iPhone Password Shockingly Easy To Steal From iOS Users
Krause suggests users refrain from entering credentials into popups altogether. Instead, users should dismiss suspicious dialogs and enter password information in the Settings app. Two-factor authentication might protect against some attacks, but crafty developers can get around the password and code protocol using phishing methods similar to those described above.
Storing ids in Local storage is perfectly alright unless it is something like social security id. Even if some developer did store social security id on local storage, it is not so easy to steal that information from local storage unless the end user has malicious browser plugins. If the end user has malicious plugins then nothing will help.
Stolen logins from social networking sites can even be used to send message spam and steal even more logins for additional sites. Malwarebytes Labs previously reported on hacked LinkedIn accounts being used to spam other users with InMail messages containing bad URLs spoofed, or faked, to look like a Google Docs login page by which cybercriminals could harvest Google usernames and passwords.
Criminals can circulate look-alike QR codes to try and trick unsuspecting users into loading up scam websites. For example, a QR code can be designed to lead you to a seemingly legitimate website from a company you trust. But in reality, the landing page has been designed to log your email address, password, or credit card information and hand it off to scammers.
Just like you must protect your passwords, you must protect any data that can easily identify who you are from those wanting to steal your information and identity. Therefore, be prepared to use false information in answering these security questions. Respond to these question with false information. The trick is you have to remember your lie. Make the answers something only YOU would know.