Dyspnia

Get Started. It's Free
or sign up with your email address
Rocket clouds
Dyspnia by Mind Map: Dyspnia

1. could be used by attacker to 'validate' a request to change another account

2. not to allow phone requests to change account

3. All that's needed to get into this:

3.1. email address, billing address and the last four digits of a credit card number

4. If you must

4.1. use a bank that has both

4.1.1. 2-factor identification

4.1.2. partial password entry

4.1.2.1. where the parts vary

5. free

5.1. gmail

5.1.1. mobile phone

5.1.1.1. 2-factor authentication

5.2. yahoo

5.3. etc.

6. not to allow phone requests to change account

7. PayPal

7.1. ask support

7.1.1. not to release any data by phone

8. Amazon

8.1. AWS account

8.1.1. if you have one

8.1.1.1. separate it from Amazon personal account

8.2. Amazon personal account

9. as soon as new version released

10. namecheap.com; enom.com

11. Apple

11.1. iCloud/ iTunes/ AppleID

12. Ask iCloud support

13. Ask Amazon support:

13.1. lock account

14. use a password manager

14.1. that doesn't store passwords online

15. use more secure ones

16. use a private WHOIS to hide personal info

17. double check that they have your name right

17.1. on own domain

17.1.1. easier for you to control

17.2. or personal details checked won't match

18. attacker can

18.1. change password on all websites using a known email

19. if compromised

19.1. When on phone to support

20. Facebook

21. email addresses

21.1. test

22. domains

22.1. registrar

22.2. host

23. e-commerce accounts

24. social media

24.1. Twitter

24.1.1. Settings: security & privacy

24.1.1.1. <= activate

24.1.1.1.1. Require personal information to reset my password

24.1.1.1.2. send login verification requests to my phone

24.1.2. attack attempted

24.1.2.1. new email address

24.2. Instagram

24.3. Wiki

24.3.1. update

24.4. blog

24.4.1. update

24.4.1.1. platform (e.g. WordPress)

24.4.1.2. plugins

24.4.1.3. theme

24.4.2. harden with

24.4.2.1. security plugins

24.4.2.1.1. WordPress file monitor

24.4.2.1.2. Limit login attempts

24.4.2.1.3. WP security

24.4.2.1.4. AntiVirus

24.4.3. admin account

24.4.3.1. don't call it 'admin'!

24.4.3.2. don't post under this

24.4.3.3. post with an editor account instead

24.4.4. account name

24.4.4.1. should be different from publicly visible name

25. banking

25.1. Don't!

26. Sources: http://thenextweb.com/socialmedia/2014/01/29/lost-50000-twitter-username/ http://d.pr/n/KUMK http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/ Initiated by Roy Grubb of The Visual Thinking Center http://www.mind-mapping.org/Visual-Thinking-Center.html

27. passwords

27.1. use strong ones

27.2. Don't re-use

27.3. Don't save in a spreadsheet or word document on your computer

27.4. Use a program like 1Password

28. Keep good backups

28.1. or you could lose everything

28.1.1. see how here:

29. Keepass

30. Test