Tony wrote:> Anxiouz wrote:
> (...) The most anyone is going to get
> from hacking a Rewards program is my name and my wife's, our birthdays, phone numbers,
> and home address.
... that information can be more than enough for someone to social engineer their way into convincing someone at customer support that they're you.
Phone numbers can be cloned / faked, too.
My main email address (the gmail one that still uses my old internet alias) has been found in 19 breaches and 1 paste according to that pwned site. I don't like to use 2FA unless absolutely necessary, so all I do now is make sure the password is extremely unique and impossible to crack via normal means. So, the passwords are now randomly generated and especially vulnerable sites get some that are 15 letters or longer.