How safe are your online accounts .

by | Apr 9, 2021 | Web Security | 0 comments

When you get an email that tells you that your
email address has been found on a list of passwords
from a compromised website it’s a bit late to think
about you password security or is it..

Bruce Schneier

Bruce Schneier

American cryptographer

The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it’s easy to remember, it’s something nonrandom like ‘Susan.’ And if it’s random, like ‘r7U2*Qnp,’ then it’s not easy to remember.

“When you get an email that tells you that your email address has been found on a list of passwords from a compromised website it’s a bit late to think about you password security or is it..

That happened to me a few years ago and since then things have got much worse with data breeches being a weekly occurrence, although not always in the mainstream media. It was certainly a catalyst to start thinking about how secure my online presence was and how I could improve it. This lead me to look at my password security, password manager software and the impact that multi use passwords could have on my online security and that of my customers and business.

To help you get a quick idea how you could  improve your own online safety we have put together a short video covering password manager options, and why your really should use one. If it helps and you would like to see more such videos then please like and subscribe to our new Youtube Channel.

“Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.”

Cliford Stoll

How do I know if my passwords are available on the internet?

If you want to check if your email address has been compromised, we would advise visiting have i been pwned. This is a free website and allows you to register in case your email address appears in a future breach.

Password Manager

There are a number of Password Managers available that allow you to keep track of your passwords and offer other benefits. We are not affiliated to any of them, so here is a list of some that are available. We really don’t mind which one you choose but we would recommend using a password manager to keep your accounts safe. Password security is something that you should be taking more and more seriously so dive in….

AntiVirus

Again we are not affiliated with any of these product but this list serves as a starting point for you to explore a suitable AntiVirus package that best suits your needs.

VPN Software

VPN (Virtual Private Network) Software allows you to encrypt your web traffic. This is especially useful when you are using public networks such as hotels and cafes. Again we are not affiliated with any of these product but this list serves as a starting point for you to explore a suitable AntiVirus package that best suits your needs.

If you have any comments or questions then feel free to email us at [email protected]

Video Transcript

Everyday in the news we hear about servers being hacked and peoples passwords and credentials being stolen. But how does this affect you? 

I’m Andrew, and this is visible thoughts. 

Back in 2019 I was part of a data breach that affects his 622,000,000 people. I didn’t know where data had come from, but apparently my email address and password were included. 

It was an email that started everything off from a website called have I been pwned? Now this website keeps an eye on data that’s on the dark web and looks to see if your username or email address is found in it, and if so, it gives you a warning. Now this gives you a heads up to make sure that your passwords are changed and you keep everything as secure as possible, but this is an increasing problem. More and more people are losing financial data, having their identity stolen all because of one simple thing, their passwords and getting found on the dark web. 

How have People DataLabs got my data?

I did a bit research to find out who People DataLabs were. These are the people that had been hacked and my data had been found there. It turns out that they work with businesses to find people’s credentials and information, and they do a lot of this by scraping the Internet, places like LinkedIn and other websites, where you leave your personal data.  This is collected altogether and then they sell it on so that you can get in touch with people at other companies. My data was there to be put in the public domain, but that doesn’t mean that I want it to be used by other people. I put it in one place to be used in that one place. 

People DataLabs provide work emails and social media account details for what the company claims. Is a billion and a half people? That data is created from various sources and sold as a way to contact 70% plus of the decision makers in the US, UK and Canada. And that’s according to their website. So it’s not something that there particularly ashamed of and its data that they sell on.

So how good is your password security? 

When I looked a bit deeper I found out more about how passwords are sloshing around the Internet being stolen and reused. I came across quite a bit of information that was startling to say the least. 

A breach analysis finds that 23.2 million victim accounts worldwide used the password 123456. Now that’s a crazy password to use, and I’m sure none of us would use it, but it’s out there and being used 23 million times. Other passwords that are out there are just as startling and probably for some people a little bit embarrassing as well. But the point is that these passwords are either incredibly easy or used numerous times. So just be careful what you choose. 

So, if you go along to www.have1beenpwned.com and enter your email address, you’ll find out an awful lot about how your credentials are being passed around the Internet, where they’ve been breached and also a few more things that you should be looking at. 

Okay, so the largest breach is at the point at which made this presentation back in 2019 was collection number one accounts followed by a few well known names and some of them might be a little bit embarrassing, but in there with 164 million accounts was LinkedIn. Now, most people who are in business are on that platform. The ones I’m involved with certainly are. 

A big problem is multi use passwords. 

So this is where we create a password for one particular use. In this case we will say LinkedIn and we create a password that’s relatively simple. In this instance we’re going to use password one. We then go and use the same login credentials so the same username and password for another site, in this case for our weekly shopping at Ocado. We do the same with Facebook, Amazon and PayPal. 

Okay, that’s nice and convenient and a lot of us do it. I’ve got to hold my hands as It’s something I’ve done and I’ve done on numerous occasions. 

Single use passwords. 

I have a problem in that once one has been compromised it allows people into all your systems, all your accounts. So it would be a much better idea If when we logged into LinkedIn with our new complex password. 

Although we can use the same email address because essentially we can’t change that we could use this a different complex password to log into our shopping account at Okado.  We only have one email account, so that part of the logging process we can’t change but we certainly can with the passwords. So in this case we’re using single use password instead of a multiple use password and all our accounts are much safer. 

Password Manager Apps to manage online Passwords.

But we have a problem, I have over 500 passwords to manage. Now that’s quite a lot of different passwords to remember and record. So that introduces the concept of password managers. There’s lots of different brands made by different people, but essentially, they all do the same thing, and you can look at the reviews online and choose the one you’d rather work with. 

So how does it work? Well, I create a login password for my password manager, which is long and complex and something that I can still remember but will be hard to guess or compromise? 

I use the same email account, but the password is long and complex, so this allows me to log into my Password manager and from there my password manager manages the logins to all my additional accounts with complex passwords. It automatically allows me to log in or presents me with the password when I need it, but the only password I need to remember and the only one I need to know, is the password for my password manager. 

A lot of my passwords apart from being too complex to remember, I have no idea what they were because they were auto generated by my password manager. 

Another thing to think about is adding two factor authentication. 

This basically means that you type in your password or your password manager types it in and then in addition we use a limited time code. So this is a code that’s generated by a mobile device that is separate to your PC that you must have in addition, in order to log in. In this case I use LastPass and this generates 6 digit numbers that I can enter. 

So what else can you do to keep yourself secure online? 

Well, it always comes back to antivirus and malware. 

It’s best to have some kind of software or software packages that are on your devices to make sure that they don’t get infected, and software installed that can be used to look at your passwords. When you then enter them takeover your machine. 

In addition, always work from behind a firewall. Now this could be a physical firewall at your office or home as part of your router or it could be that you have a firewall on your laptop or machine, which is a software firewall. 

If you’re out and about, use a VPN. So if you’re working from a cafe, it just means that the traffic that you’re sending from your laptop out to the Internet is encrypted and also allows you to be protected from people who might be in the vicinity and are sniffing network traffic. 

So that was a quick touch on passwords. Password security in a nutshell, make sure you use single use passwords. Think about using a password manager, and most of all, stay safe online and off. 

 

 

 

Request for Wordpress Support

Wordpress website support request