In this episode about passwords, we look at ways to find out if you or your email address may have been involved in a data breach created by hackers. Email addresses are often used as a part of the log-in identity process and as such, they are a key piece of information in the hacking world. As your email address is difficult to hide or change, you need something secure as your second key - your password.
In Australia, if hackers have breached a company and your data has been compromised, the company has to contact you to let you know. I'm not sure how quickly that happens, but having received a few of those emails, I can say that they usually don't contain too much helpful information. Some of the targets have been recruiting companies, eBay, education and medical institutions.
It's not in the name
But there is another way - many ways actually. It's good to be pro-active and begin checking for yourself. So I recommend that you go to a website called "Have I been pwned". Now let's not get uptight about the name, it has nothing to do with pornography and everything to do with tightening your security. It's on this site that you can type in an email address, and it will check if you have been involved in a data breach without your knowledge. Sites like eBay, LinkedIn and others are attacked regularly, and if your email address is stored on a site, then your details may have been sold between hackers across the internet.
If you have been "pwned" then you must change your passwords straight away. Make it a strong password. Check all the places where you have used that email address and change the password there as well. but remember - use a different password for each site. Otherwise, if a hacker gets one password, they have them all. They then compile databases on where the password has been used, before selling the information, which is why it is so valuable. Think about the type of data that may have been stolen and keep a record of it. Consider some of the tips we wrote about in the last article. Read up on easy ways to secure your data, devices and systems.
Don't re-use passwords. Have a different password for every site that you go to. One site = One password.
In past blog posts, we have recommended LastPass. The reasoning behind this is simple. You can have a different password for each site, and the only password you have to remember is the one you use to log into LastPass. That's the same as having a different key for every door both physical or electronic in your life. And those doors only open for you.
But remember - change those passwords regularly! If you don't, all the security in the world won't help.
The take-away here is that you need to realise that your identity is a target for someone who sees's it as a commodity to be sold and that you need to proactively take steps to secure your information. If you don't, you may end up being a victim.
Make sure you check back here for more tips - We have a LastPass link below and I'm sure I'll have a few more things to say about passwords.
And if you have any concerns or questions, as always please contact us for assistance.