Found out one of your passwords got breached? Here’s how to fix your online security up real quick.
You may have seen a news story or an email urging you to be cautious about your online security. Between Facebook fails, hotel hacks and an ocean of phishing emails, it’s a precarious time to keep your identity secure online. If you need to get control of your account security quickly, you need to follow a few simple steps.
Find out the size of the problem
You can’t fix something properly until you know how broken it is. Do a mental inventory of all the email addresses you use to sign in, and head over to HaveIBeenPwned (HIBP).
When you read headlines about hackers pinching email addresses, passwords and other personal data, you don’t always find out what they do with it next. The treasure trove of data is often sold on darkweb marketplaces. Buyers will be organised criminal syndicates or anyone looking for a list of targets to launch a phishing campaign or some such. That’s where HIBP comes in handy.
HIBP is run by a security researcher from Australia who scores as many breached records from darkweb marketplaces as he can get his hands on and makes them searchable. By punching in your email to HIBP, you can find out just how many times your email has been found for sale on darkweb marketplaces, and it gives you an idea of where they were breached from.
For example, I’ve been breached three times: when hackers stole data from Adobe, MySpace and Zomato. You may have been breached more or less, but what you can do with this information is powerful.
Sharing isn’t caring
For the love of God: stop setting the same password for everything. I know it’s annoying to have multiple passwords, but I’ll help you with that in a sec.
Think of it like having the same set of keys for every door in your life. Car, mailbox, house, windows, et cetera. If your one key is stolen, that thief can now open every door in your life. It’s the same with passwords: if your identical password gets breached from one service, it’ll be bought by an organised crime syndicate that’s looking for as many personal details as it can, and used by an algorithm to try and sign into every account with that email and password combination. Facebook, banking sites, email, phone. You name it.
Having separate passwords means that if one password is breached, it won’t bring your life down like a house of insecure cards. If you spot something on HIBP that you share passwords with, change it to something long, strong and unique.
Meet the new normal
Passwords are good, but have you heard of passphrases? The human brain is not configured to remember a long string of letters, symbols and numbers, much to the security community’s despair.
Instead, start setting passphrases: a string of three or four words that tell a story you can remember more easily. And from there, start substituting letters for numbers and symbols to strengthen your password. For example, a good passphrase is red bird pounce flag. Don’t use that one though!
Locking it down
This is where I tell you of an easy way to remember all of those unique passwords. It’s called a password manager: a secure vault where all your passwords and passphrases are kept safe, and protected by a single password you remember.
Keep in mind that security is never absolute, and you can never guarantee that by setting unique passphrases that you store in a password locker vault won’t be breached by hackers, but it’s the best thing you can do to keep you safe in the least amount of time.
Go check out LastPass, 1Password or Dashlane, and remember to change your passphrases regularly to keep crims out of your accounts.