Technology Advisor Blog

A hacker has your password.  Now what?

Posted by Ann Westerheim on 1/17/19 11:25 AM

Hacker_PasswordThis week an astonishing 773,000,000 records were released in a monster breach.  Security researcher Troy Hunt first reported the data set which includes 772,904,991 unique email addresses and over 21 million unique passwords, all recently posted to a hacking forum.

Hunt reports that the data was posted on line for anyone to take and not even up for sale in the dark corners of the web.  In fact, not only is this the largest breach to become public, it’s second only to Yahoo’s breaches which affected 1 billion and 3 billion users, respectively. Fortunately, the stolen Yahoo data hasn’t surfaced, yet, but there's a good chance that if your information isn't out there yet, it will be soon.  

What can you do?

After your data appears in a hacker forum or somewhere on the Dark Web, there's no way to take it back.  For many, this is a wake up call to take better care of password safety.

  1.  Use STRONG passwords.  In this particular case, it doesn't matter how strong your password is, if its out there its out there, but using strong passwords is a general safety tip to help prevent many other types of cyber attacks.  
  2. Use UNIQUE passwords.  NEVER use the same password (or simple variation) for multiple sites or applications.  Your banking passwords should not be the same as your gym membership password.
  3. Change your passwords frequently.  When you hear about a major breach, this is a good reminder to change your passwords as it could be a long time before your credentials wind up for sale.  Think of it like changing batteries in your smoke detectors.  Use some calendar (daylight saving time?) to trigger the change.  Anything other than using the same password for years.
  4. Use a password manager.  Think about it.  If you need to use STRONG passwords, and UNIQUE passwords, that you change regularly, there is no way to remember these.  If just one employee in your organization cuts corners, this could put you and your organization at risk.
  5. Get Dark Web Monitoring to protect your business.  When breaches make the headlines, everyone takes notice, but this activity happens frequently, and your data can be for sale on the Dark Web long before anyone publicly announces a breach.  Think of Dark Web Monitoring as an early warning system.
  6. Use Two Factor Authentication wherever possible.  If your password is compromised, no one can get access to your stuff without the second authentication.    Many users see this as an inconvenience, but it's a critically important safety measure to safeguard your information.
  7. Educate your employees on cybersecurity.  One weak link and your business may be at risk.  Too many users still think "it won't happen to me", and too many SMBs think they're under the radar because they're too small.  

For more information on the latest breach, check out a comprehensive summary in  Wired Magazine.  

At Ekaru, we're on a mission to provide enterprise-call service to small businesses.  Please give us a call if you have any questions, or to assess your current security situation.  We're here to help!

 

 

 

Tags: cybersecurity, password, Dark Web

What's my email password?

Posted by Ann Westerheim on 12/13/16 2:57 PM

Cybersecurity is a hot topic these days.  We need "strong" passwords, we're not supposed to use the same pasword for multiple applications, and we need to change passwords on a regular basis.  It's hard to remember all the passwords, and especially hard when you don't even know a password exists!   Your email has a password, but its likely you don't remember it because you don't usually need it on a regular basis.

Who can survive without email?  It’s an essential tool for business!

You’re busy and on the go and probably reading email on your smart phone, laptop, iPad, office computer, and webmail. 

There’s a password for your email, but after your device is programmed the first time, you don’t have to enter it again.  What a pain it would be to have to enter your password each time you read email on your phone, or any of your other devices …over and over again!

The flip side of this is “out of sight – out of mind”:  most people don’t remember what their password is.  Even if you use webmail where you do have to submit a password each time you access mail, your browser is probably “remembering it for you”.

All is well until you get a new phone, computer, iPad, laptop, or any other device. When you set up your new phone, you’ll need your password again.  So you call tech support and ask “What’s my email password?”   The problem is that, for security reasons, we can’t see your password and we don’t know what it is!   We can re-set it for you, which means we assign you a new password.  Now you can quickly get email set up on your phone and you’re back in action!

Later in the day, you may try to access email from your laptop, and you may be very frustrated to see that your email is broken – “Why do I have so many problems with my email!?”

Actually, Microsoft Outlook will just prompt you for your new password.   Enter that password and you’re good to go! Your new password will need to be entered to all your devices, and then you’ll be all set.  

If you want to avoice the hassles of a password reset (which isn't really that bad when you understand why, and how it works), there's no simple solution other memorizing the password (just like school!) or storing your password in a secure location.

Tags: eMail, password

Is your password 123456? Time to increase your security!

Posted by Ann Westerheim on 2/17/11 9:00 AM

Password KeyboardWell over a year ago there was a major security breach at a site called RockYou.com.   One of the interesting outcomes is that the breach offered the opportunity to analyze password behaviors since over 32 million passwords were revealed.

Here is the top 20 list and if you see any of your passwords on this list, its a good time to think about using stronger passwords!

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123
  11. Nicole
  12. Daniel
  13. babygirl
  14. monkey
  15. Jessica
  16. Lovely
  17. michael
  18. Asley
  19. 654321
  20. Qwerty

Strong passwords should include uppercase and lowercase letters, numbers, and symbols.  Your computer security starts with the strength of your passwords, so don't use something that's easy to guess or easy to automatically generate (like a keyboard string or word in the dictionary).

Tags: Security, password, 123456, popular passwords

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.