PSA: Change the batteries and your passwords!
Happy New Year Everyone! Now is the perfect time to check those Smoke Detectors and also a great time to change your passwords.
If you haven’t read my post on Nest Protects , you can click the image below.
Spoiler Alert: They last on average about 10 years and should be tested yearly.
Your email address unfortunately lasts a LOT longer and needs to be checked even more. It seems like every few weeks, there is a MAJOR internet breach where thousands to millions of emails, names and passwords are leaked onto the internet. It really is almost impossible to keep up with it all. You may have noticed an increase in spam and phishing related emails hitting your inbox due to the holiday season and many of them are using leaked data to create the illusion of a real hack.
You can read an excellent article describing one of the methods here: Business Insider
It is really a losing battle to try to be reactive to the reports since many times these breaches are only revealed years after they happen to the companies for fear of bad press.
I think the best strategy is to go on the offense and pro-actively change your passwords regularly and strive to create uniqueness for each one so that a single leaked password from a breached site doesn’t compromise your entire online identity. The best way I have found to do this is to use a password manager. A program that will allow the convenience of autofill (which also helps identify phishing attacks) and encourages good password habits overall. There are lots of them but my password manager of choice is LastPass. <- You can use my referral link for a free month.
One of my favorite features of LastPass is the multifactor authentication options. If you have the option to enable this for any website, it is worth it. This is especially valuable for financial and email accounts. Potential hackers/scammers would need your information AND access to your phone in most cases.
Another place you can go to see if your information is ‘out there’ on the internet is to go to https://haveibeenpwned.com/. I’m sometimes leery about putting my email address into a website for fear IT IS A SCAM SITE but this particular one was created by a very well respected Microsoft developer Troy Hunt. The website is linked directly from his verified twitter account and he is the creator.
One of the nice features of this site is that it also checks to see if your data has been pasted onto any of the free websites that are used by scammers to exchange lists and such.
One important note: Unless you have just created your email account and never used it anywhere, it will most likely have been caught up in a leak. With high profile leaks of the 100 millions, almost everyone will have some exposure.
But using this site can remind you what type of information is out there and that you should be changing your passwords regularly and keeping them siloed and unique.
Be safe out there!