Dyspnia

Get Started. It's Free
or sign up with your email address
Rocket clouds
Dyspnia by Mind Map: Dyspnia

1. test

2. could be used by attacker to 'validate' a request to change another account

3. not to allow phone requests to change account

4. All that's needed to get into this:

4.1. email address, billing address and the last four digits of a credit card number

5. If you must

5.1. use a bank that has both

5.1.1. 2-factor identification

5.1.2. partial password entry

5.1.2.1. where the parts vary

6. free

6.1. gmail

6.1.1. mobile phone

6.1.1.1. 2-factor authentication

6.2. yahoo

6.3. etc.

7. not to allow phone requests to change account

7.1. AntiVirus

8. PayPal

8.1. ask support

8.1.1. not to release any data by phone

9. Amazon

9.1. AWS account

9.1.1. if you have one

9.1.1.1. separate it from Amazon personal account

9.2. Amazon personal account

10. as soon as new version released

11. namecheap.com; enom.com

12. Apple

12.1. iCloud/ iTunes/ AppleID

13. Ask iCloud support

14. Ask Amazon support:

14.1. lock account

15. use a password manager

15.1. that doesn't store passwords online

16. use more secure ones

17. use a private WHOIS to hide personal info

18. double check that they have your name right

18.1. on own domain

18.1.1. easier for you to control

18.2. or personal details checked won't match

19. attacker can

19.1. change password on all websites using a known email

20. if compromised

20.1. When on phone to support

21. Facebook

22. email addresses

23. domains

23.1. registrar

23.2. host

24. e-commerce accounts

25. social media

25.1. Twitter

25.1.1. Settings: security & privacy

25.1.1.1. <= activate

25.1.1.1.1. Require personal information to reset my password

25.1.1.1.2. send login verification requests to my phone

25.1.2. attack attempted

25.1.2.1. new email address

25.2. Instagram

25.3. Wiki

25.3.1. update

25.4. blog

25.4.1. update

25.4.1.1. platform (e.g. WordPress)

25.4.1.2. plugins

25.4.1.3. theme

25.4.2. harden with

25.4.2.1. security plugins

25.4.2.1.1. WordPress file monitor

25.4.2.1.2. Limit login attempts

25.4.2.1.3. WP security

25.4.3. admin account

25.4.3.1. don't call it 'admin'!

25.4.3.2. don't post under this

25.4.3.3. post with an editor account instead

25.4.4. account name

25.4.4.1. should be different from publicly visible name

26. banking

26.1. Don't!

27. Sources: http://thenextweb.com/socialmedia/2014/01/29/lost-50000-twitter-username/ http://d.pr/n/KUMK http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/ Initiated by Roy Grubb of The Visual Thinking Center http://www.mind-mapping.org/Visual-Thinking-Center.html

28. passwords

28.1. use strong ones

28.2. Don't re-use

28.3. Don't save in a spreadsheet or word document on your computer

28.4. Use a program like 1Password

29. Keep good backups

29.1. or you could lose everything

29.1.1. see how here:

30. Keepass

31. Test