Last month saw Yahoo announce they were the victim of one of the biggest known hacks, losing up to 500 million user details. This caused quite a stir within the tech world but amongst the everyday users they barely paid attention to the story and the vast majority will have done nothing about their password security or their online activity. So why should you be paying attention to what’s happening with these online hacks and what should you have done in the wake of the announcement?
These announcements from online companies are becoming ever more frequent and has reached a point where the everyday online user just don’t care about the how it happened, who did it or how much information was taken. What matters to these users is what they need to do to protect themselves from the next hack and the one after that because it will happen again and the impact of such hacks needs to be minimised.
For those of you who think your online data is safe and there’s nothing to worry about, have a look at the site Have I been pwned? (https://haveibeenpwned.com). On this site you can put in either your email address or username and it will tell you if your details were contained in any hacks. Putting in one of my own addresses showed that I appeared in 5 attacks with one for the attacks getting my Email addresses, Password hints, Passwords and Usernames. If like most people I used the same username and passwords for all sites that information could unlock a lot of information on me and cause all sorts of trouble.
Luckily for me I don’t use the same passwords across sites and I don’t fill out password hints and security questions so the information obtained about me would only let them access the site it was taken from and would only work there until I changed the password. Here I’m going to share with you the information I use to try and lock down my online accounts and keep any loose of information to the bare minimum.
It sounds so easy when people discuss it online or on TV and Radio, “use a different password for each account”. These days most people have more online accounts than they can remember and the easiest way to access them all is to use the same details across all accounts. It’s hard to come up with with new passwords and then have to remember which password goes with which account so here’s my tips.
Create a memorable password using whatever method you like. I always advise people to use acronyms like BbBShyaw? (Baa baa Black Sheep have you any wool?) they’re easy to remember and if you can add a number or special character in there all the better. You can use anything from nursery rhymes to movie quotes just so long as you can remember it. The next step is to link the password to the site you want to use it with for example adding a G to the beginning or end for Gmail or Sc for Snapchat. It’s not as safe as creating a new password for each account but at least they’re different.
If like me you need to keep track of more passwords than just your own then I suggest using a tool either local on your computer like KeePass or one of the online companies like 1Password or LastPass. These tools integrate with your browser to remember your passwords and autofill them for you when needed. The other thing they can do is generate passwords, which means that you have a different password for each account and since the tool remembers the password for you, you don’t have to.
I think, like me, most people hate the security questions when creating a new account online. You end up looking for the same questions on each site and giving the same answers. The thing is these questions are the locks for your account and if someone can guess the answers then it doesn’t matter how strong and secure your password is they’ll get access to your account. The first thing to know is that the answers to the questions don’t matter, all they’re used for is to match against the answers you give if you’re locked out of your account. Therefore if the question asks Where were you born? you can give the answer The Moon just so long as you remember the answer you gave whenever you’re asked to verify your identity. Knowing that, I suggest coming up with random answers for the questions so that you don’t answer the questions correctly and only you know the “secret words” given.
The other security feature that most people skip over is the option to put in alternative email address or phone number to use if anything goes wrong with the account. These become very helpful when you are locked out of an account, most sites will send a 6 digit code to either the email address or phone number and you can use that code to gain access to the account again, making it very straightforward and secure.
I hope what I’ve written here will help people in the future when they need to create a new account or change a password. If you follow the tips I’ve given then you’ll go a long way to securing your online accounts and hopefully you’ll not run into any trouble. Always pay attention to any mention of large hacks to see if your account might be involved and what information was taken. It’s a good plan to change your passwords every so often as proven by Yahoo who didn’t mention the hack until 2 years after it happened and it was too late to be doing anything about it then.
Finally if you notice any suspicious activity or you just think there’s something funny going on with one of your accounts go through them all and update your security information and create new passwords.
As always if you have any questions contact me or leave a comment below.