Data breaches happen eg Microsoft accidentally exposed 250 million customer support records a week or so ago, and early last year Facebook’s data breach exposed more than 540 million records
Sometimes this happens because of the big companies carelessness. Other times it’s really complicated – hackers that constantly trying to find new ways to get into these big sites so it’s a constant battle for them. It’s always a bit hard to tell exactly what happened and why.
It’s not always valuable data that is breached, but hackers can get some not-very-valuable data (there’s a thing called social hacking) where people get a little bit of data from you and then they gradually incrementally use that to get more and more data. So, it’s still dangerous. Some people say “I just use a weak password on a site that’s up with not much valuable data in it”. But that’s still a bad idea because hackers can use that to get a bit more and then a bit more and then a bit more so on.
The biggest, best thing you can do is to have some form of Password Manager. Some of the antivirus software packages have them. There are some standalone ones which I tend to recommend. I use one called RoboForm.
There’s another one that’s probably more popular called LastPass. Now, both of these, they do exactly what they say: they manage your passwords.
Now, the thing with passwords if you can remember it, by definition almost, it’s not secure. And if it’s secure, by definition, almost you can’t remember it. So, it’s a real catch 22 with passwords. So with a password manager, you remember one big long passphrase which is what the security blogs call it out, not password passphrase, and you pick a sort of a nonsense phrase that really stays with you, one that you can you know you’ll remember. Like I use a variation of a nonsense rhyme that I loved when I was a kid, which was “and grandma rides a bike”. And at the time, the idea of my grandma riding a bike was pretty hilarious. It’s just happened to stuck in my mind over life so I use versions of that. But anything that’s, that’s a bit nonsense but has meaning for you is a good passphrase to use.
And you just give you a password manager that one passphrase and that’s the only password you ever remember from now on, you don’t care about the others, because the password manager looks after all of that for you. It’s a little bit of work setting up because obviously you have to change your passwords in all your sites that use passwords in and tell your password manager, but once it’s set up it’s actually quicker and easier to log into a site by your password manager than it is to type it in or, you know, especially if you’ve got a few and you can’t remember which one you’ve done in your top two or three passwords in.
The next best thing to use, in conjunction with a password manager, which Facebook does actually allow to do, is two-factor authentication. Now two-factor authentication means you use two different things to get into a website. The best example of 2-factor-authentication is when you have a hole in the wall bank. You put your card in, which you own, and then you put your pin in, which you know. So, it needs both those things for work.
And on most websites, you can activate two factor authentication. And the way it works on websites is you get an app on your phone, called authenticator apps. There’s one called Google Authenticator which I just happen to use. There are others, but Google Authenticator can be used on Android phones and on iPhones. And basically you connect up your site to that Google Authenticator and then it generates a new six-digit code every 30 seconds. So you log into your site, the site will say, what’s your six-digit code, you look at your phone, you type it in and then you enter your site now.
So, a lot most of the big companies are now trying to get you to do it because they realise it’s the safest way to go. So Password Manager by itself is like 70% safety. The two-factor-authentication gives you as close to 100% as you can be at this moment in time. That’s the best practice security you can do to protect your digital life.
Check if you have an account that has been compromised in a data breach here