I’m sure you hear it all the time, use a strong password which nobody can guess and it’s not your mother’s maiden name or your pet, and NEVER re-use passwords. Most people do re-use passwords, and this can cause a huge problem for you. This blog post is based on a true story, however for the record it wasn’t me!
You wake up Saturday morning and are scrolling through your messages and find messages you have not sent to family and friends asking them if you can borrow money until Monday. Alarm bells start ringing in your head, you don’t remember sending this message, where did it come from, how did it appear? And more importantly, did my friends and family send money to this person who is pretending to be me?
Turns out you was a victim of a security breach. In this case you used the same email address and password on another website, however what has happened is this website has been hacked and the hackers have managed to get your password. They have then tried using that email address and password on other services and managed to get into your social media.
How can I protect myself from this?
Use a unique password for each service you log-in to
NEVER re-use your password on any other services. You can use a password manager service like LastPass to generate unique passwords for each website. These passwords are protected by a ‘master password’ which acts like a vault key to your password vault. You can read more information as to how these work by clicking here.
Check if you have been involved in a data breach
You can check to see if your email address has been involved in a data breach by entering it into HaveIBeenPwned.com and seeing if anything comes up. (If something does not come up, I would be pleasantly surprised for you!). Every day companies are getting compromised and databases are being sold on the dark web. You need to know if you was involved in a breach when it happens, and HaveIBeenPwned provides that service for free. You can sign up to their email alerts so if your email is reported as in a data breach, you are emailed about it at the time.
Enable two-factor authentication where possible
Two factor authentication is a really simple concept; once you have entered your username and password to your favorite services, some services allow you to validate it is actually you by either asking you to provide a SMS code from your phone, providing a time sensitive code / approving the login from your phone or plugging in a specific USB key and authorizing this by using that. This stops somebody getting into your account even if they know the password
Generate strong secure password
Using a service like LastPass, you can generate secure passwords which are as long and as complex as you can think of. I would recommend at-least 12-16 characters using uppercase, lowercase, numbers and symbols when generating a password.
Lastly, change your password regularly
I can appreciate that when you manage a large number of logins, it proves difficult to change your password regularly, however it is good security practices to change your passwords every now and then. I personally change them every 3 months or so, but find what time scale fits for you.