How good are you at protecting your passwords? We take a look at how you can minimize the damage of having your personal data hacked by keeping your passwords safe.
Oh dear. I’ve gone the full Edward Snowdon and become more than a little paranoid about online security.
It all started last month with concerns over logins for our new mapahub meetup website for house sitters and digital nomads. I kept getting nagging reminders telling me the site wasn’t secure, and that it might not be wise to enter a password here.
Well, as developer of the website I had to resolve this, and as a result mapahub is now a fully secured website.
But my research revealed a serious flaw in my own personal online security habits.
I use pretty-much the same username and password combination across many websites, and for a while I’ve been vaguely aware that this probably isn’t a good idea.
The real issue is that if someone manages to get hold of your username and password from one website, they can easily try this same combination at other more important websites. If you use the same login for your banking as for your other, less important accounts, you could still be easily compromised.
Equifax US Credit Rating Firm Hacked
Just last Friday (8th September 2017), a full scale investigation began after it was feared that the personal data of up to 44 million British consumers had been stolen by hackers in a massive cyber attack.
Many of these consumers will be unaware that their data was held by US company Equifax. But if you’re a customer of British Telecom (BT), Capital One or British Gas, it’s possible that Equifax was used to obtain your credit check data.
What’s more shocking is that in the US up to 143 million people could be affected. And even more shocking to me even than that, is that this breach was discovered in May/June 2017, but it has only just been disclosed!
More than 180,000,000 people affected in North America and UK alone
According to the Telegraph, “The stolen information includes names, social security numbers, dates of birth, addresses and, in some instances, driver’s license details. It is also thought that around 209,000 credit card numbers were also stolen.
Equifax said: “limited personal information” from British and Canadian residents had been compromised.”
The scale of this massive breach is still being assessed, and a quick online search will bring you up-to-date with findings.
Massive data breach at eBay
With somewhat synchronous timing I also received an email from a friend who had recently had his eBay account hacked. He hadn’t used his account for some time, but the consequences could have been disastrous.
Many people link their eBay account to their Paypal account, and of course, their Paypal account is linked to their bank account.
It isn’t hard for an experienced hacker to follow the trail back to the bank account, particularly if all passwords used are the same. Quite suddenly all your money could be gone!
How had his account been compromised?
Well, the damage was done back in 2014 when eBay suffered their own massive data breach – 148 million customer accounts compromised. It was the second biggest security breach of all time. Usernames, passwords, email addresses, physical addresses, phone numbers and more. Read more about that story here: http://info.rippleshot.com/blog/ebay
Were you one of these customers?
I don’t know if I was, but last week was the first I’d heard of this. I never received an email from eBay in 2014 suggesting I should change my password. And my eBay username and password combination could possibly access much more if they fell into the wrong hands.
How to Create Secure Passwords
So how do you start by protecting your passwords?
Well, I’ve had a very busy week.
The obvious answer is that every website you visit that requires a login should have a different password. These passwords also need to be strong and random. Not your pet’s name, not your mum’s maiden name, and certainly not your date of birth backwards, or your favourite type of ice cream.
A password should look something like this:
But how on earth do you remember that?
How do you record a different one for each of 50 or more sites you use? You can get your browser to remember your passwords, but there is a serious concern here too.
If your laptop gets stolen it takes about 10 seconds to find all of those stored passwords.
Do you use Firefox as your browser? Just try this little exercise:
Go to: Tools > Options > Security > Saved Logins
and then click the “Show Passwords” button, and click “Yes”
I was shocked.
How easily could your laptop be stolen? And the thief would have immediate access to all of this information unless you’ve turned this option off.
Maybe you store your passwords in a text file or spreadsheet? Once again, if you lose your computer or phone, all this is available to the thief.
How can you protect your passwords?
Dashlane was created with the belief that your passwords and data should always be secure, private, and accessible to only you.
My friend who had his account breached at eBay had the answer. He now uses a password management tool called Dashlane. Every password he has is different. So even with his eBay username and password the hacker could get no further. There wasn’t another single account anywhere that used the same combination.
I looked at the FREE version of Dashlane in some detail, and decided to give it a try.
I can say without reservation that a week later I feel 100x more secure than I did before.
Dashlane can create unique and secure passwords, and stores them safely behind a master password login. It can import all your passwords from your browser – I had 72 in there – and then make an assessment of your security level. I was around 28% secure, because I had 17 weak passwords, and 46 passwords that had been used more than one time!!
When I looked through these I was amazed at how easily I could lose so much.
I quickly got to work.
I’ve really enjoyed the process of changing most of my passwords, upgrading my security, and feeling more and more confident about my online safety.
It took a while, but this morning I hit 100% security. “You’re a CHAMP,” Dashlane told me.
I certainly feel like a bit of a weight has been lifted.
And the cost? Absolutely nothing but my time!
Dashlane does have a Premium option, which allows password sharing, synchronizing across several devices, and more. There’s also a version for businesses which handles multiple users.
But for free you really can achieve a lot.