Passwords - Part 3
Passwords: The Good, The Bad & The Ugly – Part 3
9. Immediately change your passwords following a data breach.
If a company through which you have an account has suffered a data breach, immediately change your password. An article on ConsumerReports.org discusses the JPMorgan Chase data breach, offering tips for consumers to take steps to protect their data after a breach. "We still recommend online and mobile banking, because it allows you to watch your account in real time from almost anywhere. Yes, it's now clear that Internet banking is not impervious to hacking, but 'the convenience you get from banking digitally greatly supersedes any security risk,' said Al Pascual, head of fraud and security research at Javelin Strategy and Research, a California-based financial services industry consulting firm. As part of your monitoring, watch out for changes to your debit card PIN." Twitter: @consumerreports
10. Verify that a breach has, in fact, occurred.
There are many opportunists who use the likelihood of a data breach to trick unassuming consumers into actually handing over their passwords and other information, when a data breach has not actually occurred. Before responding to any requests to update your login info through a link sent to you in an email, visit the company's website by typing the URL into your address bar and confirming the breach occurred, or call the company to verify the information. "First, make sure that your card information has actually been compromised. If you receive a notification via email requesting 'confirmation' of your card information, don’t respond – it could be an opportunistic fraudster. Check the merchant’s website for news about a breach or reach out to customer support for details," says the Electronic Transactions Association (ETA). Twitter: @joxman
11. Don't ignore reports from friends about mysterious emails coming from your accounts.
One of the most common ways people learn they have been hacked is when their friends or family members report receiving an odd email or social media message, or even seeing strange updates posted on social media profiles. It is easy to ignore these warnings and assume it is some sort of fluke or someone who simply changed the "reply-to" when sending a spam email, but this is often a sure indicator that your account has been compromised. Don't ignore these tips.
12. Know the warning signs that your data has been breached or that you've been hacked.
There are many possible indications that an account has been hacked, your identity stolen, or your data breached in some other way. Educate yourself on the warning signs of a potential breach and create positive habits for monitoring your personal data security to identify potential attacks or breaches before they escalate to devastation. Read up on data protection tips (such as the guide you're reading right now) and on information outlining the common warning signs of a data breach or hack, such as this list of "11 Sure Signs You've Been Hacked" from InfoWorld. Twitter: @infoworld
13. Regain control over your compromised accounts.
All too frequently, if one account has been hacked, your data is no longer secure on other accounts using the same login information, particularly if you use the same password for multiple services. "Regaining control of a hacked email account can be tougher. You will have to contact the email provider and prove that you are the true account holder. Of course, if the hacker changes your password, you cannot use your regular email to contact the provider. It is important to have more than one email address, and make each the alternate contact address for the other. Did you use your email address as a username on other sites? That is certainly a common practice. But if you also used the same password that you used for the hacked email account, those accounts are now compromised as well. Even if you did not use the same password, you could still be in trouble. Think about this. If you forget a website password, what do you do? Right - you click to get a password reset link sent to your email address. A smart hacker who has control of the email account will quickly seek your other accounts, social media, perhaps, or worse, shopping and banking accounts," explains Neil J. Rubenking in an article at PCMag. Twitter: @neiljrubenking
14. Last Words – a summary
- Never disclose your passwords to anyone else. If you think that someone else knows your password, change it immediately.
- Don't enter your password when others can see what you are typing.
- The routine changing of passwords is not recommended, unless the accounts to which they apply have been hacked, in which case they should be changed immediately. This also applies if another account or website for which you use the same login details have been hacked.
- Use a different password for every website. If you have only one password, a criminal simply has to break it to gain access to everything.
- Don’t recycle passwords (for example password2, password3).
- If you must write passwords down in order to remember them, encrypt them in a way that is familiar to you but makes them indecipherable by others.
- An alternative to writing down passwords is to use an online password vault or safe. Seek recommendations, and ensure the one you choose is secure and reputable.
- Do not send your password by email. No reputable firm will ask you to do this.
1 Michelle Castillo, Why You Should Make Your Passwords Harder To Crack, http://techland.time.com/2010/12/14/why-you-should-make-your-passwords-harder-to-crack/, 3/02/2016
2 Eric Cole, Protecting Your Passwords, https://www.ccny.cuny.edu/sites/default/files/it/upload/2011-05_OUCH_Protecting_Your_Passwords.pdf, 3/02/2016
3 Mindi McDowell, Shawn Hernan, and Jason Rafail, Choosing and Protecting Passwords, https://www.us-cert.gov/ncas/tips/ST04-002, 3/02/2016
4 Nate Lord, 101 Data Protection Tips: How to Keep Your Passwords, Financial & Personal Information Safe, https://digitalguardian.com/blog/101-data-protection-tips-how-keep-your-passwords-financial-personal-information-safe, 3/02/2016
5 Passwords, https://www.getsafeonline.org/protecting-yourself/passwords/, 3/02/2016