Passwords and HaveIBeenPwned


As a fun fact, you are orders of magnitude more likely to have your password stolen in a data breach than by a bad guy sniffing your traffic or breaking into your computer. As mentioned before, when people get hacked on the internet, they are incidental victims much more often than targeted. When a site is breached and the emails and passwords leak themselves onto the net, the next thing that happens is called password stuffing, where scripts will attempt to login to 1000s of sites using all of those email and password combos. If it works, you just lost your account. This means that reusing a password, no matter how "strong" it is, is only as secure as the least secure site that you use that password on. If they get breached, your password is out there on the internet, and if you used the same password for your email, you might be about to have a very bad day.

So before we tackle the problem of password reuse, it's time for you to check if any of your accounts have been found in a publicly available data breach. If they have and your password was compromised, you should start changing anything that shares a password before someone else does, no matter how long ago in the past the breach may have occurred.

Check out a badass website run by the good guys.

Don't freak out too hard if you find your accounts have been breached, it's normal these days, but it's time to take steps to secure yourself.

Password Manager

My first recommendation is to start using a password manager such as LastPass, Keepass, or 1Password. Even Apple and Google have built-in ones for your browser these days. If you haven't heard of them before, what password managers do is recommend randomized passwords to you when you sign up to a site, store the password, and then autofill the password for you when you are logging in to the site the next time. This is very helpful because the human brain can only remember so many passwords, which leads us to reuse passwords across different sites. The problem with this is that if you use the same password on all of your accounts if someone steals that password at one site, they now have the ability to log into any of your accounts. Password managers help you maintain track of a bunch of strong, unique passwords, which limits the most likely threat that you have online.

If you don't like trusting random internet people who tell you to download things in the first 5 minutes they know you, good call: I respect that. If you trust me, I recommend using LastPass. There's plenty of other great password managers out there, but I've been using this one forever and that is the main reason I recommend it. Convince your friends and family to use password managers. Again, I totally get if you don't want to do this now, just skip it. If you want to learn more about password managers, check this link out.

Last modified: Sunday, 20 June 2021, 8:18 AM