I am in touch with many people that need help when things go sideways. Many of them thought it would never happen to them. They have strong passwords that they keep safe and secret, keep their computers up to date, use the latest antivirus software but somehow it all comes apart for no real reason.
This is the same story that plays out over and over again. As we miss changes in the way we should approach our own cyber-hygiene we leave doors open to invite cyber criminals into our lives online with real world impact.
This is a true story about Geoff* who had lost access to his Netflix account. The outcome in this case was nowhere near as bad as it could have been but it illustrates how easy it is to lose control of your online services.
“Received several emails from Netflix stating the following:
New login. Location Antiguia, Colombia.
New login. Location New Taipei, Taiwan.
Then one more email stating my primary login email has been changed.
On calling Netflix they could see the changes and assured me no other data or payment details were accessed as I use PayPal.
Took a while to reset everything and needed to use an alternative email.
I use a common password across many logins. This has prompted me to explore password management software as a priority. I thought my password was complex enough with a combination of letters and random numbers but apparently not.”
What happened here is that Geoff missed one important recommendation that results in stories like this all the time with potentially devastating effects. Avoiding password reuse or recycling.
When you use the same password for multiple services you are creating a master key to your online world. Using the same password is like using the same key for your house, car, office safety deposit box etc. It is really convenient but if you lose that key you lose access to everything or even worse if someone get that key there is nothing stopping them from trying to unlock everything you own. You stand to lose everything that key unlocks.
Over the last few years like we all do, Geoff signed up to a few online services and used the same password between all of them and as we all know online services eventually lose control of some of their information. This information falls into the wrong hands and is gathered up into massive databases packed with millions of usernames, passwords, addresses, contact details etc. and then sold on to the black market.
When a hacker gets a hold of this information the first thing they do is try the username and password combinations on as many services they can find in the hope they can compromise something of value they can sell or exploit. In Geoff’s case it was his Netflix account that could have been sold off on the black market for a few cents to allow someone to access the streaming service for next to nothing.
The answer is to use unique passwords for each service but before you say that makes everything too hard due to all the passwords you need to remember. I have a tip that means you only have to remember 1 or 2 passwords. Ever. And you will be more secure than ever.
This is possible with password vaults.
These free or very affordable programs come in many variations but they all have the same basic principles.
- They keep your user names and passwords safe and encrypted away from prying eyes.
- They remember your user names and passwords for you.
- They automatically fill in most user names and password fields.
- They can generate incredibly strong passwords and even automatically update when you change a password..
- They can work on your PC, Mac, Android and iPhone.
- They can also be secured with 2 factor authentication which puts another layer of security on your valuable password vault.
For years I have used a password vault that has proven to be secure and convenient. I encourage you to at least take a look at Lastpass.com.
*Geoff is a real person with a family, a job and had a reasonable grasp on cybersecurity. A big thanks to Geoff for sharing his story.