Yeah, even the ARM chip on the RPi4 is enough for 1 gbps, I guess. But I already get an A grade on the waveform bufferbloat test, with only 14ms of additional latency. So since I'm not playing any competitive fps games *while* fully saturating my connection with downloads, I don't think it matters. And even then 14ms is not that bad.
Putting ONT in bridge mode comes with its own set of issues unique to each service provider. Tbh, almost all such routers have poor security but it doesn't matter to a typical home connection as nobody is going to DDoS a home connection & nobody would do network intrusion either when there are equally less unsecure but much more financially rewarding small business networks out there. Tplink itself is known to stop providing firmware updates after 3-4 versions/2-3 years depending on the model's popularity/selling targets. Of course the ISP ONT router is typically poor performing so just connect your good router to ONT via ethernet & place it in DMZ zone of ONT & then turn off wifi of ISP ONT & connect all your devices to your own router wifi & use its features like NAT/port forwarding etc.
That risk calculation is not at all that simple. I've been hacked before and I work in a field where it can be very lucrative to target me. I had it happen that my Google accounts were compromised, despite using a 32 character password. Still not sure how that happened. I was travelling internationally, staying in hotels. So maybe I made a mistake while there. Though it seems unlikely I would fall for a MIM fake web portal attack, since I was using https and even a vpn most of the time. But I later found out that my dad's laptop was infected, and it was just there on my home network. So that seems the most likely cause.
That already exclude you from the definition of "typical home user".
More than password length, what matters is which 2FA you used because without that even a 64 character password might not help.
I hope it wasn't some free/Chinese vpn. Also, nowadays win 10/11 default security updates are quite good enough & assuming you follow the standard security guidelines on your pc in the network then someone who could bypass those from your father's laptop would also be very likely capable enough to bypass whatever router security you use in any typical consumer grade hardware available.
2FA is good to have but that's not fool-proof.
I had 2FA with Google Auth turned on for all of my accounts. Password length matters in the context of how long someone running hashcat on a GPU cluster will take to crack it, but that obviously wasn't the vector they used to get me.That already exclude you from the definition of "typical home user".
More than password length, what matters is which 2FA you used because without that even a 64 character password might not help.
I hope it wasn't some free/Chinese vpn. Also, nowadays win 10/11 default security updates are quite good enough & assuming you follow the standard security guidelines on your pc in the network then someone who could bypass those from your father's laptop would also be very likely capable enough to bypass whatever router security you use in any typical consumer grade hardware available.
This is a very good point, damn. I had probably logged into my gmail account on his laptop weeks ago and never logged out. It also explains how they were able to circumvent the 2FA.
