password management
2 articles with this tag
Choosing MFA the right way: what 'phishing-resistant' means, and why SMS is weak
MFA is a second lock so a leaked password alone can't get you in — but what you turn on changes its strength by three tiers. SMS/email codes fall to relay phishing and SIM-swap; authenticator apps (TOTP) are mid; passkeys/security keys (FIDO2) can't be presented to a fake site at all — that's phishing resistance. Top priority: put phishing-resistant MFA on the keys to the kingdom (email, domain, payments). Storing recovery codes and having a backup factor complete the setup.
Is storing your passwords in Google Drive safe? How to keep them properly
Keeping passwords in a plaintext Google Doc/Sheet is dangerous: one Google account becomes the single point of failure for every password — account takeover, a rogue connected app, or phishing leaks them all at once. The fix is a dedicated password manager (contents stay encrypted even when synced). If you must use Drive, store only an encrypted vault file and put phishing-resistant MFA on the account.