2016 has been a big year for data breaches. Although the initial hack for many of these breaches occurred in a previous year, the breaches became public knowledge in 2016. Many of these breaches included data from large companies such as Dropbox, LinkedIn, and the once popular MySpace.
A great website for checking whether you have appeared in a breach is HaveIBeenPwned.com. It allows you check your email against known data breaches to see whether your data may have been compromised. If you do appear in any breaches it would be wise to change your passwords. You can sign up to receive notifications of data breaches here.
When a company has user accounts and passwords stolen, the attacker often then has a job of cracking hashes to view the original password. This, of course, depends on whether the company has run a hashing algorithm over the passwords – if not the attacker has access to the plain text of your password and can log into your accounts. A hash is a fingerprint created when running the original password though a one way mathematical formula.
This doesn’t make the passwords impossible to crack, but it does take longer for the attacker to crack your passwords. If you are using a weak password the attacker would have access to your accounts first. Strong passwords require more effort for an attacker to crack and helps to protect your account a little longer. If the password is stored in plain text, an attacker can easily see your strong passwords and therefore it no longer offers protection. Therefore, you should have unique passwords for every account. A great way to manage this is using a password manager like KeePass.
A second line of defense is to use Two-Factor Authentication. Even if an attacker obtains your passwords, they will still need a second factor to be able to access your account. The second factor is often a onetime code sent via text, or generated by an app like Google Authenticator. You can view a list of website that support two-factor authentication here.
Ensuring you are not running out-of-date software is another important step in securing your devices. Vulnerabilities are found in many devices and can be use by an attacker to compromise your accounts or access other personal data. Always install the latest updates for your operating systems, programs, and apps.
Be sure to check out our other Tech Tips.