- Joined
- Dec 23, 2009
- Messages
- 26,706
- MBTI Type
- INTJ
- Enneagram
- 6w5
- Instinctual Variant
- sx/sp
No doubt many of you have heard about the numerous social media password breaches as of late. Many sites such as LinkedIn, MySpace, and 939 forum sites managed by a company called VerticalScope have had large numbers of passwords breached/leaked. Mark Zuckerberg is an example of one such person whose account was hacked.
Lessons From Mark Zuckerberg's Social Networking Account Breach
What does this matter to you? What it means is that there is a chance your passwords may have been been compromised in one of these big breaches. Maybe you received a notification from them and you changed your password on their site. That’s good! The thing you might not be thinking about is if your password was compromised and if you use the same password on other sites, your password on those other sites isn’t doing you much good anymore. There are a few places to check and see if you might have a problem. One site that allows you to check this is LeakedSource. Just put in your email address and it will tell you if your password was leaked in any of the recent major breaches. If you pay the $4 you can actually view some of the passwords that were breached but you don’t really need to in order to get the idea. Don't panic if you find yourself on the list - after all it's a social networking site and not your life savings. Just take a few precautions.
I'd like to take this opportunity to make a few recommendations:
- Don’t use the same password on all the sites you access. It is best to use a different password on every site. Be especially careful about your email account password and accounts where you do financial transactions, like your bank.
- Change your passwords on a periodic basis. You might want to do this once every six months or so. If you find your password was leaked in one of those major breaches, make sure you change it wherever you are using it.
- Pick good passwords. Here is an article that has some recommendations on how to do that.
- Recognizing how difficult it is to do #1, #2 and #3 above if you access more than a few sites, which means almost everyone, get a password manager tool. There are a bunch of them out there. I use LastPass. This password security thing isn't worth messing around with and the password manager tools make make your life a lot easier. For a few bucks you can get some software that picks strong passwords for you, remembers them for you and automatically scripts them when you log in. It works seamlessly across your laptop and smart phone. One thing I like about LastPass is it has a tool to allow you to audit your passwords, gives you a score and look for places where you have bad ones.
- For sites that are important, use "multi-factor" or "two-factor" authentication. What sites are important? It's the sites where you can access sensitive things - like your email account, bank account or brokerage. The option for two-factor authentication is often there if you check. Two factor authentication generally requires you to put in an additional one time password in addition to your standard password. Think of it as being authenticated by what you know (your normal password) and what you have (a token or your phone typically). We have two-factor authentication available as an option on the forum. You can find it here or look for Two Factor Authentication under UserCP and follow the simple instructions. This technology works differently on different systems. In the case of our forum, it requires you to install a couple of apps on your phone. It took me three minutes to turn on for my account. The way the software works on the forum is that if you come from an IP address that you haven't come from before, it asks you to put in a one time password which is generated every sixty seconds using the Google Authenticator app on your phone.
