Should I be concerned about websites emailing me my plaintext password after signing up? [duplicate]

In multiple instances lately, I have received the plaintext passwords I entered(not given to me) emailed to me after signing up. The sites in question have been legitimate small businesses, so I suspected it was a default setting. Is this something I as a user should be worried about? In other words, are they not only storing my password in plaintext but sharing it with my mail provider? Here is a link to one example screenshot, too large to fit in the post.

[ Politics ] Open Question : Why are we concerned about 200k americans dying from coronavirus when 1 million americans are aborted each year?

I think it’s great that we are concerned about 200k americans dying from coronavirus… but i think it’s illogical to be concerned about 200,000 americans dying from that virus whereas at the same time each year around 1 million american babies are aborted.. why so much incoherence?

As far as Spell Components are concerned, what do “retrieve”, “manipulate” and “stow” mean?

From Core Rulebook (p. 303):

Focus: A focus is an object that funnels the magical energy of the spell. The spell gains the manipulate trait and requires you to either have a free hand to retrieve the focus listed in the spell or already be holding the focus in your hand. As part of Casting the Spell, you retrieve the focus (if necessary), manipulate it, and can stow it again if you so choose.

And from Compoment Substitution section, on the same page:

If you’re a cleric Casting a Spell from the divine tradition while holding a divine focus (such as a religious symbol or text), you can replace any material component the spell requires by using the divine focus as a focus component instead. Unlike the normal rules for a focus component, you can’t retrieve or stow the focus when making this substitution.

I am having trouble understanding why the “retrieve”, “manipulate” and “stow” verbs are mentioned separately and what do they mean in this specific context. Also, why is it explicitly mentioned that you can’t do those things (“retrieve” and “stow”) if you are a cleric and you use your holy symbol as substitution? Does this somehow affect you, your religious symbol, your spell or anything else?

Could anyone provide some clarification or point me to a related page from the rulebook?

Is trying to break a door considered a hostile action, as far as Sanctuary spell is concerned?

On page 366 of Pathfinder 2e Core Rulebook, for the Sanctuary spell it states:

You ward a creature with protective energy that deters enemy attacks. Creatures attempting to attack the target must attempt a Will save each time. If the target uses a hostile action, the spell ends.”

Does trying to break a door count as a hostile action? It does not specify if the action is considered hostile only if it is directed towards a creature.

My email address is being used to enroll for online services. Should I be concerned?

Just before Christmas I received the following message in one of my GMail accounts:

attempt was blocked
******** [redacted by me]

Someone just used your password to try to sign into your account. Google blocked them, but you should check what happened.

I signed into that account and looked at the activity (not by clicking the link in the message, of course) and indeed there was a sign in attempt blocked from the Philippines.

I gather this means that an attacker entered the correct user name and password for my account, but was likely blocked because they couldn’t pass the MFA challenge. Or maybe Google’s fraud detection is actually decent and it knows I’ve never been to the Philippines? Either way, I immediately changed the password and (as far as I know) the attacker didn’t gain control of the account.

However, in the 2 weeks since then, I have received several email verification requests from various online services that I never signed up for — Spotify, OKCupid, a Nissan dealership in Pennsylvania (that one’s interesting), and a few others I’ve never heard of before. Someone out there is actively using my GMail address to enroll for these services.

The account in question is not my main account, and while the password on it was admittedly weak, it was also unique (I never used it on anything else). I changed it to a password that’s much stronger now.

Should I be concerned about this?

Also, if the attacker didn’t gain control of the account, why use it to enroll in all these services?

How concerned should we be about RFID skimming?

I’ve heard/read several pentesting stories where the pentesters clone RFID badges. I’ve also seen some articles saying RFID skimming is a negligibly small problem. The RFID skimming I’m talking about is where someone walks up to you to skim your card or “fires” a “skimming beam” from a distance, and not where you actively (unintentionally) put your card on/in a skimmer like on ATM machines.

How common is RFID skimming? How concerned should the average Joe be about it?

(If I have some money, especially if I have access to some confidential data, I would definitely get anti-skimming stuff, but that doesn’t sound like most people)

Google SMS verification codes broken on a loop – should I be concerned?

So this is a little out of the ordinary. Not sure what to make of it. I’ve enable 2-Step Verification on a Google account.

When opening mail or other G-related services, it sends an SMS(text message) to my cell, with a code. That code is used to complete the login to mailbox… But obviously you already knew that !

A few weeks back, few minutes after a successful login, I received the same code again. Figured it was a cell provider glitch. Then again. And again the same code. So on for a day or so.. weird, but didn’t think more of it, life goes on.

Except that now everytime loging in to Google, same happens, which is concerning.
I ruled out the phone itself as a cause (iPhone), it’s in good health, recently restored to factory settings, and the glitch is only with codes from Google.

I’ve made an illustrated screenshot, with timestamps visible.. see for yourself 🙂

For clarity : while receiving the SAME code again i’m still logged in and experience no disruption on the web.

From the Google help :
Note: If you received multiple verification codes, only the newest one will work. If you requested multiple verification codes, keep in mind that it might take some time for the latest code to arrive.

Usually when you request a code again, it’s supposed to send a new one, so doesn’t look like someone is trying my account over and over again.

Any of you smarties have a clue what might be in play?

enter image description here

Are airlines responsible for Airport security or Airports concerned or third-parties on terminal-side?

In Indian Airports, all sort of terminal-side security is done by CISF . They do all the frisking and baggage screening etc. I am concerned more for the terminal-side security rather than airside where it comes under the airlines domain.

Is it similar in the rest of the world or are airlines responsible? Some notable incidents I recall are the recent Brussels Airport attack, and the 2015 Sabiha Gökçen Airport bombing. I would suspect most airports now are under some sort of integrated command and control center modeled on the American system after 9/11 rather than have disparate silo-based security which may have holes that both terrorists and criminals may be able to get through.