Breached

123456, 123456789, qwerty, 12345678, 11111, 1234567890, 1234567, password, 123123, 987654321, qwertyuiop, mynoob, 123321, 666666, 18awcsd2w, 7777777, 1q2w3e4r, 654321, 555555, 3rjs1la7qe, google, 1q2w3e4r5t, 123qwe, zxcvbnm, 1q223, football, princess, login, welcome, solo, admin, 121212, flower, dragon, sunshine, master, hottie, loveme, zaq1zaq1, password1, letmein……

Recognize any of these passwords?  Yeah, me too!  I’ve used one or two of them myself in the not-too-distant past and actually used the same one with multiple accounts.  Fortunately for me, I’ve not been the victim of any discernable damage from electronic account breaches – but without a change in my habits, it would only be a matter of time until an account is accessed and damage is done.

Take a few minutes and go visit Have I Been Pwned.  Go ahead, I’ll wait.

Did you find your email address or username in there anywhere?  If so, join the club.  If not, count yourself among the lucky few who haven’t had their information stolen or shared without their permission.  Either way, please read on.

In the same way we cannot depend on others to ensure our safety at all times in the physical world we cannot depend on others to ensure our safety in the electronic world; as an adult you and you alone are responsible for your safety.  It’s sometimes a scary scenario to think about, but the fact is the police in all likelihood won’t be there to protect you.  In the same way, the NSA –despite their electronic fingers in every device known to mankind – will not protect your personal data from criminals.

Only you care about your data enough to prevent it from being easily stolen, corrupted, encrypted or used against you.

  • Ever shopped at Target, Home Depot, Tesco, Ebay, Kmart, Saks Fifth Avenue, or Brooks Brothers?
  • Ever eaten at Arbys, Chipotle, Dominos, Bubba Gump Shrimp, McCormick & Schmicks, or Morton’s?
  • Ever had an account at MySpace, Yahoo, Adobe, Dropbox, Comcast, Tumblr, LinkedIn, AOL, Gmail, FAFSA, Snapchat, GTAGaming, Patreon, Bell, Linux Mint, Vodafone, Xbox 360, Gawker, Sony, or Stratfor?
  • Every watched porn or looked for an affair at Ashley Madison, YouPorn, or The Fappening?
  • Ever banked at Experian, Qatar National Bank, JP Morgan Chase, Citibank, Heartland, or Global Payments Inc?
  • Ever had healthcare with Tricare, Anthem, or UNC Healthcare?
  • Ever stayed at a Crowne Plaza, Holiday Inn, Candlewood Suites, or Kimpton Hotel?

Yeah, have you ever had a life?  Well, if you have – you have likely provided personally identifiable information (PII) to several of the above companies or corporations – there is a high probability your information has been compromised.  Stolen.  Jacked.  Ganked.  Gone.  Information which includes your credit card numbers, home address, phone numbers, email addresses, passwords, answers to your secret questions, social security numbers and much, much more.  All of it in the hands of people who aren’t you.

Once it’s stolen, the people who have obtained it will move immediately to compromise your other accounts by using the same usernames and passwords to gain access.

If you use the same usernames and passwords across multiple electronic accounts, you are especially vulnerable to an account breach.  Once in possession of your information, the thieves will attempt to use those credentials at other locations.  In fact, there are computer programs designed to make this easy for them to do – they simply enter your known username and password, select the designated targets and hit enter.  Sooner or later, they will discover the websites and accounts you have that use common information.  Now, in addition to your Starbucks account, they have access to your Citibank login credentials.  It’s not only your Gold Stars being used, it’s your bank balance hitting zero.

I’m not here to embarrass you or shame anyone but to help shine a light onto the basic issue at hand: it is impossible to guarantee information you’ve entrusted to others will be cared for correctly.  No bunker is truly impenetrable to someone with the means and proper motivation – given enough time, there will be a breach.  Instead, the question I have for you is: are you willing to take an hour or two of your time to proactively protect yourself?  It’s incredibly simple to do and it only takes an hour or two of your time.

An hour or two of proactive work can protect you from a lifetime of hassle and heartache due to stolen accounts or identity theft.  By not recycling the same password on more than one account you can take the wind right out of those dirtbags’ sails.  They are lazy and want to make a quick, easy dollar by trying the same password at more than one location.  Deny them this and they may just move on to the next target.

The easiest solution to this is to use longer, more complex, passwords that do not fall into the ‘super easy to remember’ category.  Stop, I can hear you now, “But how can I ever remember them all?”  Easy!  Use a password manager and enabling two-factor authorization (2FA) whenever and wherever possible and you have made yourself a much more elusive target to take down.

You can add an easy-to-use password manager like Lastpass, Dashlane, or Keeper to your internet browser and mobile devices and quickly and easily log into any and every website through a simple verification process.  You will vastly decrease your passwords’ susceptibility to cracking by increasing their length and complexity while actually make things easier to use for you – bonus!.  You can even add another layer to it by choosing to opt in with 2FA such as Google Authenticator or Authy.

Folks, it’s incredibly easy to do and only takes a little bit of time.  You’ll potentially save yourself hours or days of headaches by stopping fraud and ID theft right before it happens and, perhaps, a lifetime of misery when you don’t have those embarrassing texts or emails that were TOP SECRET shared with your entire friends list.

So, please, take a few minutes and start writing down all of your email, social media, bank, utility, music, and shopping accounts.  Once you have a list, go through them one by one and, after logging into your chosen password manager utility, go through the password change process.  Your password manager tool will help you create long and complex passwords and will keep them safe with a single master password or passphrase.

*I personally use LastPass and Google Authenticator.

I highly recommend reading the Troy Hunt’s blog at www.troyhunt.com and be sure to visit his amazing website www.HaveIBeenPwned.com where you can search to see if your private information has been subject to hackers and breaches.  It’s a mind-mindbogglingly huge collection of data and he’s doing yeoman’s work to keep everyone apprised of where they’ve been compromised.

http://www.bankrate.com/finance/banking/us-data-breaches-1.aspx

https://haveibeenpwned.com/PwnedWebsites

https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/

https://13639-presscdn-0-80-pagely.netdna-ssl.com/wp-content/uploads/2017/01/Worst-password-infographic2-02.png

https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/

https://www.tripwire.com/state-of-security/featured/so-just-why-is-18atcskd2w-such-a-popular-password/

https://www.tripwire.com/state-of-security/security-awareness/on-password-managers-perspective-and-patience/

https://www.identityforce.com/blog/2017-data-breaches

 

Leave a Reply