Thursday, March 23, 2017

Website to check for account hacks

I heard about this website yesterday while listening to a podcast.

It is a site that keeps track of some "major" data breaches from some major companies, and it will tell  you if your username or e-mail address has been hacked.

How to use the site:

It's a pretty simple site, to check if any of your accounts have been hacked.
(some websites give you a "username" some have you use an "e-mail address" as your username)

You just put your username in the box and click the button.

And then you get your results

If you are like me, you have a lot of different usernames and e-mail accounts that you have used throughout the years.

So, it is definitely a good idea to search for all your different usernames and e-mails.

What to do if they find a breach?

What this means is that your account information for that specific site (it lists all the sites that information was taken from) has been taken.  You should go to that account and change your password ASAP.

Where this could become a BIG PROBLEM is if you are a person who uses the same password for the majority of your accounts.  The hackers would now have your password for all the possible sites that you use that particular username/e-mail address with.

A word of caution

This website does not have a comprehensive listing of all the possible data breaches.  You could certainly get the "Good news - no pwnage found!" message, and some of your accounts could still have had a data breach.  It is just a tool to see that if some of the major/well known data breaches have reached any of your accounts.

Best Practices

  1. Use different passwords and credentials for every online account you have. (That way if there is a data breach it will only affect that one account.)
  2. The most effective passwords are random numbers, letters and symbols.
    1. Do NOT use your kids names
    2. Do NOT use your last name or Maiden name.
    3. Do NOT use anything that can be tracked to you, like your phone number, city, school attended, workplace, etc, etc...
    4. EXAMPLE:  g8xSy2Ji - would be an EXCELLENT password. It is completely random, and connects back to nothing.
  3. How to remember your passwords?
    1. I would recommend using a "password manager", such as LastPass.
      1. password manager is a software application or hardware that helps a user store and organize passwordsPassword managers usually store passwords encrypted, requiring the user to create a master password: a single, ideally very strong password which grants the user access to their entire password database.
      2. Here is an article on Password Managers, for more information
    2. If you don't want to use a Password Manager some ideas?
      1. Use a "base group" of random numbers letters  "g8xSy2Ji"
      2. Then, for each website make a Subtle Change...
        1. Examples:
        2. For Google:  g8xSy2JiG
        3. For Facebook:  g8xSy2JiF
        4. For Banking: Bg8xSy2Ji
        5. For Yahoo: Yg8xSy2Ji
  4. In addition... you should Change Your Passwords Every Year!  - just like the K12 data Center has us do with our K12 credentials.  I know it's a pain, but it's a good practice.
  5. Even if you follow ALL of these suggestions... it's possible that a hacker could cause a data breach of a site and steal your current data.  Which is why you should stay active in following the best practices.
I hope this doesn't scare anyone... it is meant to be informative, and hopefully serves as a reminder to stay vigilant in protecting your accounts and data!

No comments:

Post a Comment