Have Your Passwords Been Stolen?
In this article, we're going to be answering 3 very important questions:
Have your password been stolen?
How are passwords stolen?
How to protect yourself.
Have your passwords been stolen?
The simple answer is, yes, most likely. This sounds like a pretty bold claim and we're used to making those but there's plenty of evidence to support our view.
There are some very useful sites like haveibeenpwned.com you can enter your email address and search against an enormous list of stolen credentials giving you instant feedback on whether it's been stolen and where from. My email and password have been stolen over 21 times!
How are your passwords stolen?
Guessing is as simple as it sounds, many people hate passwords and can be very un-original with their passwords or they often just leave a password the same as their last IT guy set it as. We've seen many occasions where users are using simple passwords like ChangeMe, LetMeIn, Password!@# and so on. It sounds like a joke but the number of people using these passwords is mortifying.
Passwords are here to stay and you need to get serious about yours...
This is a very common method of stealing passwords, a computer program rapidly runs through every possible combination of numbers, letters, symbols until it figures yours out. If you take a look at the below table it illustrates that the shorter your password and the simpler it is the quicker it is for a computer to figure out. 12 characters, 7 million years? Yes please. (keep in mind computer processors become better and better at these kinds of task each year so time frames may be shorter).
This is how many celebrities had their Apple iCloud accounts hacked and exposed some pretty damaging photos.
Phishing is a process where hackers attempt to trick you into providing your username and password. You've probably seen a phishing email before, typically something's urgent and is coming from PayPal/Bank etc. with warnings of penalties if you don't take action. All baiting you into clicking a link which takes you to a website almost identical to your banks with the hope that you enter your precious username and password which inturn is instantly provided to the hacker.
Breaches happen unfortunately all the time and sadly it isn't normally through any fault of your own. If the owners of a website are taking the necessary precautions you should never become a victim to this. But this is the real world and not all website owners take the necessary precautions. We come across many businesses that use platforms like WordPress (who have their own hacked FAQ) which are constantly being targetted by hackers. You're generally pretty safe if you keep your website and addons up-to-date but again this is the real world, most of these businesses have no idea how to do that and subsequently don't.
Spying isn't probably something you'd expect to see. This ranges from people watching over your shoulder to see your passwords/passcodes, to having malware keylogging and stealing your details as you type. There are also serious risks using free VPN services, over 30% of which are owned by China. You can be the judge of how comfortable that makes you.
How to protect yourself.
There are MANY ways...
Sign up to be notified if and when your details are found in a breached list.
Stop using simple and basic passwords. If you can't think of anything use a password generator for ideas.
Don't use the same password for every website. Often your username is your email address and if your password is the same you can easily become a victim of credential stuffing. This is a process where software is used to attempt to login to as many important websites as possible using your stolen details until it gets a hit.
Use unique passwords for important services like your banking and email accounts.
Never save passwords on your computer, that goes for both in your internet browser and as digital files. Well hello there passwords.txt...
Use multifactor authentication, you know, those annoying text messages you receive when you're trying to access something from a new location. This is so underrated, even if your details are stolen, hackers still can't get in because they don't have your authentication code. Giving you time to change your password without risk of losing your stuff.
If you're worried you're going to forget, keep a notepad with your passwords written down, this is far safer than on the computer. For added security keep your notepad in your safe. Just please don't forget the safe code.
Make sure you're using a reputable antivirus/malware system - get in touch if you need a really good one.
Always keep your software up-to-date.
And finally, don't share your password!
We hope this article helped as always get in touch if you need us.