by Adam Murray, RSU 18 Technology Director
Imagine waking up tomorrow and hearing the news… another data breach. It seems more and more common every day. Millions of people’s personally identifiable information (PII) is stolen including names, addresses, phone numbers, email addresses, social security numbers, and passwords. With so many threats on the internet, it’s hard to keep up with best practices for staying safe online. While this article could turn into a book if we addressed every cyber-security related topic, I want to focus on a couple things that are quite simple but can save lots of headaches IF you are a victim of a data breach.
Pretend for a minute that your email address is compromised. Most of us would not think anything of it. I mean, so what? Someone has my email address. What can they do with it? You give that out when signing up to win a snowmobile at the mall. What you may not realize is that your email address IS one of the best ways to access all of your other online accounts. If I have access to your email, I can reset your password from any other online account. According to https://haveibeenpwned.com, my personal email address shows up in 13 data breaches.
But wait, they just have your email address, not your password. Well, in another data breach, your home depot account information was stolen and it contained your home depot account username and password. So what? Well if you’re like most people, you have used and reused passwords between other online accounts. So if I take your username and password found in the home depot data breach and cross-reference it against info stolen during the Equifax data breach, I begin to quickly put pieces of the puzzle together. I may now have potential access to your entire digital footprint including your bank account, retirement accounts, records through HR Block, etc.
Strong passwords are not good enough. Using and reusing a similar variation of a password you’ve been using for years isn’t good enough. There are computer components out there now that can go through a dictionary of 8 character passwords in less than 3 seconds. What I am saying is if your password is Patriots12 and you retire that one in favor of Patriots11, it’s still not good enough (OK, I admit, the Superbowl was just last weekend and I might be on a proud New Englander kick, Go Pats!).
The best practice for today’s current situation is to use unique (not slight variations) passwords for EACH online service. And by unique, I mean something like KTofdsa8Ada76fds. I bet you think I’m crazy now. You’re thinking, how will you ever remember that one, let alone ALL of your online services? You don’t need to! There are tools available that will store all of your passwords in a secure vault. Services like 1Password, LastPass, and Keepass are available and they help keep track of all your passwords. These password managers will generate unique passwords for you. You just need to know the master password to access your vault. To be even more secure, I recommend enabling Two-Factor Authentication as well. Two-Factor Authentication (2FA) is a fancy way to say, send a text message to your phone with a code to make sure it’s you, even after you entered your master password.
Password managers can also be accessed using fingerprint or face scanners on mobile devices. They often come with features to share individual passwords with family in case your kids need to know your Netflix password in a pinch. What I like most about using password managers is that I don’t remember passwords anymore. The password game for me is a thing of the past. When I pay my electric bill, I go on my mobile device, go to the website, have my password manager fill in my username and password after it recognizes my face and voila, I’m in. I never entered anything.
Look, I know this stuff is not always easy to understand, but it’s so important. We’re talking about identity theft that could literally ruin your life or potentially take years to recover from and I don’t want you to have to go through that. I enjoy helping people learn more about security so if you need help getting set up with a password manager, feel free to contact me via email at firstname.lastname@example.org.