Just how safe are your passwords and online security measures?

Posted By on February 12, 2021

My friend Jeff is a cyber security guy and is regularly interrogating me about “best practices” online. I suspect he sees so much that it nearly frightens him away from password_gettyimages-808422590putting anything online (which is nearly impossible these days).

When I first started working with computers in the early 1980s (prior to being online), a simple user name and 6-digit password seemed relatively safe … considering access to  the computer was limited AND the data stored on the computer was of little interest to others. This all changed when we plugged our computers into modems and started “logging into” bigger mainframes and bulletin board services (BBS) … and  then online data sharing servers. Eventually “online services” like AOL, Prodigy and Compuserve popped up requiring a bit more security on our part … especially since logging in started the billing meter.

Once the Internet and “web” grew, so did the proliferation of cyber theft, spreading of viruses and those keylogging devices. Everybody I knew had a notebook full of login instructions … including usernames and passwords … Breachesso I develop a primitive “personal encryption code.” Thankfully the “white hats” continued to build defenses and both hardware and software manufacturers started to take security precautions.

Nowadays with everything online, the BILLIONS available to cyber criminals is too much to resist and it is rare for someone to be online without being compromised in one way or another. Besides using caution when choosing devices that we use online, the emails we open and the websites we visit, we can be more diligent about securing login information — also avoid Chinese chip and equipment. In the past few years have become more and more reliant on encrypted password managers (stored online – ugh). Jeff still used his only encryption software as he doesn’t trust that these online password managers will forever be secure; I suspect he is correct, but still I use them? 

Besides the password managers themselves, every service and company that collects or has information on you is another weak link. Therefore most people have been compromised in one way or another. Here are a couple of ways to check:

Have I Been Pwned and Is Someone Spying On You?

I know what you are thinking … but yes both are reputable and ask only for your email address. They then match your email address against a database of known breaches.

Both services have their appeal. HaveIBeenPwned’s reputation attracts those who wish to publicize their attacks, so the site’s breach reporting seems comprehensive. The site will list the breaches that an email address has been caught up in, along with any corollary information—such as your gender or what your phone number is, for example. The site organizes the breaches by the service attacked, not the date. Why is this important? Because if your email was exposed in a breach in 2016, for example, chances are that your password has been changed since then. But if your email and password were exposed last month, you’ll want to change them right away.

LINK

Another option if you use a password manager is to opt for their paid service which monitors the “dark web” to see if you information shows up. Of course that means it has already been stolen, but at least you might be able to intercede early and make changes in order to protect data or prevent any further breaches?

Comments

Desultory - des-uhl-tawr-ee, -tohr-ee

  1. lacking in consistency, constancy, or visible order, disconnected; fitful: desultory conversation.
  2. digressing from or unconnected with the main subject; random: a desultory remark.
My Desultory Blog