Today I would like to inform you of a recent security breach as well as help you to secure your online accounts. I wrote an article recently on the LinkedIn database leak and it’s become very obvious that this is becoming something that happens way too often. Recently (14th June 2016) the forum operated by the mobile game “Clash Of Kings” was attacked and compromised. The disturbing fact of this hack is that the hacker claims to have used basic tools to gain access because “The forum was running outdated software”. If this is true, then there should be serious sanctions in place for companies like these. Companies who make shed loads of cash need to ensure that your data is as safe as it can be.
How bad is the leak?
The leak contains user names and passwords for 1.6 Million users, so it’s pretty big. In my research and my professional experience, users are not taking enough steps to secure their accounts. I hate to point the finger but if you are using a bad password like 123456 then you will get compromised at some stage and may only realise when you do a credit check and find out that someone got a credit card using your details.
How do I make my accounts secure?
- Try not to use simple passwords i.e. something that can be easily guessed. If you have to use a word, substitute numbers for letters, use uppercase letters and insert at least 1 character Example: Th15_Is_A_sampl3
- You shouldn’t reuse your passwords. This advice is not very practical and I understand this but you can use weak passwords for sites where you don’t have any personal information stored like a gaming or parenting forum that you just use to ask questions on
- Don’t sign up using social media. I know it’s easier but I have never supported this feature. If your account is hacked, then the hackers could potentially gain backdoor access to your social media accounts and that can be the easiest way into your important data
- Use two-form factor authentication whenever possible. Mobile apps like Google authenticator are easy to use and add a step that will prevent you from being hacked. This should be used on ALL sites where you have personal info, like name, address, phone number, date of birth etc.
- Don’t give anyone else access to your accounts. If you gave someone the spare key to your house and they disappeared you would change the locks right? You are the ONLY person that should have access to your accounts. That is the only way you can be sure that your info is secure.
- Don’t write it down. Please stop writing your password on a post it and putting it under your keyboard or on your monitor.
- Shred your letters and don’t throw out anything that has your details on it unless it has been destroyed. Shredders are cheap and save space in your bin.
- Buy a good antivirus program. Free is fine but do not expect to be fully protected when using free antivirus software.
Password management software:
If you , like my wife (sorry Deb!), have a terrible time remembering passwords then you can use some password management software. I recently tried a product called Dashlane which looked and felt great. It got a little annoying as it popped up every time I put a password into a site but once its set up, it makes life very easy.The software is free for a single machine and if you want to share your passwords across devices there is a $20 fee annually. I think that is worth it to never have to remember a password again. You can get Dashlane HERE. Try it out and see what you think.
So you have installed Dashlane (or another similar product) and you want to secure your accounts. Depending on the amount of accounts you have, you could have this done in minutes so it will take too long is not an excuse here. Go to a random password generator site like THIS and change all, yes ALL of your passwords with ones that are randomly generated. Write them down temporarily and enter them into Dashlane. Once your in, burn the paper and wash it down the sink. You can retrieve your passwords from Dashlane very easily. To view them you simply enter your master password and you can view and copy the passwords so don’t worry about remembering them.
This is an argument, I have with clients on a regular basis.
Connor, you’re over the top when it comes to security.
Sure, writing down passwords, then burning them and putting them down the sink sounds ridiculous but do you know that when you put your recycling bin out on the street, people can and do go through your stuff? It sounds like rubbish (see what I did there?) but it happens every day and it is the easiest way to get into your life and cause some damage. I may be over the top with my security but that is only because as an IT professional, I see first hand the damage that can be done when someone gains access to your accounts. It can take days, weeks or months to gain access again and in some case there is no way to get back in so spend the time doing it now or pay someone (like me) a mountain of money to recover and secure it later.
If you want to check if your details are on a stored database, you can check our earlier post http://tekk.ie/have-you-been-hacked/
Please leave a comment in the comments section and if you have any questions, let me know and hopefully, I can help you.