FREE NEWSLETTER
Go to main Forum page »
My wife and I received letters in the mail today from Conduent, and underneath this name Return to Kroll.
I was suspicious so Googled it. This is what I found:
In early 2025, Conduent experienced a cyberattack where hackers accessed their systems, stealing personal data (names, SSNs, medical info) of over 10 million people, impacting users of various state agencies and health insurers like BCBS.
This is the fourth such data breach affecting me in the past few years.
As I posted recently this will not stop until congress passes a law the results in painful fines for companies’ lack of taking the security of our data seriously and these hacks become rare.
This is also why I feel a paper list of my passwords in a fire safe is more secure than password manager. All I hear is about how password manager are secure due to encryption
Evolving technology makes going back to papers an inadequate defense against identity theft in the AI era. We live in a world where digital footprint with our identity is inescapable, but there are technologies to protect us too. The strongest ones
1) Foundation: Vigilance, Safety Mindset / online habit – Scam avoidance is top priority. Credit Freeze.
2) Physical layer:
Our phones, iPad, computer – more critical than cash and wallet
Physical security keys – Google Titan Security key, Yubikey with backup: fast, convenient, durable protection
3) Digital layer:
Authenticator App for 2 Factor Authentication – not SMS texting to phone
Passkey?
ID theft protection? maybe Companies like LifeLock, Aura, and Identity Guard
I thought 2 factor authentication was a set of numbers texted to your phone. Not so?
Security is a complex topic requiring a clear perspective of the threat one is trying to mitigate. I use a fee based password manager with an excellent reputation, independent security audits, and the vendor doesn’t have the ability to decrypt my password repository. Plus the product uses a 2 key system so access to my repository is restricted to devices it was preinstalled upon, the installation of which requires access to both keys (neither of which the password manager company has access to). Plus if the product is compromised I believe it is highly likely it will be detected and the customers notified. Who will notice and report to the owner if the paper copy of their password list is compromised in their house, safe deposit box, or wherever? Thanks for raising the concern, but I’m sticking with a modern, mature, and well vetted password manager. Gene
Use locally hosted password manager, of course if you click on the wrong link and install a malware… all bets are off.
Passkeys are very promising but only a handful of companies offer them now.
”Peppering” your passwords might also work (this where you add a token that only you know to the beginning or end of a stored password.
managing multiples of 10 passwords on a paper will quickly get super frustrating (and won’t help if you accidentally install info stealing malware).
I’m presently working with a burned out caregiver (sole caregiver the last 3+ years for husband with Alzheimer’s). She’s let her financial life ride on autopilot for over a year. She can’t find her paper-based password list anymore. 🙁
As per advice here and elsewhere, I’ve given my paper list to two trusted individuals who know and trust each other. The only ones I’m really concerned with are those granting access to my financial accounts. I don’t worry about letting them know when I download a new app and create a new password.
While I agree with you on fines for company’s which do not keep our data safe, keeping PWs on paper isn’t wise. And, you cannot generate random PWs without the support of a PW manager. My PW manager stores all of my data only on my local devices, not in their cloud. There is no chance that it can be lost if the company that sold me the program is hacked.
I do store the data in a cloud, but it is encrypted on my device before it is uploaded. Without the cloud, I could not sync the PW data across multiple devices.
I doubt that encryption is going to be secure much longer with the increase in computer power.
Exactly! But, you have to do the best you can in any environment. PassKeys with their biometric, device based add on will help. If quantum computing becomes real, encryption, and even the blockchain (Bitcoin) will fall.
Passkeys are good – infinitely better than passwords.
The encryption gurus are well ahead of the curve and have devised new techniques that are quantum invulnerable (based on today’s science).