Another data breach was recently reported. Rather than re-write what someone else has covered in much more detail than I can, I’ll link to the article, The 773 Million Record “Collection #1” Data Breach, by Troy Hunt. Mr. Hunt has an impressive resume. As taken from the about page from his website, Have I Been Pwned, Mr. Hunt is:
“…a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on PluralAsight.”
Check Your Info
On his site Have I Been Pwnd, you can find out whether or not your information was included in the latest breach (or earlier breaches). The site is free and simple to use. To check whether your email was included in the breach visit the Have I Been Pwned link. To see if your passwords were also included, visit Password check page of the site.
When using the site, make sure to check every email address you currently use and every current password. Old passwords might show up in the database, but if you no longer use them, there’s nothing to worry about.
A Few Obvious Password Tips
After running several passwords through the password checker, I noted that only my old passwords have been pwned. Back in the day, that old 8-character password was used over and over again. I used it for almost every site that needed a password. That was back when I was new to the internet. Since then I learned the following:
- Never use the same password on more than one site
- Use passwords that are a minimum of 15 characters long. The longer the better.
- Include upper and lower case letters, numbers and special characters.
- Do not use simple passwords like birthdays, names or colors.
- Maintain a password protected document of all your passwords.
- Never email usernames and passwords in the same document. If you do, change the password immediately.
- Change passwords on a regular basis. When I say regular, it could be annually, semi-annually or whatever frequency works for you. Refrain from setting a password and using it forever on the same site. Try for at least once a year. It’s a new year. Why not make January your change password month?
- Don’t share passwords.
Some programs have 2-factor or multi-factor authentication. Opt to use it whenever possible. It’s a bit annoying and takes a little longer to sign into accounts, but better the inconvenience of signing in than the inconvenience of getting hacked. *heavy sigh* Such is life on the Internet.