In today’s day and age we are increasingly interconnected through the internet and most Internet-based service, be it Social Media, video streaming, or food orders, creating your identity account is almost unavoidable. Which of course, means you end up with scores or accounts, if not hundreds.
Hackers are increasingly able to steal more
The unfortunate trust is that these companies where you provide your email ID, and possibly other details like phones, addresses, financial details, etc., are not able to stop the hackers from stealing your data through either sheer
That is potentially 10% of worlds population.
So how do these hacks affect you?
Apart from the obvious loss of your data, e.g. your email, phone numbers (e.g. Yahoo hack), bank account information (as in case of Marriot), home address (Zomato – a food delivery app), sometimes the hackers can target potentially sensitive information, e.g. health information, or, in case of Ashley Madison, information that can bring disrepute.
Can be worse!
If a hacker is able to get hold of your email, and password, even if the password is encrypted, it is relatively easy to break the encryption using tool called “rainbow tables“, which reduces the time required to brute force a password significantly.
And that exposes you to a multitude of risks due to password re-use.
What is password reuse?
It’s an extremely common practice for almost everyone to reuse the same password for multiple accounts. It is understandable as it’s impossible to create and remember so many different passwords for the scores of accounts you may have.
If hackers have your email, and encrypted password and they manage to break the password, they can gain access to your other accounts as well.
But I never faced any issues?
Just because you haven’t, doesn’t mean you won’t. One of my emails (screenshot from haveibeenpwned.com below) has been leaked in 10 different breaches, but I have not lost access yet because I follow the simple rules that
So how do you safeguard yourself from such hacks?
To an extent, you can protect yourself, by taking a few precautions as outlined below
1) Don’t reuse passwords, use a password manager
It is obvious but least followed rule of personal account security, DO NOT REUSE PASSWORDS.
Instead, depending upon the browser you are using, use it’s password storage feature.
E.g., if you are using Google Chrome, you can click the small button on top right and set up your sync feature. (If you are unable to set this
You can also use third-party password storage apps, e.g 1Password, LastPass etc., personally I trust a Google or Mozilla more to safeguard my passwords.
2) Use a secure password
I already wrote about how the worst possible passwords are also the most popular. It’s incredible to think that “123456” is the most commonly used password.
First of all, a 6 character password can be brute forced using a
Ideally, at minimum a password should contain
a) 8 – 16 characters or more
b) a combination of upper case and lower case letters
c) alphanumeric (numbers) and special characters (!@#$%^&*),
You don’t need to remember these password, just use a password manager to store them.
In fact, Google Chrome will automatically suggest secure passwords and save them for some websites, use this feature whenever possible.
3) Use two-factor authentication (2FA/MFA)
Nowadays, most services provide multiple factor authentication (MFA) where you have to provide your password and another code that can either SMSed to you or delivered using an authenticator app.
A MFA login system will prevent attackers from loggin in to your accounts even if they know your username and password.
4) Try to change your passwords once a year
Even after these precautions, it’s possible hackers would have breached the security of one of the services where you have an account.
As I mentioned earlier, if they get hold of your encrypted password, they can easily decrypt it and try to steal access, hence to protect yourselves, change your password at least once a year. Ideally, experts suggest changing passwords every 90 days, but it can be difficult to manage that.
And again, follow the steps above, i.e. use a password manager to store the new passwords, create a secure password, and opt-in for Multi-Factor Authentication wherever possible.
Check if any of your email ID has been leaked
Go to haveibeenpwned.com, check if any of your emails have been leaked, if yes, change it passwords immediately.
Hackers will try to get access to you email account so that you cannot reset any of your password on accounts they might target.
E.g. if your Facebook gets hacked, you can recover it by simply resetting the password. But if you lose access to the email you have used to create the Facebook account, it’s near impossible to recover it back.
With increased reliance on online accounts, it’s imperative to protect yourself against threat or you risk losing not just an account, but also your financial, health, and other personal information. In some really bad cases people have lost their entire life’s savings.
Let us know if you have any thoughts or doubts in comments below.