Keeping your cyber stuff safe: the one thing you’re probably doing wrong
The other day, I received a rather scary email.
It addressed me by name and politely informed me that it had successfully hacked one of my accounts and here was my password. In order for my private particulars not to be shared with the wider world, here were the details for a Bitcoin account into which I could deposit $1,500. Thank you, and have a nice day.
Not ideal.
The me of 6 months ago would have freaked the f*@! out. Not because the hacked account was of particular importance. Indeed, the email didn’t actually specify which one had been hacked. But it didn’t have to. The exposed password happened to be same for most of my six squillion odd accounts.
Fortunately for me, my security-savvy better half had schooled me on the dangers of duplicate passwords not 6 months prior. And even more fortunately for me, it was one of his lessons I had elected to act upon.
It went something like this:
Hackers are constantly trawling websites, probing for weaknesses. Some sites have pretty good security. Some do not. The ones that fall into the ‘do not’ category will probably get penetrated.
Knowing that most users tend to repeat-use the same password across a whole bunch of their accounts, the information gleaned from this single penetration event can then be plugged into more potentially damaging domains — bank accounts, email accounts, online shopping accounts…
This opens up a much wider drain down which they can and will suck your money, private/personal content and identity.
Your best protection is to make your passwords long and complicated. ‘Password’ is not an acceptable password. And for goodness sake don’t reuse the same one across multiple accounts!
Thus the lesson ended, and we went off to eat cheese and biscuits. But the message hit its mark. The risks were clear, and the ‘don’t re-use the same password’ argument was compelling.
But how on earth could I ever retain tens or even hundreds of different, complex codes, let alone remember which one was for what account? I, like most people, had no confidence that my already over-crowded brain possessed the mental bandwidth to master such a cognitive feat.
Enter the role of the password manager.
Password managers are encrypted, often cloud-based systems whose sole role is to securely store all of our passwords together. When using them, we literally have one job — to remember our single ‘master password’ — which unlocks the gate to all of the other passwords we have recorded.
While this centralised setup may itself seem a little dicey on the risk-front, the likelihood of a password manager being penetrated is pretty minimal. Like us, they also have only one job; to not get hacked. As such they tend to have pretty tight safeguards in place. After all, no one would use them if they didn’t.
At any rate, it seemed safer than what I had been doing up until that point. So I created an account with the free password manager LastPass and set about changing every one of my six squillion identical or semi-identical passwords.
Now, I’m not going to lie; it was a veritable pain in the proverbial to log in to every single account, change every single password to something long, complicated and distinct, and add each one to LastPass.
But within a few days I was done.
My brain felt clear and at peace; relieved of having to remember which of my passwords had exclamation marks at the end, which ones included numbers, and which ones started with capital letters. And I felt smugly secure in the knowledge that my cyber stuff was safe.
So when I received that scary email last week, I didn’t feel scared. And instead of transferring $1,500 into some cheeky hacker’s Bitcoin account, I bought my better half a big block of chocolate instead.