Having an online life, requires you to have several accounts with a variety of Social Networks, and Websites. You might not be aware of the current scale of almost daily online Data Breaches. Billions of Online Accounts have been compromised as a result. The question is, whether one your accounts is among them, and if so what should you do.
Pwned is a website which was created by Troy Hunt. It was set up after the largest ever single breach of Email Addresses, Password Hints, Usernames, and Passwords belonging to 152,445,165 Adobe customers on the 4th of October 2013. What became very obvious from analysis of the breach, was the number of account holders who reused the same details for other websites.
This resulted in a single user then having several compromised accounts. Data breeches are occurring at an alarmingly increasing rate. Unless account users have different passwords and usernames for each account, it makes them incredibly vulnerable. To date there have been 5,235,843,322 accounts breached according to Pwned.
It is essential for people to know, if an account they are using has been breached. Companies have attempted to withhold, or delay the release of a data breach from customers, due to the obvious reduction of public confidence in a company's ability to protect customers data. After Verizon acquired Yahoo's core internet assets, worth $4.48 Billion in 2017, it announced the Yahoo data breach in 2013, consisted of the names, email addresses and passwords, of almost every user, 3 Billion accounts. In 2014, Yahoo had only reported that 500 million customer accounts had been impacted.
Protecting your Online Account in a few simple steps
1. Check if your Email Address has been compromised
It can be quite difficult to remember every online account you have ever created. However it is important to try, especially if you have been using the same email address, username or password. If one of these accounts have been compromised, all of your other accounts are at risk, because you have used the same or similar details. The first step you should take, is to visit Pawnd to see if one of the accounts you own has been breached. If it has then you need to secure your accounts immediately.
Pawnd Passwords enables you to check if a password you are currently using, is among the 517,238,891 passwords which ave been exposed in a data breach. You will be surprised to see how many of the passwords you thought were secure, have been compromised.
3. Password Managers
While it is best practice, it may seem almost impossible to manage the creation of a separate email address, username and password, for every individual online account. Having multiple accounts, require multiple passwords and usernames. Many people use very weak passwords. Worse again the same passwords are reused on different websites. You should never reuse a Password on multiple accounts. If you are not using a Password Manager, then you need to start.
A Password Manager will store your login information for all the websites you use and help you log into them automatically. More importantly the Password Manager will encrypt your password database with a Master Password. This will be the only Password that you have to remember.
If you choose not no use a Password Manager, then the password needs to be between 20 and 30 characters long. It should also consist of a mix of small and upper caps, numbers, special characters. You should also never use sequential keys on a keyboard such as qwerty or 0987.
There are a number of options when it comes to picking a Password Manager. If possible avoid using the Password Managers which come with Internet Browsers. Try picking a dedicated Password Manager such as LastPass, Dashlane or 1Password.
4. Enable Two Factor Authentication
Every account that you are using, needs have Two Factor Authentication set up to protect it. This adds an extra layer of security to your account. Once enabled, any sign in to your account will require the Username, Password and a code, pin or other piece of information only you know, before an account can be accessed.
5. Be abstract and original when selecting a Username
A Username should never contain any personal information about yourself. Again people tend to use a Username that is easy to remember, such as their first name or surname and often it is combined with a date of birth. Usernames need to be unique. It is also highly recommended, you create a seperate unique Username for each account. This makes it a little more difficult to track you online. Never use any information in a Username like a location, date of birth or your own name.
Be anonymous. Just because a site asks for your details, that does not necessarily mean that you just supply it. Unless it is absolutely necessary avoid entering your own information. When you provide information to a website, always remind yourself, the question of whether an account can be breached, it's when. It appears currently in the online world that there exists two types of accounts, one which has already been breached and those that also eventually will. If you're struggling to create a unique Username, then try using the LastPass Username Generator.
Finally . . .
Consider how difficult it is becoming to maintain a secure account online. Now consider the awareness and ability of a child when they go online to create an account. Parents need to be aware a childs account is just as vulnerable, possibly even more so. We would strongly recommend to parents, that they are involved in the creation of any online account a child creates. Outside of the security implications, it also affords a parent access at all times to the childs account so it can be monitored for anything which is harmful or inappropriate.
Be safe out there folks and be sure to let us know of any tips you might have for staying safe online !!!