I lost my laptop while on the street.

[shekinah]

I use a scooter and had it on the bottom. I didn't hear it fall off and since it was old/I had backup/just personal things on it/more up-to-date laptop at home it was kind of an "Oh well." I just made a mental note to take care of my stuff. I did retrace my steps twice trying to find it. I lost it yesterday about 5:30 and thought very little about it until someone accessed my gmail account. They used IE and I use FF. Anyway, I changed google/paypal/ebay passwords. I bank online but do not save that password but I changed it anyway. Is there anything else I should do to protect myself?

 

[Solandri]

Banking accounts (anything that handles money) and your email account (usually used to confirm other accounts) are the important ones.

Next would be any subscription accounts (stuff you pay for), and shopping accounts. You may have saved credit card info on these accounts.

If you've filed taxes online or created accounts on any government websites, you should change those too to protect your identity. But the government is pretty good about enforcing 3-month or 1-year password changes on those accounts.

Finally, if you've got accounts controlling any assets (domain names, website hosting, etc), change those as well.

If you haven't yet, I strongly recommend enabling 2-factor authentication on all of the above accounts that you can. Install the Authy app on your phone (it requires a separate password or passcode every time you use it) instead of Google Authenticator (no separate password, so a thief who has access to your Google account on the phone can use your Authenticator). When you login to one of these accounts, you then have to take out your phone, start the App, and type a code generated by the app into the website in order to complete the login. Authy also synchronizes across multiple devices, so you're not screwed if you do lose your phone.

https/support.google.com/accounts/answer/185839?hl=en
https/www.paypal.com/webapps/mpp/security/security-protections
https/www.amazon.com/gp/help/customer/display.html?nodeId=201962420

Do note that enabling 2FA also makes recovering the account much more difficult should you forget your Authy password, or lose your phone (if you use Authenticator). So make damn sure you protect those. Some sites let you create a few one-time-use passwords to access your account in case this happens. I recommend using that, printing out the codes, and storing them in a safe or safety deposit box.

 

[mrmez]

Not saving passwords on a mobile device is a good start, and you obviously should have a password to access windows.

Some mobile devices are very secure, but we usually ASSUME once a device is lost, whomever has it will have access to EVERYTHING!

Resetting passwords is about all you can do now. On a future device (depending on what it is), there is more you can do depending on how sensitive your data is.

I use apple products and while my data isn't that sensitive, there is a lot I do.
-Password to every device is ESSENTIAL.
-Find my phone (works on phone, laptop, desktop etc). I can track my device, make it play a sound, or wipe it remotely.
-iOS has full encryption but I can further add this to OSX.

 

[shekinah]

Both answers were great and very informative. I chose Solandri's as the best because he told me how to enable 2 factor authentication.

Whoever found my laptop disabled my Tracfone/cancelled my Tracfone account?

I wish I could wipe the harddrive remotely. I tried to remove any sensitive data but when your bank account is $6 by the 20th of the month, hopefully no one will try to make a withdrawal.

 

[shekinah]

Banking accounts (anything that handles money) and your email account (usually used to confirm other accounts) are the important ones.

Next would be any subscription accounts (stuff you pay for), and shopping accounts. You may have saved credit card info on these accounts.

If you've filed taxes online or created accounts on any government websites, you should change those too to protect your identity. But the government is pretty good about enforcing 3-month or 1-year password changes on those accounts.

Finally, if you've got accounts controlling any assets (domain names, website hosting, etc), change those as well.

If you haven't yet, I strongly recommend enabling 2-factor authentication on all of the above accounts that you can. Install the Authy app on your phone (it requires a separate password or passcode every time you use it) instead of Google Authenticator (no separate password, so a thief who has access to your Google account on the phone can use your Authenticator). When you login to one of these accounts, you then have to take out your phone, start the App, and type a code generated by the app into the website in order to complete the login. Authy also synchronizes across multiple devices, so you're not screwed if you do lose your phone.

https/support.google.com/accounts/answer/185839?hl=en
https/www.paypal.com/webapps/mpp/security/security-protections
https/www.amazon.com/gp/help/customer/display.html?nodeId=201962420

Do note that enabling 2FA also makes recovering the account much more difficult should you forget your Authy password, or lose your phone (if you use Authenticator). So make damn sure you protect those. Some sites let you create a few one-time-use passwords to access your account in case this happens. I recommend using that, printing out the codes, and storing them in a safe or safety deposit box.

I just wanted you to know I moved out of state in July. Hopefully, there will be no more incidents with unauthorized access.

 

[shekinah]

Not saving passwords on a mobile device is a good start, and you obviously should have a password to access windows.

Some mobile devices are very secure, but we usually ASSUME once a device is lost, whomever has it will have access to EVERYTHING!

Resetting passwords is about all you can do now. On a future device (depending on what it is), there is more you can do depending on how sensitive your data is.

I use apple products and while my data isn't that sensitive, there is a lot I do.
-Password to every device is ESSENTIAL.
-Find my phone (works on phone, laptop, desktop etc). I can track my device, make it play a sound, or wipe it remotely.
-iOS has full encryption but I can further add this to OSX.

I just wanted you to know I moved out of state in July. Hopefully, there will be no more incidents with unauthorized access.

Question: I tried to put Find my Phone on this laptop and couldn't.

 

[shekinah]

Not saving passwords on a mobile device is a good start, and you obviously should have a password to access windows.

Some mobile devices are very secure, but we usually ASSUME once a device is lost, whomever has it will have access to EVERYTHING!

Resetting passwords is about all you can do now. On a future device (depending on what it is), there is more you can do depending on how sensitive your data is.

I use apple products and while my data isn't that sensitive, there is a lot I do.
-Password to every device is ESSENTIAL.
-Find my phone (works on phone, laptop, desktop etc). I can track my device, make it play a sound, or wipe it remotely.
-iOS has full encryption but I can further add this to OSX.

I just wanted you to know I moved out of state in July. Hopefully, there will be no more incidents with unauthorized access.

Question: I tried to put Find my Phone on this laptop and couldn't.

 

[jsmithepa]

Since day1 I always have a sign on pwd on my laptop. I figure is not if, is when I will lose it, being stolen etc. That is the outside door. And I do maintain personal info in an excel file, which I have it encrypted, and the file IS NOT named PERSONAL INFO, an whoever get this laptop has no idea that this particular file is of import.

Now I have a Mac, which as a built-in Find-Your-Mac feature, haven't have to use it yet, knock-on-wood. Wonder why PC vendors don't have similar.