How To Protect Your Privacy And Information
In 2022, Ebay and PayPal have long since discontinued support for the old physical security token keys.
Ebay Security In 2022
In place of the old token keys, Ebay now offers a text / sms message code to your phone option. It provides an extra step of security unless your phone gets stolen and you use Ebay's app on your phone and leave it signed in, or your phone web browser has your Ebay password stored. In that case, kiss you Ebay account and all the financial account information that Ebay now requires of sellers to use part its Managed Payments system.
For this reason, I no longer have the Ebay app on my phone, and I still have the store Ebay password and account name from stored in my phone's web browser, but you'll have to be a hacker to get to it.
I also use a free app called Norton Lock that allows me to password protect any app or main function on my smart phone, so even if you steal my phone or borrow my phone, you'll need an entirely different password than the password that locks my phone to use anything I consider vulnerable.
It's kind of difficult to believe that eBay uses such an insecure method of third step account protection in 2022. Compared to the old discontinued token key which were an actual physical key, Ebay's "New" security replacement is a downgrade.
2014 Video Details
In 2014 Ebay was hacked and though you probably have long forgotten about it, or maybe didn't even know that thousands of sellers and shoppers information fell into the hands of those desiring to sell the information or use it for other purposes occurred.
But not everyone selling or shopping on eBay fell victim, some of us had a digital road block in place, in addition to our passwords. But its not something promoted heavily on eBay or PayPal any more, in fact finding any information about it can be very challenging.
I am referring to Security Token Keys, and in my personal opinion, anyone not taking advantage of this technology was irresponsible.
PayPal Security in 2022
I have to give credit where credit is due, and despite being disappointed when PayPal dropped support of physical token Key's they were smarter than eBay, by setting up the Authy app to generate a token key. The Authy app does the same thing as a physical token key, but inside an app. It is also technically more secure than the older physical token key, because it has two layers of passwords to get inside. I of course use two different passwords with my Authy. If you stole or borrowed my phone, you would also need the password to get into my phone which is different from the others, (assuming I didn't leave the phone open) and you would also need the password to unlock the Norton Lock.
I learned the hard way that like on line is risky. I've had my medical records involved in hacks, a major credit card service hacked, yahoo account hacked, Target Store account hacked, Golden Corral account hacked, Facebook has been breached more than once, lots and lots of my information was leaked and sold on the dark web for identity theft. But the worse hacks were the credit card reporting agency hack and the medical record hacks because of the information that store online.
For many years I had been using variations of the same password and same e-mail for everything I did online. Thanks to Google Security, I was tipped off that my passwords and e-mail were involved in multiple non-Google breaches. When I went to look into it, I had multiple hundreds of old accounts that used one of three old passwords and the same e-mail. It took a few years to clean that mistake up.
So besides using a third party or third step security method in addition to your PayPal, Ebay, bank account password, what can you do to make it safer?
- Use a unique password for every website, online account that you join.
- Use a combination of upper and lower case letters, numbers and what ever symbols that website or app allows to mix things up.
- Do not use common words, names, phone numbers, you address, your age, your children's name, your maiden name, etc. These are the first things hacker use to break into your account. So avoid them.
- Make your password 18 to 25 characters long, or longer. I realize that long passwords impossible to remember, so you'll need to keep a record and store it somewhere protected, like a fireproof home safe. Some people use a app to store all their passwords in, but since a few of those have been hacked and breached in the recent pass, I personally do not recommend them.
- For about $15 a year, you can purchase (rent) a website domain name from namecheap.com if you see anything priced higher, don't waste your money. For example, the domain of this website is randydreammaker.com. With your own domain name, you can create forwarding addresses for your e-mail. For example, I could create an e-mail forward called, Twitter @ Randydreammaker.com and I would use forwarding e-mail when signing up for twitter. I would point that e-mail address to forward all mail received from it to my personal e-mail account at Superman @ hotmail.com. With a domain name at any domain register worth a dime, you can pretty much set up as many forwarding email addresses as you need. This is a great security method, you'll simply create a forwarding e-mail for each new account you create. This way, both your password and e-mail is unique.
- Take advantage of any 2FA security methods a website offers. 2FA is a term used to describe the kind of second layer protection method. Similar to a physical key, it adds an extra step to logging into an account, besides knowing the user name, e-mail address and password. A token number will be generated and either texted to your phone, or require to use an authentication app like Authy. Microsoft and Google also has their own code authentication app you can use as an alternative.
- Set a short time-out on your phone.
- Since finger print scanners and face recognition scanners can be fooled as login in methods, create a long password using the methods already described in addition to any physical recognition system.
- One last step you can take is use a fake name or a modified name when you sign up for something online. Yes I know places like Facebook want your real name and threaten you about using a fake name. That's because the need your real name to connect and cross-reference public databases, credit records, stores you registered with, etc. That's how they make billions of dollars. You should be concerned knowing that when the top government secret agencies need know information about a persons buying habits, shopping habits, hobbies, sexual interest, age, hangouts, etc. they use a court order to obtain it from Facebook. Some if your name is Jerry Munchin in reality, maybe you your be Ted Logan instead, at least to websites that are not legal like banks, government, etc. where you need to use your real name.
In 2022 its more important than ever to take extra steps and a little bit more time when signing up from all the apps and website you use.
One of the worse data breaches I have encountered is an exercise app I used got breached. I hadn't used it for two years when they were breached. The app didn't offer a method to delete the account that it required me to sign up to use. I had thought, just uninstalling it would be good enough, but it wasn't.
That exercise tracking app MyFitnessPal in 2018, had my real name, password and a "burner phone number" I gave out to "not essential apps and websites". MyFitnessPal information ended up on the dark web being sold, ended up being used in other hacks, my name, e-mail address and maps of everywhere I had used it when cycling.
That was around five years ago now, but I still get e-mail threats demanding money. Their scam line goes something like this in the e-mail.
"I know what you've been doing, I hacked into your account (They give the account name I used) and installed and back-end virus that let me view and record everything you were doing online. I saw you looking at those porn videos (or whatever they think will work) and I screen recorded what you were doing through your camera. If you don't pay me by (some date) (some amount of money or bitcoin), I'm going to upload it and leak it for all your friends and neighborhood to view. You wouldn't want that would you? I didn't think so".
Fortunately for me, I don't look at porn, my lap top has a piece of black gaffers tape over the lens and my web cam I leave unplugged unless I am filming a video for YouTube. So I can just report them as phishing and spam and ignore them.
But the first time I got one of those e-mails, and they put the account name I had been using all over the web and apps, along with a portion of the password, it did freak me out. Again, fortunate for me, I hadn't been using either of them for at least a year of more because of the Yahoo e-mail breach.
Web and App creators can place all the mumbo jumbo legal threats that they want in their user policies to try to intimidate you into giving them your real name and cell phone number, but its all smoke and mirrors. Even if they close your account, you're not really losing anything that valuable.
I use a free web phone number for any account that I sign up for and I have it set to transcribe the message and forward it to my e-mail or if they use it for confirmation code purposes like on eBay, I have that forwarded to my private cell phone. Sorry, but I'm not for sale, and my personal life, what I enjoy doing, where I go, who I spend time with, etc. That is none of your business.
If you want to be super safe, then close your Facebook account, and pay for your own private e-mail service so you can stop using free e-mail. You know the old saying, "Nothing in life is free". The same is true on the internet. Someone giving you something for free is making information by scrapping and selling your profile data and information.
I hope these tips will help you secure your identity better online. You can not depend on a website or app provide to secure your information. Facebook is proof of that.
