by Karl Plesz
If you’re doing any of the following, you’re putting the security of your email and other online accounts at very high risk of being compromised if they aren’t already:
• Using the same password on a lot of different online accounts, especially sensitive ones.
• Using weak passwords, which includes anything less than 14 characters in length.
• Using words that might be in a dictionary, except when in a very long passphrase.
• Using known character patterns, like 12345678 or qwertyuiop.
• Using simple numb3r 4 l3tt3r subst1tut10n (it doesn’t work).
• Keeping the same password for a long period of time, or past a point at which it may have been compromised in a breach.
You’re probably thinking, “How can I find out if any of my email addresses or passwords have been compromised?” With a Google search, you can find webpages that will check if your data has been compromised.
Start with all of your email addresses, one by one. If the above site indicates that an email address has been leaked, read the details. What matters here is not ‘if,’ but ‘when.’ For example, according to ‘haveibeenpwned,’ one of my email account addresses was compromised along with many others in 2016 during a particular breach of a specific website. However, I have changed the password to that account at least three times since then, so I am safe.
Anytime I find my credentials in a list of compromised website accounts, I change the password to something else that’s unique and at least 14 characters long, preferably a passphrase. Nothing related to me personally. They may have my email address, but they no longer know my password. You may ask, “What’s a passphrase?” It’s a string of words that don’t seem to go together. “SANkonaamcoffee~” is a great passphrase because it represents something special to me, but nobody could ever guess it or crack it in a reasonable amount of time.
If you are using any password at all on multiple accounts, you really should check them. If the password you check is in fact on the known list of over 500 million compromised passwords, you need to change it pronto on every login using that password, especially if they protect something vital, like shopping, banking, social media, a business, or government site. A compromised password is in the public domain and is being used by bad actors to try to get into every site login that exists.
By the way, if you want the ultimate in password security, subscribe to a top-rated password manager. Once you do, you’ll only ever need to remember one password! The password manager will remember the rest for you, and so much more.
Click here to the Montgomery Community News home page for the latest Montgomery community updates.
