How Vulnerable are your Passwords?
The biggest annoyance people face when using online accounts today is passwords.. or rather creating and remembering them!
Most people tend to use passwords that are easy to remember, but this also means they can generally be easy for others to guess, and to make matters worse people also use the same password for multiple accounts.
It’s not really a topic that people dwell upon until something bad happens… You get an email from a company saying ‘Thanks for you purchase’ or worse still, you check your bank account only to find someone has used your details to make a few (expensive) purchases!
So how do hackers get your details?
There are various methods used by hackers to gain access to your account – sometimes it’s guesswork (if you are using common passwords), sometimes they use what is known as a ‘Brute Force Attack’ – this is where they use a software program to try literally thousands of passwords against your account until they get the right one, however sometimes it’s a far more sinister method, one that has been used far more recently than ever before.
You will often see on the news that some well known company has suffered a ‘data breach’ exposing the email addresses and passwords of its customers – this is happening more and more and is big business for hackers. But what happens to all this stolen data?
This stolen data ends up being sold to the highest bidder, usually on the ‘Dark Web’ – Once in the hands of a hacker, all they have to do is log onto YOUR accounts and make purchases with YOUR hard earned money!
A company called 4iQ has recently discovered a database of stolen, leaked or lost data on the Dark Web containing 1.4 BILLION email addresses and passwords – The largest collection of its kind ever found – None of the passwords are encrypted making it even easier for hackers to use.
How do I know this?
I know this because an old unused shopping online account that I held was recently accessed by someone and unauthorised transactions to the sum of over £700 were made against me.. !
It was an account I don’t use anymore and hadn’t changed the password for years…. and yes you’ve guessed it – the details were on this list!
Needless to say I’ve now sorted everything but it just goes to show it can happen to anyone..
Is there anything you can do about it?
The company that found this database offer a free service to check if your details are compromised..
You can find more details on a post by Medium.com
If you don’t want to read the whole post the simplest way to check is send an blank email to firstname.lastname@example.org with the subject Password Exposure Check, they will check the database and reply to your email telling you if your details appear on the database.
For security reasons this will only check the email address that you send the message from – If you have multiple email addresses you need to repeat the process for all of them.
Either way you should be using secure passwords and changing them regularly.
A secure password should ideally contain a mixture of letters, numbers and special characters (*&^$£), generally speaking the longer the password, the harder it is to crack (16 characters is recomended by some experts)
Some websites, such as Facebook, PayPal & Ebay offer what is known as ‘2 Factor Authentication’ – this is where you provide a mobile number when you register the account and each time anyone (including you) tries to access the account, a code is sent to the mobile number, and you have to enter this code into the website before they will give you access.
If you use a website that offers this, then please use it! It could save you a lot of heartache in the future.
Don’t say you haven’t been warned!
Stay safe 🙂