The dark web – the place where cyber-criminals conduct their business, anonymously. Part of the dark web holds the results of the compromises of many of the websites that you used or even still use today. This data can be names, date of births, addresses, booking information and at worst but highly likely credit card information and passwords. A regular dark web scan is recommended, and if you have received a dark web scan, and found your email addresses and regular passwords all over the report, you need to take action. Here are our recommendations on how to proceed from here.
The History of Passwords
Historically, everyone in the world used the same password for everything. Then we had to add a number, and we all added a 1. Then a symbol, and we all added a ! – in fact, this is exactly what happened: https://www.youtube.com/watch?v=aHaBH4LqGsI
Now however, with websites being hacked, and passwords put onto the dark web, it is a very bad idea.
- Make EVERY SINGLE PASSWORD different.
- If you store your passwords in Google Chrome, Google “Google password check” and this will take you through and check for passwords that have been leaked onto the dark web.
- Whenever you next login to ANY website, carry out a password reset on it just for safe measures, especially if it is one that you used elsewhere and/or hasn’t been changed for a while.
- Generate a password using https://passwordsgenerator.net/ and choose 16 characters and include characters. To repeat, MAKE EVERY SINGLE PASSWORD DIFFERENT.
- Use either www.1password.com or https://www.lastpass.com/ to store these. Because the passwords are long and impossible to remember, you will be able to login to their app with a fingerprint to copy and paste, but most apps will let you say the password on the app anyway. If you need to access from a desktop, the 1password or lastpass toolbar can help make that easier. Both of these have corporate settings where you can make sub accounts for your employees, to maintain control of your passwords should someone leave.
- Enable 2FA on as much as you can, and use the Google Authenticator to scan the QR code rather than SMS.
- If you use the Google toolbar, you should especially enable 2FA on you Google account, otherwise if someone gets that password they could install your Google toolbar and then login to everything.
- Especially enable 2FA on your email account. If someone can get into your email, then they can pretty much go onto anything that you have and reset the password, then go into your email and change the password, i.e. Asda.co.uk, password reset, which will send you an email to change your Asda password, which they have access to then do.
- When you add security questions to anything, for example you choose 3 and they are like “which city were you born?” put the answer an complete nonsense, for example put the name of your first pet as the city you were born. This is because a lot of scams will research these things first from say Facebook, and then when they try and get into something via the 3 answers, they won’t know them as the answers aren’t the actual fact… if that makes sense!
What? I will never remember those passwords!
This is the feedback we normally get when suggesting such long, random passwords. But this is the point, you as the owner cannot remember it, that means it is as secure as it possibly can be. The password website managers mentioned above both have mobile apps, that open with a finger print, and can copy and paste into your applications, and lets face it, most of your websites are saved in Google Password Manager or similar.
Many will believe that “it will never happen to me”. But if… or when it does, the results can be stressful, and often results in embarrassment, financial loss, or both. Hopefully this guide will help many on their way to password security.