Monday, 29 August 2016

Has Your Password Been Hacked? Check here.

Recently I wrote about the benefits of using a password manager, and why you shouldn't use the same password on more than 1 site.

Yesterday I received an email from Dropbox informing me that a bunch of passwords were stolen from them in 2012, so we are still learning of problems years after they happen.

Today let's check if your passwords have been hacked. Go to https://haveibeenpwned.com/ and type in your email address(es). The site will quickly tell you if passwords related to that login have been "pwned". (Hacked and sold/distributed on the internet), and what specific site(s) the passwords were stolen from.

Haveibeenpwned.com also will let you sign up and notify you via email if your credentials are stolen in future incidents that they become aware of. The service is free so I strongly encourage everyone to register.

Now let's talk about password length. For years the IT security group at your work has been insisting you use a password that is at least 8 characters long and complex because it's so hard to crack.

That's just not as effective any more. In fact, the new recommendation is that passwords be a minimum of 14 characters long.

What's even more surprising is that password length can easily trump complexity in making it much harder to crack. The reason for this is the increase in entropy. (A measurement of how unpredictable a password is)

Think the password you typically use is a good one? Try entering it in to the password meter at http://www.passwordmeter.com and check the score it gives you. Many people are surprised to find their "strong" password isn't as great as they thought.

Passwordmeter.com bases their score on a minimum 8 character password, but 14 is a better choice these days. Remembering a 14-character password isn't going to be fun so consider using a password manager.

Online security is a constantly moving target, but passwords are still the basis of most authentication. The bad guys know this and actively go after passwords because many people use 1 or 2 passwords for all websites, and rarely change their passwords.

The easiest steps to protecting yourself are to use a password manager that auto-generates new passwords for each site, and turning on 2-factor authentication (2FA) where you can.

The internet is far too convenient to not use, but not using it safely can cause a ton of problems.

Happy surfing!

-The Home Geek

No comments:

Post a Comment