In an environment like the IT one, it takes very little to be robbed of access data to any service: just open the wrong email, a link to a modified page or receive a counterfeit message to get the attackers into our accounts. Furthermore, and this is now the most common case, if a site we have an account is hacked into, as it really happened with Linkedin, MySpace and Twitter and a password is found with our username above, the hackers or whoever finds it these lists (which are published on the internet) could try the same password on our other accounts . So if we use the same passwords in every account, these are all at risk and need to be changed.
If you've been reading this article and have n't changed your important passwords for a long time, it's worth taking 10 minutes and doing it right away to protect your important accounts .
READ ALSO -> Password theft on the internet: the 5 most used techniques
1) First of all, you can check if an account with email and password has been stolen, that is, if someone has managed to download the login data from a popular site, such as Linkedin, such as Facebook, Google, Yahoo (the most affected in these years) and so on. If our email ended up in these lists of compromised accounts, then any hacker can read it and use the extracted data to attempt access to other sites, using the same password and email, making all our other accounts at risk.
To do this check, you can use some online services that keep track of all the theft of data and the list of laundry accounts.
- BreachAlarm.com
A first check for your accounts can be made using the BreachAlarm.com website, available here -> BreachAlarm.com.
Enter the email address we usually use to access as many sites as possible (usually one is always used as username for everyone) in the my email address field and finally click Check Now .
A small window will open where we will be informed of the collection of information necessary for the operation of the site, accompanied by a CAPTCHA confirmation request; click on the square I'm not a robot and confirm with I Understand .
If our email address is compromised or has been compromised in the past, an alarm window will immediately appear which will also report the date of the last report regarding the data leak published by hackers.
The message is fairly generic and does not provide any additional information, but invites you to activate the free Watchdog alert service in order to quickly receive new reports regarding future compromised accounts.
The result will also be sent to you via email, so that you can consult it if necessary.
- Have I Been Pwned "> Have I Been Pwned?
Again, just enter the email address that we use for most of the online services in which we are registered and click on the button on the pwned side ">
In this case the site also shows the compromised sites, also providing an examination of the information that the hackers managed to recover following a data theft due to exploits, exploitable bugs or malware.
In addition to compromised accounts, it also shows information stolen and saved online in shareable text files (pastes), which can put the security of our accounts (present and future) even more at risk.
3) What to do in case of compromised account
First of all we repeat the test on both sites so that we can be sure of having been compromised in the past.
Then we follow the following steps to be able to increase the security level of all our accounts:
- We recover access to all the sites where we used the offending email
- We change the password to all the sites, starting from the main one of the email and passing through the e-commerce or home-banking sites (the most dangerous)
- We delete any access or association to browsers, PCs or devices (for accounts that allow access control such as Facebook and Google)
- If possible, we activate two-factor authentication, in particular for the most dangerous or hacked sites (social networks, home-banking and e-commerce)
- We regularly check whether the compromised email address has been entered in new incidents by the two sites reported (if a new data leak occurs at a later date after the application of the steps, repeat them all for greater security)
- We choose long passwords for sites (at least 12 alphanumeric characters, with symbols and upper case)
- We avoid using the same password for different sites, so as to reduce the hacker's access to multiple sites where we have the same password
- We avoid using public WiFi networks without a security tool like a VPN
All these precautions should be sufficient to prevent data loss incidents (which often have nothing to do with it, depending on the inability to keep servers up to date) from ending up damaging our accounts without us doing anything.
4) Change Password
Changing passwords for online accounts is technically very easy, as long as you remember your current password.
For many inexperienced people this is far from obvious, just think of those who buy a new mobile phone and create a new email address, Gmail for Android, Apple for iPhone or Microsoft for Windows Phone and forget it.
Fortunately, it is always possible to recover passwords and access to the most important sites, using recovery procedures that are based on an email address or telephone number.
In other articles we have seen the procedures for recovering a Google and Gmail account and solving access problems and for recovering accounts and passwords on Gmail, Outlook and Yahoo Mail.
It is also important to change your password on a virus-free and secure PC that is ours.
If in doubt, scan with Malwarebytes before making changes and use a web browser without toolbar extensions and external plugins.
If you are forced to change passwords from a PC not ours, write it using an anonymous browser session and use a virtual keyboard.
Cyber security, unfortunately, is one of those things that the more time passes, the worse the situation instead of improving.
Despite the great technological developments of recent years, security breaches are increasingly frequent and every month there is yet another alarm in the accounts on the accounts of the various online services.
5) How to generate secure passwords
The problem now is not so much the technical one of how to change passwords, but the one of which word to use to make it unassailable.
We have already addressed the problem in other articles, on how to choose secure passwords that are impossible to discover and on how to generate strong passwords .
The best trick, if you don't want to use a software or an app (see below point 5), is always to use passwords that are formed by the initials of the words of a sentence .
In this way you can make a password that is easy to remember, with letters that seem random and that do not form any dictionary word in any language.
For example, the phrase " today I write 3 articles about Google on Navigaweb " can form the password of my Google account, that is ossN3uacpdG
With the same logic, I can make the password for Facebook, Microsoft and other accounts, perhaps changing the final letter.
It will be very difficult to discover this type of password for a hacker.
In summary, the rules for creating unique and completely unpredictable passwords that can be defended against the most advanced cracking capabilities used by hackers are:
- Avoid predictable formulas
Never use common sense words, proper names, dates of birth, names of dogs or of cities or football teams or actors and not even trivially misspelled words such as, for example, Sup3r, with a number at the end, perhaps using the 0 instead of o and putting a capital letter at the beginning.
These previously effective tricks are now known to hackers.
Even writing a word backwards is not a good technique.
- Use a unique password for each site
Using a different password for each site limits the damage that can be done if / when there is a security breach.
Unfortunately, however, using a variant of the same password for each site, as in the way seen above, is still not optimal for security.
- Use random passwords generated by a program
A random password, made of 15 0 20 random characters, is the most secure password, practically impossible to remember, such as: gfETdç.ò3ve534ò5ge .
If we do not have enough imagination to generate a secure password for our accounts (compromised or not) we can help you with some free tools, so as to further reduce the possibility that a hacker can access our account.
The first free tool we recommend to use is KeePass, downloadable from here -> KeePass .
Let's install it on our PC, create a new database by choosing a master password and, in the window that will open, click on the Tools menu -> Generate password .
A new window will now open where you can choose all the features that our new password must have, in order to increase security.
As already mentioned, make sure that it is at least 12 characters long and that it contains an uppercase letter, a number and a special character (like @ € & $ ect.).
The generated passwords can also be saved in the KeePass database created so as to protect them and use them when necessary.
READ ALSO -> Programs and extensions to save passwords
Alternatively, we can use the LastPass service as an online password management program, accessible from here -> LastPass .
On the page, we click on the top Get LastPass Free and create our account, taking care to use as a master password a safe and difficult to guess combination.
Once the LastPass account has been created, we can install the dedicated extensions and apps, using the link here -> Download LastPass .
If we have used the extension, just log in with the LastPass account and use the Generate secure password item to immediately have a new hacker-proof password at hand.
6) Always use double check on important sites
Double verification is the mechanism whereby, to access an account, you must enter the password and then also a code that is generated by an app or received on the mobile phone.
Double password verification can be activated in the account settings of sites such as Facebook, Google, Microsoft, Apple, Paypal and many others.
READ ALSO: Protect website accounts so as not to lose possession of them
