How to know if your password has been breached?
What are the do’s and don’ts and how to manage all your passwords efficiently?
What is the ISSUE?
If you have Instagram or Facebook, it’s noteworthy to know that one of the latest password breaches is involving Instagram which affected millions of users. This is not something new as T-Mobile was hacked in 2018 and around 2 million user’s personal data including account numbers, billing information, email addresses, and passwords were affected. There was another incident which an online shopping platform, SheIn.com was hacked and hacker gained 6.42 million email addresses and encrypted passwords for customers’ online store accounts. Data breach due to unauthorized access is becoming a norm and all the more reason why you should strengthen your security. While organizations that are providing online services are responsible to ensure the safety and security of your personal data, total security is actually two-way. Learn how to reinforce your first line of defense in the interconnected world.
Why you need Password?
Password is to authenticate or proof that you are the “legitimate” person to use or access devices, sites or services. Imagine that your email account password had been breached and numerous other services or accounts tied to this one email. The person can easily request a reset and gain access to the rest of your accounts like banking and your other accounts. Or what if you have the same password for all your accounts – the consequences can be disastrous.
How do I check the possibilities of my password being compromised or breached?
You can access to https://haveibeenpwned.com/ and check if your email account is found in any of the breached sites.
You should consider to change your password immediately if there is.
Here is some common advice when it comes to securing password:
- Use Strong Password
Size matters – NIST (National Institute of Standards & Technology) guideline suggests password should be minimum 8 characters long as it makes it difficult to be cracked or guessed. Of course, don’t forget to include a combination of all kind of special characters or symbols if possible.
- Change your password regularly and never reuse
This is more to a precautionary attempt. If your password had been compromised, it puts an end to anyone that might have acquired your old password.
- Change the default password
Default password comes along with the device for initial setup/configuration (example: admin/admin, root/12345). The default password can be found on the devices itself or with the instruction manual or even on the websites of the product. Not changing the default password is the same as giving anyone the possibility of accessing your device with unlimited access (“administrative” privileges). Hence, remember to change the default password.
- Use unique password and never write it down
By using a different password for all account you are lessening the risk of your other accounts being affected if one of your passwords being leaked or breached.
But now there is another problem, not only creating strong passwords becomes complicated but there are too many passwords to remember!
An average user has to remember numerous password starting from windows login, network access, Wi-Fi, online accounts like Facebook, Instagram, online banking, online shopping accounts, and the list goes on as most sites require you to create a user account with a password. It is impossible to remember all of them, hence some resort to reusing same user name and password for their various accounts. Using one password everywhere risks it becoming a gateway for the rest of the accounts when someone gets
the password. It is not a good idea to write passwords down or save it in a notepad (clear text) as if it falls into the wrong hand, the result is unthinkable.
A GUIDE to surviving password evolution
Passphrases can be longer but easier to remember. There are sites that allow you to generate passphrases like the http://passphrasegenerator.com/ Example of passphrases: thewascard / low4are1dictionary. It does not have any specific meaning, however, you would be able to remember the phrase compared to some random mix of Unicode characters and it’s definitely not easier to be cracked.
- Password Manager
Password management tools are available in the market to help you manage your passwords. It functions like a vault to store all your passwords and you need to remember only one Master Password. You can choose to use free ones like KeePaas, LastPass, LogMeOnce (and many more) or the paid version which offer more functionality based on your affordability.
- One-Time Password Authentication (OTP)
One-Time password or also known as one time pin usually generated and valid only for that login session. You need to generate another OTP for another login session. This solution is usually combined with two-factor authentication with devices like security tokens or mobile devices. For example, if you are using online banking and SMS / TAC request is initiated to complete the transaction in which a pin is sent to the device and you can’t proceed unless you key in the OTP pin. Hence, if you have an OTP option, enable it.
- Two Factor Authentication (2FA)
Two-factor authentication or 2FA is an additional layer of authentication on top of your existing password. It is usually integrated with ‘something you have’ like your mobile device. Once a 2FA is enabled, after keying in your username and password, you may need to enter additional pin sent to your device to proceed. This helps to reduce the possibility of your account as no one can access your account by just using a password.
- Multi Factor Authentication (MFA)
Multi-factor authentication can also be a 2FA or a combination of what you know (your password), what you have (your device) and what you are (biometric). Nowadays devices come with face-recognition, voice recognition, and fingerprint identification and you may want to use it to add an extra layer of security on top of your existing password.
Protect your data, information, online presence and activities by strengthening and managing your password in a secure way. Strong and secured passwords lessen the overall risk of security breach.
Author/Written by: Thavaselvy M |May 2019