Telorand@reddthat.com
on 19 Dec 14:19
nextcollapse
Do not use a personal virtual private network (VPN). Personal VPNs simply shift residual risks from your internet service provider (ISP) to the VPN provider, often increasing the attack surface. Many free and commercial VPN providers have questionable security and privacy policies. However, if your organization requires a VPN client to access its data, that is a different use case.
Nice try, fed! We all know how trustworthy ISPs are. While I’m at it, why don’t I just install a backdoor for you? Maybe add a keylogger, as a treat?
Most of the advice is prescient, but this one is just stupid.
There are so many VPN providers selling your data, being operated by the feds, operated by cybercriminals etc. it really doesn’t matter just as said in 8.
Migrate away from Short Message Service (SMS)-based MFA
Then they should force banks and other financial institutions to actually implement it. Migrating away from SMS MFA doesn’t work if the service provider doesn’t offer it as an option in the first place.
threaded - newest
Nice try, fed! We all know how trustworthy ISPs are. While I’m at it, why don’t I just install a backdoor for you? Maybe add a keylogger, as a treat?
Most of the advice is prescient, but this one is just stupid.
There are so many VPN providers selling your data, being operated by the feds, operated by cybercriminals etc. it really doesn’t matter just as said in 8.
Then they should force banks and other financial institutions to actually implement it. Migrating away from SMS MFA doesn’t work if the service provider doesn’t offer it as an option in the first place.