Security researcher Troy Hunt recently discovered and revealed what is perhaps the largest cache of stolen emails and passwords in hacking history. Bundled together in a collection ominously called “Collection #1” are some 773 million emails, 21 million passwords, and over one billion unique combinations of the two, an 87 GB package of stolen credentials. The source of the data, or multiple sources, isn’t immediately evident.
You can check if your email or password was included in the enormous bounty by going to https://haveibeenpwned.com, which has been updated to include the new data. But whether or not you were caught in this breach, you should assume that you will be caught in one in the future. That doesn’t mean giving up on security, but it does mean treating your username-password combinations in a different way. Specifically, it means assuming they eventually will be stolen. And the best way to protect yourself in that scenario is to use a password manager so you can make sure, with relative ease, that every one of your passwords is long, complex, and, most importantly, unique.
If you’re unfamiliar, password managers such as 1Password or LastPass offer a simple service: They will store all your passwords (and help you generate new ones if need be) and then dole them out to whatever service you’re logging into through the use of browser add-ons and apps. They’re much like the password tools already built into your browser itself—the ones that ask you if you want to save your password for this site so you don’t have it enter it again. Password managers, however, were built for this specific purpose and include a suite of tools that let you access the same library of passwords across your devices. This cache of passwords is, of course, protected by a super-password of its own—one you clearly need to choose wisely.
Yes, this does pose a risk of its own – having your passwords all in the same place does mean they’re a target for hackers and the vault your passwords are stored in is not necessarily impenetrable. Over the years, LastPass—Wirecutter’s pick for the best manager – has fallen victim to hacks and vulnerabilities. Thanks to encryption and prompt fixes, however, there hasn’t been an avalanche of passwords released onto the internet. 1Password, meanwhile, was vulnerable to the recent “CloudBleed” hack, though encryption mitigated the damage there as well.
Cardinal sin of password management
Those problems may seem like a deal-breaker, but they’re not. The reality is that in your attempts to handle all those passwords yourself, you will commit the cardinal sin of reusing some. That is actually far more risky than using a password manager. If a single site that uses this password falls, every account that uses it is compromised. You’ll need to remember all the sites where you reused that password and then change them all. With a password manager, it’s easy to make all your passwords unique, impossible to memorize 30 character nightmares of numbers, text, and symbols that are never actually typed. LastPass even has a feature that will auto-change your passwords for supported sites. If the very worst should happen and your passwords are somehow exposed, your most crucial accounts are protected by two-factor authentication.
Adapted from an article on popularmechanics.com
Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, and much more. Give us a call for remote support or drop in to drop off.