Pwned again, and again ..
I woke up yesterday and found this in my inbox:
This was not a surprise. It seems like another website is hacked every day. I have not used EyeEm for a long time, so I deleted my account, but the bad guys already have my information. Consider this post a PSA. Let’s get started:
Complex passwords
Always use complex passwords. No, ‘12356’ is not a good password. When possible, use very long passwords that consist of random characters (numbers, letters, special characters.. and mix upper and lower case). I try to use passwords that are at least 20 characters, and much longer when possible. Here is an example of a password I would use:
bHhr3rUrfb#msgfhEcNv6eKZzWnBZDLEczg.
Use it on a single site
Don’t use the same password on multiple sites! Every site should have a unique, complex password. Think about it, if the hacker gets your password from EyeEm, and then tries to log into your bank acccount, and you used the same password and user ID, the hacker owns your bank account. Use a long, unique password for every account.
Managing your password
How do you manage all of these long, complex passwords? First, don’t store them on your computer or phone in plain text. The notes app is not a good place to store your passwords! Store them where they are encrypted, and stored securely. I use 1Password, but there are options. Another good choice would be LastPass. No, nothing is free, but what is your security worth.
It’s a good idea to change your passwords frequently. I try to do that yearly, but I miss that goal sometimes. A good password manager helps by generating these complex passwords for you.
Those stupid security questions
Many sites have you answer security questions that they use to confirm it is you when you have to reset your account, or call for assistance. Never respond with the ‘real’ answer to those questions. When I am asked for my first job, I use a long, complex answer, much like the password itself, and I store the answer in my password manager, in the notes field. As an example:
fuX4RKY4wnMTHonRccCPEZzjgD^qztkk.
Some sites will not allow you to add special characters to your response, so in those cases, I remove what I have to, and even shorten it to fit the requirements. It’s still better than providing an answer that a hacker can discover by googling your history.
Enable Two-Factor Authentication (2FA)
Two factor is a method of confirming user identity using a combination of two different factors. These two factors can be: 1) Something you know, 2) something you have, or 3) something you are. For example, one factor is your password and user ID, (something you know). Something you posses may be your mobile device, or a security token.
Many sites will send you a code via a text message, to your cell phone, and you enter that code to confirm your identity. PayPal uses this method of 2FA. I perfer to use a separate app that generates the codes. Amazon uses this method, and I use Authy to get the codes to respond to when requested by Amazon. (That is the link for Apple .. you can also find Authy in the Google play store).
Bottom line, use 2FA when it is available. It provides one more level of protection.
Have you been pwned?
If you want to see if you have an account that has been compromised in a data breach, use this site: ‘; — have i been pwned. Good luck.
Last words
Lastly, passwords are going to disappear. I am not sure how this will play out, but biometrics and AI other tools will replace passwords. Clearly, passwords are not working, but they are the best we have for now. Use long, complex passwords. Store them in a secure, encrypted database (a good password manager). Change your passwords, perhaps annually, but certainly when a site is hacked. And lastly, use 2FA!
Stay secure and use good password hygiene.
~ Rick
Check out my vlog, which includes more of my photography and videography: tales.photos (on YouTube). Remember to like, comment and subscribe!
My photo blog can be found at tales.photos.
©2019 Rick Cartwright