Have you been using the same login password since grade 11? Have you been using the same easy-to-remember password for every single one of your email accounts? It’s time to change it. Change everything, change it often, and maybe not be so obvious. We're talking to you "password123", "sunshine", and "linda77".
Barely into the year, news dropped about what was first believed to be the mother of all breaches. In January, tech security professional, Troy Hunt, wrote about a data breach that exposed 773 million unique email addresses and over 21 million unique passwords. A directory posted in a hacker forum on MEGA, a free cloud storage site, included a dump of information taken from thousands of websites — a list of the breached sites can be viewed on Pastebin. Dubbed the Mega Breach, this one is actually said to be a few years old now, and it’s not even the largest collection of stolen data out there.
Why are people stealing login ids and passwords to your email accounts? The data inside of your inbox is a valuable and sellable commodity.
Maybe it’s not so obvious, but beyond the sensitive information contained in your emails, the login information to other sites is the hidden treasure. When you shop online, you provide your email address and create a password for each site and it’s so simple to request a password-reset email. If you use an online cloud storage service such as Dropbox or Google Drive, the key to unlocking those files is sitting somewhere in your inbox. If you purchased software, the license key is likely right there in your inbox. If you have corresponded with your bank via email, thieves could attempt to impersonate you in an effort to drain your account. Along with gaining access to financial information, a hacked email account is also an opportunity to ‘harvest’ all your contacts creating a domino effect of damage and opening the gateway for spam or phishing attacks. Appearing to be from well-known and trustworthy companies, phishing scams persuade targets to provide personally identifiable information, banking and credit card details, and passwords. This is how identity theft occurs and these same emails can also cause users to self-infect their own computers with malware.
If thieves crack your ‘magic’ password or the answer to one of your secret security questions, for example your mother’s maiden name or the name of your first dog, this could unlock the door into social media accounts, data storage services, bank accounts, or even your actual back door. There have been many high-profile leaks that occurred because a hacker learned the answer to a celebrity’s security question and used it across other accounts to gain access to and post photos and information in public forums.
So this brings us back to changing passwords and making them stronger. Get used to saying and using passphrases. A passphrase is made up of multiple words, for example, “Who let the dogs out” or “It’s time for a vacation”, that are easy to remember and type, and are more difficult to hack. If you can't think of anything creative and charming, try a free password generator to randomly generate a password or passphrase that will have enough bits to keep your email on lockdown. Try Correct Horse Battery Staple for help with unique passphrase creation.
It’s also recommend that you use the multi-factor sign-in now offered on most websites or services. "I have to remember TWO passwords for one account now?" A common type of two-factor authentication involves sending a temporary number to your phone or another email address that will be required along with your username and password. It’s an extra layer of protection should thieves manage to steal your password: unless they can also get access to your second password, their attempts will be useless.
And, you must start using a different and unique passphrase for every account you use. If thieves get your password for one account, they will try that password on every account. It can be a hassle to remember all your passwords if you are super busy and important and have multiple email accounts. This is why we also recommend using password manager software to help maintain the organization of multiple passphrases.
We get it, we are all suckers for nostalgia but you don't have to completely let go of the past. Just update your super awesome “ZepplinRules” password to something a little more robust...like "ZepplinRules*Since1968#!".