfortable with MS and familiar with their systems. I was a system admin. for our department and worked closely with IT security. Smaller facility departments called me when they couldn't get a decent response from IT. There was several heated discussions about that with directors, COO, CEO.
Always activate 2-factor identification. This will at least let you know if there's unauthorized activity on your account. Have at least two devices listed as contact sources along with at least two separate email accounts. You can juggle between them if you lose one of the devices and remotely KILL/BRICK the other device. That needs to be setup, before you lose the other device. If you can afford it, a dedicated financial PC is a nice security air-gap. That's the way I run mine. It boots up disconnected from everything and needs to ask permission to connect to the outside world. It's a bit inconvenient, but you know what's going on, what's updating, and patches that are being applied. Since there's limited automation, I've sidestepped several bad MS patches by doing it this way. I don't even do email on that machine.
It may seem a bit paranoid, but I grew up programming this stuff in machine language - most security is focused on the menu access portion of the machine.

Hope this helps......

 

The two factor SMS text I get are only when I log on. The two factor authorization codes are good for usually 10 minutes at most then they are worthless.
Any investment account immediately alerts me when any transactions are scheduled as well as if they detected a log in with our name.
Our bank does the same = if there is a log in to our account we immediately get a notification. You must again receive a code with the two factor authorization and must use it within 2 minutes for our particular bank. And -yes- it does make it hard to log on to our own account sometimes- this two factor authorization is tough for an old man to navigate sometimes- often requiring a couple of login attempts if texts or email is slow at the time.

Again, being a Senior Citizen who has long ago given up our 007 double not spy designation like- Jethro of the Beverly Hilibillies- I doubt this is a problem that is of concern for me or most others.

 

I do find it funny when I log into a service with my phone and the two factor sends a verification code to the same phone.

JeffD

 

All our institutions let you choose a way and device to receive your two-way authorization text/emails on - haven't you designated a different device or method to your preference to receive your codes on?

For example we can receive them on our
Computer
Home Phone
Mobile Phone
Spouses Phone
or choose to call them with our account number in hand and PIN to receive a code over the phone.

You are also able to lock and encrypt sms text if you so desire.



No security is not funny - ATT leaked all of our and millions upon millions of its customer and former customer private information to the dark web - we were one of the former customers affected.

 

That's the exact reason why you shouldn't be accessing your banking/brokerage/retirement accounts through your phone. It's a small device that can easily be lost or stolen and is software/hardware ID'ed as an authorized device. Attaching a credit card account to the phone isn't an issue, because it's air-gapped by credit cards companies terms of use. You have no such protections with debit cards or bank transfers. That money is DIRECTLY pulled from your bank account, the banks investigate, determine if they are going to reimburse you. In the mean time, your out that money. They will look for the slimiest reason to deny your claim; but then again, they are dealing with a lots of fraud.

Hope this helps.....

 

i never considered it before, but every year when we leave for florida, i text family that we're leaving, and keep them posted along the way. maybe we need a code, thanks!

 

I'm sure most of your neighbors know your gone. I'd watch out for the teenagers, in the community. So your house doesn't become the local "party house", while your gone.
That happened to a lot of the 2008, bank foreclosed houses in the neighborhood. It only happened once or twice and the kids got the message - Don't try anything like that in our neighborhood. The kids moved over to another sub-division. One of those neighbors asked us during our annual 4th of July block party, how we dealt with that. We also had the city weed abatement office on speed dial.

 

In many communities if you let the police know you will be gone they will make a run by your house a couple of times during their patrols to keep an eye on things also.