Passwords, Password Managers & Data Breaches
From our newsletter: This week we’re focussing on a very important subject, and perhaps your first defence online – passwords.
How to choose a good password
Choose a password that no one will easily guess or hack. Don’t use a word or phrase of special importance to you like a birthday or family member. That’s the kind of information that can be discovered by someone doing a little digging. Make sure your password is long (at least 10 characters) and contains a mixture of upper and lower-case letters, numbers, and symbols. e.g. 5SpagHetTi?7
Even better, go one step further and…
Use a Password Manager
The best way to keep yourself protected online is to use strong, unique passwords for each login. That way, even if your data for one site is compromised, the others stay secure. If you use the same password for everything and it gets leaked, an attacker can get into all those accounts!
Here’s where tech can help you – take the difficulty out of remembering all these passwords, by using a Password Manager such as 1Password.
This handy tool works across your devices and stores all your passwords for you, protected by strong encryption and a single master password, which only you know.
For example, your password for your GOV.UK account could be ymAYZp8#&vuFaB-=4pHZ6vZv
I just generated this unique phrase from my password manager at the click of a button. It is 24 characters long, contains a mixture of lowercase letters, uppercase letters, digits and symbols, making it very secure. It’s also impossible for you to remember, but that doesn’t matter as the password manager software remembers this for you! When you want to login to access your account, just a click on your computer, or a tap on your phone and it automatically fills in your credentials for you.
You can also share passwords securely with your team by creating “vaults”. Members of your team can be given access to one or more of your vaults according to their role. No more post-it notes or storing passwords in documents!
1Password offer a free trial to get started, after then it’s only $3.99 a month per user for the “Teams” plan which we’d suggest is best for small businesses and well worth the low fee.
A “data breach” is an incident where data has been unintentionally exposed to the public. Unfortunately, large scale breaches of personal details (often including email addresses and passwords) are common.
GDPR regulations introduced a duty on all organisations to report personal data breaches to them within 72 hours of becoming aware of the breach, where feasible. They may also be fined up to €20 million, or up to 4% of their annual worldwide turnover, whichever is greater. However, breaches still happen often.
Recent high-profile examples include EasyJet (9 million customer records) and Marriott International (500 million customer records). Both these data breaches contained personal details of customers and details of travel that they had booked. Unfortunately, this makes it very easy for a scammer in possession of this data to try to scam customers out of money. See how an example attack might happen.
How to monitor if you have been the subject of a data breach
To find out if you have been affected by a data breach, you can enter your email addresses (both personal and work) into the haveibeenpwned.com website. This trusted site is run by Troy Hunt, a Microsoft Regional Director and collates data from public breaches to help inform users that their details have been compromised.
It is fairly likely that you will find that you have had your details breached. Having a unique password for each login (and using a password manager to help you with this) minimises the risk of your other accounts becoming compromised as a result of a data breach.
Make sure you enable notifications so that you get told ASAP when your email address shows up in a future data breach.
I hope you found this article useful. Accounts becoming compromised as a result of a data breach is sadly something we see often and will continue to rise. In our next newletter we’ll be looking at how adding Multi-Factor Authentication can help increase your security even further.