Data Breaches (passwords) and how they effect you

lastpassI keep hearing that passwords are being ‘stolen’ from big corporations. Is this something I need to be worried about?

Short answer, Yes!!! Very much so. It takes longer for me to explain how a hacker nabs your password than it takes to actually do it. The worst part is that a “hacker” stealing passwords doesn’t even have to have much in the way of technical know-how.

One of the easiest ways of stealing passwords is by using a method called “Packet Sniffing”. Packet sniffing is as easy as downloading a program which analyzes network traffic. In other words, when you perform actions on the internet, that traffic can be spied upon by any other computer on that network, including someone in the parking lot with a laptop and one of these:  http://www.newegg.com/Product/Product.aspx?Item=N82E16833164030 which can join a network up to a mile away (if not further). Much of what you do on the internet is transmitted over the network in plain text. Email for example. Emails are transmitted in plain text, meaning that they are not encrypted nor obfuscated in any way. Moreover, when an email is sent, it has to route through many other email servers, and each server saves a copy  ! That alone should terrify you if you have transmitted sensitive information via email (like credit card numbers, usernames  passwords, social security numbers, etc). For this reason it is extremely important to never transmit secure information via email.

Other methods may involve more technical methods such as breaking into a server and stealing password databases.

For someone who doesn’t know much about this stuff it can be pretty scary, but don’t worry, protecting yourself is pretty easy but it requires a shift in thinking with regards to security.

First of all, most people’s passwords are woefully insecure. It is astounding to find the number of people who thought that “password123” was a good idea as a password. Passwords should contain at least one lowercase letter, one uppercase letter, a number and a symbol. A password should be no less than 8 characters and for best results should be at least 16 characters. Example: @8DAtr2Fy%XVYy*d Additionally, you should NEVER use the same password in more than one location.

This is usually the point where most people get lost. If you use a different password for every different website, how in the world are you supposed to keep them all straight??? Enter password managers. The 3 most notable password managers (in order of how much I like them) are:

* Lastpass
* Dashlane
* Keepass

For the sake of my carpal tunnel I am only going to cover Lastpass. Lastpass integrates with your browser and allows for super simple password management with a simple click.

The idea behind password managers is that you have 1 single password to remember, which unlocks the password manager at which point, the password will then manage all of your individual passwords. As an example, once I have unlocked my password vault with lastpass, if I enter a username and password into a website, lastpass will ask me if I want to save the user/pass for that site. All I do is hit “save password” and from that point forward lastpass will take care of keeping that password safe for me, I don’t even need to know what it is.

When you are signing up for something new, you can simply right click in the password field and have lastpass generate a secure password for you. As mentioned previously, you should be using a different password for every single different thing that requires a username/password. It does require a shift in thinking and how password management works, but after a short time it becomes second nature.

How many of you would be completely SOL if someone managed to get hold of your password? My guess is that the number of you who are vulnerable is uncomfortably high. Don’t take a chance. Be smart, be safe!

Here is an excellent writeup done by Lifehacker some time ago that explains the various programs in more depth: http://lifehacker.com/5483119/the-easy-any+browser-any+os-password-solution

Lastpass  : https://lastpass.com/

Leave a Reply

Your email address will not be published. Required fields are marked *