Have you seen the latest password haul that identified over 87GB of passwords and data clouted on a hacker’s website? Are you worried? Well, you should be! Just take a look at this article in the Register.
One of the biggest worries for IT is identity security and the relative weakness of passwords entered by humans. Generally, we are not efficient at creating and remembering complex, unique passwords for each website that we want to access. We reuse them, think we are being clever by changing a character here or there in what is a generic “base” password.
Hackers love this. They are not sitting in front of a computer scratching their heads trying to guess what you would use. They user brute force password attack programs that can potentially try millions of passwords per second.
Once in, they can take a note of the password you have used, and then launch attacks against other websites that they may believe you have an account with. Now you can see that if you re-use your password you may be in for a rough ride in the event of a breach!
Password protection… what can you do about it?
Get a password manager.
Humans are inherently challenged by holding a large number of unique passcodes/phrases in their heads hence using similar ones. A password manager can save you all the stress. By only having to remember the main password to access the software – it accesses all your browser passwords and saves them along with any you input yourself allowing them to be re-used across browsers, smartphones etc. The encrypted password vault cannot be accessed without the master password.
Contacting the manufacturer and asking them to reset it because you have forgotten it will not help you. No-one else has access to your account. So, if you forget it, then the passwords are lost. You can share passwords with others, and with some password apps, share them without the password itself being visible (a sort of limited rights access).
You can also create an emergency account – so that if something happens to you (and all your unique passwords) a named, trusted person or people can request access to your password vault – meaning that the passwords can be recovered in the event of something bad happening.
Sign up to https://haveibeenpwned.com/
This site keeps tabs on your email account and, in the event of a password breach, you will receive an email warning you of the breach and the opportunity to see which accounts have been attacked so that you can quickly reset it. This free service.