News of a big name company suffering a data breach is all too common these days. But what about the customers of these companies? Have all their customers’ details been compromised?
Once a company has been hacked the cybercriminals release / sell any information they find. This can include the customer’s email addresses, usernames, passwords, etc.
Why do the bad guys care about these details? In a perfect world, the victims of the breach quickly change their passwords to prevent any security risks. But we don’t live in a perfect world and users don’t regularly change their passwords.
Take a moment to think about how many unique passwords you actually have. Many of us have dozens of different online accounts but only a handful of distinct passwords. That means a hacker can use the stolen data from, say, one site and try the same password on a banking site.
Cybercriminals have the capacity to keep on trying. They will take each stolen username and password and use that data to try and hit many other accounts in a massive, brute-force effort.
What can you do about it?
Stop using the same passwords on multiple accounts. You need a unique password for every account, yes this makes things difficult to remember.
One solution is to use a password manager. Many browsers have a pop-up window offering to remember a password for a particular site. If you say “yes,” the browser automatically populates access credentials on your return to the site.
If you use Google Chrome, you can also check if your passwords have been compromised. Google Safety Check compares your saved usernames and passwords against over 4 billion compromised credentials.
To check for leaked passwords, head to “Settings” in the Chrome browser, then navigate to “Safety Check” and “Check Now.” You will then get a report that identifies any compromised passwords and allows you to review and fix any issues.
Safari has added similar functionality in its latest release and Mozilla’s Firefox browser also has password checking built-in.
Strengthen your passwords
Creating a strong password is challenging, as you’re aiming to come up with something a human or computer can’t guess!
Different sites will have different parameters. You need a combination of uppercase and lowercase letters, numbers and special characters. Having a different mix of these helps make the password more difficult to crack. And the longer the better; That is why passwords a browser suggests to you look like a string of gibberish.
Pay attention also to warnings from the site requiring your credentials. If they say your password is weak, believe them. Safari and Chrome suggest stronger passwords when you create a new account.
If a provider has notified you of a data breach, change your passwords immediately. If you do not practice healthy password hygiene, hackers are ready to take advantage of your ambivalence.
Dark Web Scans
It is easy to change your passwords once you know that one of your providers has been breached but what happens if they don’t tell you or if the breach happened a while ago? Dark web scans are similar to the scan I mentioned above that is done in Google Chrome. They scan your details on the dark web to see if any of your accounts are listed in any of the known lists.
Need help checking your passwords and setting up a password manager for you and your staff? Contact us so that our IT experts can help you!