Learn from Other and Don’t Reuse Passwords

imag0741_crSigh, another day, another hack.  Clinton’s campaign chief John Podesta had his email hacked and displayed for all to see earlier this month.  That was bad enough, but miscreants noticed his password saved in an email.  They started to look for other accounts that used the same password finally ending up deleting everything in his Apple account and posting embarrassing tweets on Twitter.

John failed to follow two simple security protocols.  Never reuse passwords and do not put them in an email.  Emails usually have no encryption and anyone can read them when sent through the internet.  Saving the information in a document is almost as bad because malware can harvest these if a piece of hardware becomes infected.  It also a pain to keep synced with all devices unless stored in DropBox of other file shares.

A Simple Security First Step

Keeping track of more than a handful of id and passwords is pain and nearly impossible on today’s internet.  So, use a password manager.  Several of today’s password managers such as LastPass and KeePass integrate seamlessly into desktops and mobile devices.  To find one that meets your needs, Likehacker or PC Mag sites have some good information on how the software works.

Remember to make the password on the manager unique and easy to remember you will use it daily.

Changing Passwords

If you are using the same password in more than one in place, stop.  If there is a breach, especially if it is your email account, then all other sites become vulnerable.

It is tedious to change passwords on all of the web site you access at once.  To break up the frustrations start in this order, doing a bit at a time:

  1. Protect your email and phone. A breach of one these leave all accounts venerable to hacking because of the password reset options sites have.  A stolen phone without a password or other lock leaves your virtual life open to snooping.
  2. Accounts holding financial information. Bank accounts are most important, but this group also includes sites such as Amazon or your power company since they store credit card information.
  3. Social sites. This includes social media sites such as Facebook but also other sites that you regularly use to communicate with others such as forums.  It is embarrassing for a spammer to hijack your account and start spamming fake Nike or pharmaceuticals to your friends and family.
  4. Anything else. Update other sites as you log into them.

Other Security Ideas

  • Occasionally check the news to see what sites have breaches.  Have I been pwned is a good side to check if your email address or user name are in lists of stolen accounts.
  • For important sites, use two-factor authentication. This can come in form of a text message sent to your phone, an email, or an app downloaded to your phone.  Even if someone gets your password, they will be unable to get into your accounts.
  • Don’t share accounts with others. Find out a way to give each person a unique log in.  As a bonus, the personalization features stay unique to you.  No longer will you receive cartoon recommendations when you use Netflix.
  • Don’t share passwords with anyone for any reason. Legit tech people will next ask for one.
  • Password-protect your phone. It is your most important piece of technology and is the center of their lives for many.
  • Do save password in the browser.  It is hard to move from one machine to another and malware can read it if installed.
  • Install an ad blocker.

While taking these steps won’t make your digit life hack proof, it makes you a more difficult target and just like locking your front door, it raises the time and hassle it takes do to something to you.  It is worth a few hours of investment for some extra protection.