Password security - A life after collection#1 - #5
One of the largest collections of account data, email addresses and passwords has appeared on the internet. What can you do and can you really defend yourself against such hacks?
The last two weeks were once again big news, a huge collection of leaked data emerged from the Darknet. The largest collection of data to date, also called Collection #1, has appeared. Many security experts believed there would be more to see from this collection, which came true almost a week later. With about 2.2 billion records, the collection is not small at all.
In today's article, we want to focus less on the subject itself, but how you should behave after such announcements and what you can do to minimize any possible damage.
~ Preparation ~
Before there is a data loss, you can already do a lot for your own safety. In this short summary our tips for you, what you can do for the first steps.
Basically, you can already provide the first security when assigning the account name. If you use a different name for each new account, you are already increasing the potential of your security. Even if you use the same password as with another account, the combination is new.
Unfortunately, this is not always the case, because an e-mail address is usually needed as an account information and not everyone wants to create their own e-mail for a new website. But what works, is to use a separate e-mail for sensitive data and to use a different e-mail for games or less important accounts. This unimportant email account can then be nicknamed so that this data is not personalized.
- Vary with the account names and try to use the same name, if possible, not too often.
- Devide in important and unimportant accounts work best with different mail accounts. Important accounts use your personalized information, payment information or contacts.
In most cases, many people repeatedly use their password for various services. In conjunction with the same account name, e.g. the email address, this potentially poses a risk. As soon as an attacker has come to your account data via a service, he could also log in to your other accounts.
Furthermore, the passwords should not be easy to guess. There are many ways in which you can generate a random or difficult password. A so-called password generator can be of great help to you, if you do not want to think up wild combinations yourself. In addition to numbers, you should also activate symbols and generate at least 15-digit passwords.
As a password should look exactly, you will find different opinions. But when you use uppercase and lowercase letters, numbers and special characters, you're definitely on the right side.
If you are not sure you can check your password, to determine how safe it is. We have linked to you a password checker.
- Do not use the same passwords again. Create a new one for each account, especially if you work with the same account name or e-mail address.
- Random, difficult to remember passwords minimize the risk. If you are not sure then check your password for its security.
If you have implemented the last point correctly, it will be very difficult to remember all the passwords correctly. The different accounts, with different passwords, can probably only be remembered by very few people on our planet.
In that case you should use a password manager. This secures your personal information, accounts and passwords reliably and in an encrypted form. All you have to remember is your master password to get back to your data.
Of course, with a password manager, rule number 2 also applies, the master password should definitely be very strong and secure.
- The best way to back up your data and passwords is to use a password manager, as this will encrypt your data and you will only need to remember one password in your life.
- Examples for password managers: LastPass, KeePass
If a service provider offers this option, you should also use it. It will never give you 100% protection against data loss or leak, but increases your security much more.
There are different models of authentication, such as SMS, e-mails or tokens. Each has advantages and disadvantages, as you can certainly imagine.
- If available, enable two-factor authentication to make your account more secure. The way is up to you and the provider.
~ After a leak/hack ~
If there was really a major data leak or if a service was hacked, there are several ways to restore your security and to avoid the risk of further data loss.
Not only your fault
Most of the time, you are not even guilty of losing your data. Web pages can already be made vulnerable by minor bugs or outdated plugins. And in many cases, the data thieves do not even come from the outside and sit in the company.
Therefore, with your preparation you can minimize the high risk and minimize the damage with the tips.
You can check the security of your emails and accounts at regular intervals by checking your details through various services. At least, after a loss or leak, you should do this so that you know in an emergency, which accounts are affected and which passwords need to be updated.
Below are a few pages where you can check your data:
- Identity Leak Checker - The site is operated by the Hasso-Plattner-Institute, where the data is constantly being updated.
- Have I Been Pwned - Also a large portal in the english speaking area through which you can check your data.
With the right preparation and reaction to the events, you are prepared for most situations and can react quickly to make the affected account safe again. We hope with our tips you feel a little bit safer on the internet again and you are thinking about protecting your data properly.