With all the data breaches, whether by intrusion or accident lately, it’s likely your information was exposed somehow to someone you didn’t intend. After all, the marketing company Exactis, exposed hundreds of traits on us in 350 million records. Yahoo let out email addresses and passwords on billions of people, and of course who can forget the massive breach of Equifax just last year that resulted in sensitive data being let go on nearly half the population of this country. There is a lot of information that gets leaked on us and the more the bad actors have on us, the more targeted their phishing campaigns can be. So, it is a good idea to just check and find out if your credentials or online accounts have been found on the dark web as a result of these or any number of data breaches to stay a tiny step ahead of the hackers.
While it normally isn’t recommended to use browser extensions or add-ons, there is one for Google Chrome that can check your passwords against the site HaveIBeenPwned. It’s called PassProtect. You can get it from the Chrome Web Store.
Firefox has something similar called Firefox Monitor, which should be available to all very soon. This is actually built into the browser, making it a bit more secure than Google’s version. It uses the same site to check for your credentials using various queries that keeps your information safe. Try updating your Firefox browser and it may already be included. If not, it will be soon.
You can also go directly to the website HaveIBeenPwned to see if your email address has been located as a result of various breaches.
It’s always wise to change your email password from time to time. Make sure to use strong ones and include special characters, upper and lowercase letters, as well as a number or two. In fact, each online account needs its own unique password. And yes, it’s getting a little overwhelming to remember them all, but it is really needed these days. Think about how many you’d have to change if you used the same one as what you used for your Yahoo email and it got stolen. Whew! That may take a while.
It is important to change them periodically too. Cybercriminals use a technique called a brute force attack using automated tools to pound on websites using credential sets to find out which ones work. They are very successful doing this. If they get one and you use it elsewhere, they have it for those accounts too.
There are ways to help you remember your passwords. You can keep a written list and tuck it away in a drawer that you keep locked when you’re not nearby. It’s pretty old-school, but it’s better than typing it and keeping it on your computer. You can type a list and use password clues rather than writing out your passwords. Still risky, but better than using the same password on multiple accounts.
You can use a password manager. However, heed cautionary advice with these. While they are getting better at protecting your passwords by strengthening their encryption and/or employing multi-factor authentication, there is still a risk that if a hacker gets into those companies’ networks, they can get all of your passwords.
Make changing your passwords a ritual, like switching out your smoke detector batteries on January 1 every year; only do it more often. That’s really a great way to protect your information and keep the hackers on their toes.