Another day, Another Breach

“Another day, another breach”.  A colleague said that to me the other day in response to a database of 560 million passwords that surfaced online.  This got me thinking about passwords again.

Every time I read a security blog or newspaper article about passwords, at some point they will ask the question.  Are passwords dead?  Meaning are we going to start using biometrics, heuristics, etc. instead of passwords.  Nobody likes passwords.  They are a pain to remember, and now people like me are telling you that you need a different one for every website!

Unfortunately, passwords are not going away.  Biometrics is not a good alternative because you can’t change them.  If someone gets your biometric data, then they have your password.  Heuristics could be a good alternative but it isn’t ready for prime time yet to replace your password.  So, if passwords are not going away, what should I do to keep myself safer?  Well, there are several things you can do, and one of them you already know.

Do You Have a different password for every site?

This might sound daunting.  And who is going to guess Summer17!?  Well, everyone is going to guess it.  Also, if you use the same password for your ignored AOL account, that you use for the Home Depot account, then you could have a problem.  Think about this.  If Home Depot gets compromised and they are then able to get into your AOL account, no problem, right?  What if the AOL account is the backup account for Gmail, in case you forget that password?  Then they could reset your Gmail account with your AOL account, and bam they start resetting your bank accounts because that uses your Gmail as the backup.  See the snowball starting to happen?  So, there are two things you can do to help stop this.  Either write down on a piece of paper, every single password that you have and keep that paper very safe.  Or use a password manager like LastPass, Dashlane, or 1Password.  Some even automatically rotate password for you, so you don’t have to even do that.  Also, you can now use 25 character random passwords because you don’t have to type them in, the password manager does it for you!

Find out if your accounts have been breached

I recently came across this website https://haveibeenpwned.com/ that allows you to see if one of your account credentials to a website has been leaked.  I found out my dropbox account back in 2012 was known, but since I have changed it many times since then, using totally random passwords, I am not at all concerned.  And since I use a password manager, I don’t have to come up with memorable passwords anymore.

Use two-factor authentication

Twitter, Facebook, Google, your bank, etc. all allow two-factor authentication.  To use Two-Factor, you normally use an app or get a text to with a code, that you must put in along with your password, to log into a website.  You will thank me one day that you have done this.  Because if your bank gets hacked, and they have your password, they still can’t get your money because they don’t have the code.

Delete accounts you no longer use

If you have accounts you no longer use, delete them.  That way if the site is ever compromised, they don’t have any information on you, which just makes you safer in the end.

If you must create a password for yourself, try to use a sentence.  TheBr0wnF0xL0vesCh33se! is a good example.  It is easy to remember, but hard to crack.  As I mentioned before, passwords are not going away soon, so it best to find a way to live with them, make them easier to use, and not leave yourself vulnerable in the meantime.

Contact Thrive today to learn more about protecting your company and your customers.