How To Find Out In Five Seconds If Your Online Accounts Have Been Breached

in #forbes5 years ago

Sep 12, 2019, 06:25am

How To Find Out In Five Seconds If Your Online Accounts Have Been Breached

Suzanne Rowan Kelleher
Contributor
Travel

If you've signed up for online accounts, chances are good that your data has been compromised.

If you spend any time on the internet, you’ve likely created accounts with all kinds of businesses – financial institutions, social media sites, online retailers, travel booking sites, loyalty programs and a host of other web services. That means it’s extremely likely that your login credentials have been swept up in at least one major breach.

There’s a fast and easy way to find out for sure, says Caleb Barlow, president and CEO of CynergisTek, a cybersecurity consulting firm.

“A good place to check is HaveIBeenPwned.com. Enter your personal and work email addresses and it will tell you all of the potential sites where your credentials have been likely compromised,” says Barlow. “Most people find that they’ve been compromised on multiple sites.”

When I tried this with my own email accounts, HaveIBeenPwned.com revealed that my information had been caught up in over a dozen breaches. Two sites on the list were email scam companies that had amassed and then leaked information on hundreds of millions of accounts. Other compromised sites included online shopping sites, social media platforms and professional services.

What should you do if you find out that your information been compromised? Look at it as a wake-up call and an opportunity to strengthen your login credentials.

Create stronger passwords.

Many people experience a form of cognitive dissonance when it comes to data security. According to an online security survey from Google earlier this year, nearly seven in 10 people give themselves an A or B grade when it comes to protecting their online accounts. And yet the same study revealed that more than half of respondents reuse the same password for multiple online accounts.

“The problem with reusing passwords for different accounts is that when one account gets breached, essentially all of them are potentially compromised,” says Barlow. “It doesn't take long for the bad guys to figure it out.”

Ideally, every account should have its own password. “At the very minimum, you’ve got to have different passwords and credentials for your work email address and the email address that's tied to your bank account and your online banking account itself,” says Barlow.

Almost as bad as using the same password for all your accounts is creating a “system” to help remember your login info. “Believe it or not, millions of other people will use variations of the exact same pattern.” says Barlow.

“The last thing you want is some commonly repeatable pattern,” he says. “For example, so many people use the pattern of sports team, area code and exclamation point. If you're in Boston, the password ‘Patriots617!’ is going to work for a whole lot of people’s accounts.”

It’s smarter to use a song lyric or literary quote or made-up phrase that you can remember, says Barlow. “You want your password length to be over 12 characters, which sounds really long until you use a phrase.”

Fib on password reset questions.

When you sign up for online accounts, be cagey when answering the password reset questions. “These are incredibly dangerous because they provide information that can be used to reset all your other accounts,” says Barlow. “The questions are always the same and the answers are very easy to find in public records and on social media.”

But there’s an easy solution. “Just lie,” says Barlow.

You don't need to provide the real street you grew up on or your actual high school mascot or your grandmother’s real maiden name. “And frankly, every time you do it, you just lower your overall security posture,” says Barlow. “So rather than using your own information, answer with the data of your grandmother or your best friend so you still can remember it.”

Use a password manager.

Cybersecurity experts recommend password managers to generate and keep track of super-long, random passwords across all your accounts so you don’t have to play the memory game. “Generally speaking, password managers use two-factor authentication and multiple forms of encryption, so they’re a great solution,” says Barlow.

Password managers tend to cover multiple devices and are quite affordable; for example, cloud-based LastPass offers both a free version and a premium version for $3 a month, while 1Password will run you $2.99 a month. Best of all, you will never have to remember more than one password again.

“The other great solution, believe it or not, is this thing called pen and paper,” says Barlow. Writing your passwords down and keeping them in your top desk drawer is very secure because your list can't be breached via the internet.

“It's kind of old school,” says Barlow, “but it works.”

©2019 Forbes Media LLC. All Rights Reserved.