Sheather

You're right, and thank you for the information and articles in this thread. They have been really easy to follow and informative. I guess I got a bit rambling in the last post, wrote it while tired, which is generally a bad idea. I'll try to make sure I'm implementing some of the good practices mentioned and keep myself secure moving forward.

Okay, so I didn't know that the "log in with other account" can bypass 2FA for the account to log in, so that is interesting. Outside of that though, if I already have 2FA set up with the Facebook or Google account that I'm using to log in to these sites, then that account is secure outside of a physical security breach, right? If someone did get their hands on my phone, would they still need to be able to get in with passcode or fingerprint? I always thought that the standard passcode encryption would be strong enough that I'd not be vulnerable to the thief logging in to random accounts due to saved credentials. And if they got their hands on my phone and it was unlocked, then I'm kinda screwed either way aren't I? Or is the argument here that if you're using a password keeping application that there's 1 more layer to your security? If I'm using at least even very very basic security best practices, isn't it almost vanishingly unlikely that the change actually becomes relevant?

Hey, I'm pretty new to this, and got here doing a search for the original email text. I wouldn't have posted but something has got my curiosity. Is this particularly relevant if you have 2 factor or 2 step security enabled against those accounts? If the site gets broken into and you're signed in via Google, for example, and not using the Google password on any other services, is the 2FA going to be enough to secure yourself anyway, or is it still very important to create new accounts for each site you visit? I'm just now coming to terms with the degree that I've had bad habits re: security over the last years. Cheers, Sheather