Got totally scammed. Login.gov supposedly sent me a very official looking email saying someone had logged in a few hours ago. Nobody logged in a few hours ago. I scanned the header and it looked legit.
It recommended that I change my password. Clicked the change password button (without looking at the URL it was directing me to) and went to a very official looking page. But it only asked for the new password once. That should have stopped me but I still clicked. Then immediately tried to login with the new password and I realized I was cooked. So I immediately changed passwords on sites that used that old password and properly changed the password on login.gov I am seriously considering going to a password managers. I know nothing about them, how they work or if they are trustworthy. I use 2FA everywhere I can. Opinions?
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
