As a tech who has been in this industry for 10 years now, I’ve come across a myriad of issues I’ve had to fix, ranging from the simple and mundane to the complex and long-standing. Enjoying the satisfying feeling I get from solving the problem, seeing a big smile come across the face of the customer, followed by a big sigh of relief and elation. I’ve noticed one thing that’s always re-occurring. While this is one of the many things that will keep me in business and guarantee never ending work, it’s also the biggest pitfall I see people not take seriously enough. Both techie’s and user’s alike.
That is saving your passwords. I know it’s convenient and you have lots of passwords for different things to remember, but please understand the slight inconvenience associated with the extra effort it takes to remember and/or safely store said password, pales in comparison to the fallout that occurs when your account gets hacked and your identity gets stolen as a result of your negligence.
There are many ways to go about building the habit of properly creating and storing your passwords. including ways to remember them. Even though I always suggest memorizing your password’s I know that’s not always an option for everyone.
1) You can make your password, from a passphrase, a quote, a line from a song or poem, that only you know. Like a favorite cartoon, movie or food item. Anything that helps you meet most password complexity requirements and makes it harder for anyone who isn’t you, to guess it.
2) Don’t use the same password across different sites or accounts. From online banking and bill pay, to shopping and social media, the last thing you want to do is have one password unlock your whole internet life, that easily. As I always tell friends and family, if someone decides to hack your account, make them work for it, at least.
3) Store your password in a safe and easily accessible place for you. This can be in a notebook if you prefer the old school approach, a tablet/iPad or any digital note taking app on your phone that can be accessed from your computer/ tablet or alternate device. I reccommend going the digital route as notebooks can be misplaced, and if you don’t find it, there goes your passwords. The digital option is more reliable, as long as the battery isn’t dead. You can also take a picture of the passwords in your notebook, as a middle ground compromise, as well.
4) Another way to store your passwords is using software that acts as a vault (such as google password manager or bitwarden, etc.) This is a web browser plug-in that saves and encrypts your password and automatically enters it into the website you visit when prompted. This option is highly utilized however I don’t suggest it, because that option is locked down to your device and if you use an alternate device, that your profile isn’t signed into (on that browser) you have to enter your password manually anyway.
The reason I’m so adamant about safeguading your passwords, is because unfortunately data breaches happen very often and you never know when a hacker is trying to log into your account. Enabling MFA (multi-factor authentication) at the bare minimum, in addition to creating stronger, more unique passwords, are required now. Plus that added step gives you a warning of attempted break-in, in the rare event they actually guess your password. I had such an experience recently with my linked in account.
I received a alert in my Google e-mail, stating a hacker tried to access my account and they were located in germany. Opening my e-mail it asked me if I was trying to log in and asking me to approve that log-in. Obviously I didn’t approve it, plus given the time difference, i’m sure that prompt expired, long before I saw it. Despite the fact that I was “saved” in that instance, I became paranoid, as I had no idea my data attached to that e-mail had been breached. Up until this point only one other e-mail I was notificed was leaked during a company data breach. So how did they even get that far on this account?
I then did a deep dive with my e-mails and Google: I changed all the passwords to all of my accounts, enabled a third form of MFA, and cleared all the old password data and browser cache’s. I was mortified to discover that not only was there data stored in browser settings that I had previously declined for it to be saved. (such as passwords, payment cards, addresses, etc.) but there was even other people’s e-mails and saved data that I discovered in my cached settings.
I saw two people’s e-mail address/ username and password as well as the websites it belonged to, saved in the cached settings. I won’t reveal here what they are, out of respect for their privacy, however I am still not sure how it got there and why it was there all that time. So if I ever had the gumption to log into those accounts and do “damage” for those two people, I wouldn’t have to do any work. The info I needed was waiting there for me.
That made me question whether these browsers shared that same cached info with other people who also used the same one. My paranoia went into full effect, and I started scrubbing the data from the other browser’s I’ve used to access other data- sensitive websites. Going down that rabbithole, I checked the websites I frequently access to see if any login data was saved. While I have changed how I log into those websites; while exploring pinterest, I saw pins and sections that sold people’s data.
Yes, on Pinterest, of all places, had pins that were titled “Do you want free netflix?” If you clicked on that Pin, you were brought to a web page that had a list of peoples e-mail address and passwords that if used, you can see if you can log into a netflix account and enjoy that service on someone else’s dime. Netflix has since changed how it’s services work, by preventing anyone from utilizing an account that is outside of the household of the primary account holder. That decision was possibly made from an economic standpoint, as a means of “making” people to get their own account so they can use the streaming services, inevitably it helped secure the accounts of it’s customers, as regardless if anyone get’s their credentials, they won’t be able to use it without paying for it. As they aren’t located in the account holders’ household.
Google: Case study in business ethics of their suit and data breach
Google: My gmail email is compromised (found out on capital one credit tracker) but that might not be the fault of google as opposed to where they got my e-mail from
Pinterest: Has a section that’s “selling” and displaying account login and passwords for everything from Netflix to bank accounts, birth certificates and credit and gift cards. Some of these things are expired but the fact that they’re up there in general is bad enough.
Solutions: Password manager- shaky, it’s cloud based but if it opens all your stuff is in there. It can scramble passwords but if you have to enter your stuff elsewhere you don’t know it.
Notebook- can get lost, the ink fades, have to remember to look for that book
Tablet- You can save it in a digital planner if you have a tablet or phone that you use for everything- safer- but must be used and battery charged efficiently to use it. (Utility wise)
Regardless of that do these solutions as well:
-Create passwords based off of events in your life. Things that are near and dear to you, it’s harder for people to guess such minute/ minuscule information, but easy for you to remember
-Change your password syntax regularly. It doesn’t have to be a major change, just capitalize what was once lowercase, change the symbol you used last time and/ or add something to the password that wasn’t there before
Please for the love of god, don’t save any passwords in your web browsers, not only does it make it easier to access and hack your stuff, but if you ever change the password to that particular website, the old password doesn’t automatically sync, which leads to conflict; thus locking you out of you’re stuff due to the conflicting password mismatch.
