Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Caught up in another password breach? Follow these 3 rules to protect yourself online

25 августа 2022 г Hi-network.com

Another day, another password breach. This time, the compromised website belongs to the Plex media-streaming service, and the advice is predictable: Reset your account password immediately.

Yes, of course you should do that. But don't stop there. Every one of these incidents is an opportunity to assess your current online security and tighten it up as needed. The goal is to make sure you're at minimal risk when (not if) another, similar data breach occurs. The best way to do that is to follow three ironclad rules:

  1. Always use a long, random password
  2. Never reuse a password
  3. Always turn on 2-factor authentication (2FA), if possible

If you followed those rules, you wouldn't have been particularly worried about today's password breach. Why? The hash of that long, random password can't easily be matched with its plaintext version, and even if the thieves managed to decrypt that password and try to use it before you changed it, they'd be stopped cold by the 2FA prompt.

Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read now

Most importantly, if they tried those credentials on other sites, they'd have no success at all. The real danger of reusing passwords is that simply changing them in one place isn't enough. If you use the same password on multiple websites, you could be in a heap of trouble once the bad guys start trying the stolen Plex password on popular sites like Gmail and Outlook.com.

The good news is that a first-rate password manager can help you identify weak passwords and detect duplicates. Here's one example, a report generated by1Password using its Watchtower feature:

A good password manager can alert you to weakorreused passwords

That's an excellent starting point for getting your passwords in order. And don't feel bad if the numbers seem alarmingly high. If you imported a collection of older passwords when you set up your password manager, then you're undoubtedly dealing with a collection of credentials you created yourself. Because human beings are notoriously bad at creating truly random strings of text, those passwords are probably weak, which means they can be easily guessed or are vulnerable to a brute-force attack.

A weak password is typically too short, is made up of words that can be found in a dictionary, and/or contains all or part of the account name. Even if you did manage to create a truly random, hard-to-guess password, your password manager will flag it if it determines you've used that password at multiple sites.

The good news is that every modern password manager also contains a password generator, which you can use to replace those old, weak, insecure passwords. Here's what the password generator in 1Password looks like:

A password generator can create a truly random and hard to guess password

One thing I love about 1Password's generator is that it offers the option to create memorable passwords, likewhinny-upswept-inferior-apiary, as an alternative to random strings of alphanumeric gibberish likeTouB4kccX_kF7csPW9f9.

Recommends

The best password manager: Business and personal use

Everyone needs a password manager. If you're willing to pay a monthly or annual fee, these options are worth it.

Read now

Unfortunately, the process of changing your old passwords is labor-intensive. For each service, you'll need to find the page where you change your password; use the password generator to create a new, random, unique password and then update the saved entry.

As a best practice, you should do this as soon as possible for high-value sites like banks, credit card portals, and email and social media accounts. After completing each password change, I recommend that you immediately sign out of the service and sign in again, using your freshly saved password, to confirm that the new password was properly stored.

The final step is to ensure that you turn on 2-factor authentication wherever you can. You should absolutely turn on this protection for high-value sites like email services and financial institutions. Your mobile phone is the best 2FA device, ideally with an authenticator app rather than SMS messages. Just make sure you've got a good backup for your 2FA credentials in case your phone is lost or stolen.

For the most part, finding out which authentication methods are available for a specific site usually requires signing in and then poking around the account options section. Look for anything with the wordslogin or security.

Not sure whether a service supports additional authentication options? Check out the excellent 2FA Directory, an open-source project that maintains an exhaustive list of websites, with details on whether and how they support 2FA. If your service isn't measuring up, and switching is an option, this is definitely the place to start. 

Recommends

The best VPN servicesThe fastest VPN services comparedHow to set up and use a VPN on Windows, Mac, iOS, or AndroidWhat is a VPN and why do you need one? Everything you have to know
  • The best VPN services
  • The fastest VPN services compared
  • How to set up and use a VPN on Windows, Mac, iOS, or Android
  • What is a VPN and why do you need one? Everything you have to know

tag-icon Горячие метки: Технологии и оборудование Наш процесс Безопасность и охрана

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.