I Don’t Know My G-mail or Facebook Passwords…

Full Disclosure: We are affiliated with LastPass but this article still applies if you use rival password managers. We also collect a fee if you purchase a YubiKey from Amazon through the link contained in the article.

By Josh MacEwen

A Text Image That Says "When it comes to passwords, ignorance is Bliss"

And that keeps me secure. If you know your password, that means you can tell it to somebody else. It also means you can reuse it for more than one account, which over fifty perfect of people do. If you do either of these things, your passwords are not keeping you secure.

Recently, there have been many reports on data breaches. These include Marriott, Equifax, Bell, and Desjardins. Many privacy leaks involve the release of e-mails and passwords. It is not that these are drastically increasing in frequency, it is just that now there are penalties if companies fail to disclose them. Sometimes, hackers are not even involved. Facebook, or more specifically Instagram, had an unsecured file, containing millions of user passwords that were accessible to its employees. We have yet to see meaningful consequences for this behaviour. The harshest punishment is related to the non-disclosure of breaches. The downside is that only companies with customers in Europe are bound by the legislation. This led me to the conclusion that I will be the one punished most if my password were exposed.

The question now is, what can you do to protect yourself? Check if your credentials were published as a result of these breaches. To do this, I went to Haveibeenpwned. Troy Hunt created this website. Despite choosing a ridiculous website name, he is a very credible person in this field. Using Troy’s website, you can see which e-mails and passwords of yours have appeared in breaches. These processes are separate to maintain privacy and security. If your information shows up, you should change those passwords immediately. Then you should ask yourself, “What other accounts have I used this password for?” and go from there.

Source: Daniel Berry
This guy gives a quick walkthrough of Haveibeenpwned.

Before changing your passwords, I advise you to get a password manager. I use LastPass. Password managers allow you to forget the passwords to all of your accounts, besides the one for the manager itself. Some password managers, including LastPass, suggest strong passwords that you can customize based on requirements. I trust LastPass with this data because of their robust security practices and endorsements by cybersecurity professionals. They make it convenient to store and retrieve passwords, especially with their mobile applications and browser extensions. LastPass runs your account details against Haveibeenpwned‘s database, notifying you when there’s a match. They will also ascertain how robust your overall password security is. Get LastPass before updating your passwords so you can keep yourself secure.

Truthfully, I waited a long time to start using a password manager. I thought it would be inconvenient. I couldn’t have been more wrong on that. My account logins are faster than ever. Even though I don’t know my password, I can still give family members access to my Amazon Prime Video account! I can easily revoke their access too! This feature is perfect for businesses, especially when employees leave. These are just some of the many features that password managers, such as LastPass, come with.

In addition to getting a password manager, you should set up two-factor authentication. Please avoid using text messages as the second factor. It is easy to beat that method, and it is terrible when someone does. I use the YubiKey, which is a physical key. After entering my password, I have to place the key into a USB slot or tap it against my phone. This ensures only those who know my password and have physical access to my YubiKey can get into my accounts. For places that do not yet accept hardware tokens as authentication methods, I use an authentication app on my phone. Although similar to a text message, this is more secure and usually more convenient. Both Microsoft and Google provide reliable authentication apps. Regardless of the method you choose, it is best to not rely solely on a password for authentication.

Source: ZDNet
Hearing this story is why I upgraded to a YubiKey for my second factor of authentication. Matt shares additional tips he’s using to make his life more secure after being hacked.

Following these methods has allowed me to be more secure while making my life more convenient. It is hard to balance safety and convenience. Even if faster logins weren’t a benefit, security should be a priority. Just imagine if I got a hold of your Facebook password, something that is not hard to do. It would be even easier to clone your phone’s SIM card. Could I use these to get access to your Google account, which most likely contains your search and location history? Worse yet, could I get into your bank accounts…

Other Content Worth Looking At:

Dufferin’s Spotlight may earn an Affiliate Commission if you purchase something through links in this article. More details can be found here.