Updated: Jan 13, 2021
Using the same password, or slight variations of it, over and over online is just not rational internet security behavior in this modern world. There, I said it. I see A LOT of people using the same passwords over and over and it leaves you wide open for hackers to break into your accounts and compromise your finances and your identity. Once any company’s customer database has been breached by hackers (which happens regularly now), the email addresses and associated passwords of that company's users are typically distributed and sold to cyber criminals. Here’s an article about how this illegal market operates.
Armed with one of these lists, a cyber criminal can use the email address and password combo from the compromised account to gain access to other accounts across the internet. They set up bots that attempt logins using your password and slight variations of it, and can often gain access to many of your other accounts.
You can see if your email address(es) have been involved in any breaches by typing each address into the search field on this site.
The site was set up by Troy Hunt, a renowned internet security specialist as a public service. Upon entering your email address, the site searches the database of all known internet breaches and will show you if your email address has been part of any of them. If it turns out you were, you should make sure to change the passwords for those accounts and be sure to never use those old passwords again.
If you want a real deep dive into internet security, the Motherboard Guide to Not Getting Hacked is a fantastically well researched piece that goes into much more detail.
But if you don't have the time to go deep into the weeds, here are two quick tips that you can enact today to improve your security:
Turn on Two Step Authentication (aka Two Step Verification) for any accounts that offer the option, most importantly online banking/ financial accounts, your Apple ID and your email account. Two Step Authentication will require an additional passcode to be entered when you or anyone else attempts to log into your account from a new device. The passcode is typically texted to you, but if you want to get more secure, it's advisable to set up an authentication app on your phone like Google Authenticator or a hardware key like the Yubikey. The text message authentications that a lot of us are used to are now seen as somewhat insecure because of the rising trend in SIM swapping.
Use a password manager to generate secure passwords and autofill them on your computer and phone. Using the complex, unique passwords that a password manager can create for each account will boost your security exponentially. Your iCloud account includes iCloud Keychain for free! It's an encrypted and highly secure password manager and if you regularly use Safari on your Mac and iPhone, it could be a perfect choice. Two other fantastic password managers are LastPass and 1Password.
You can read more about selecting the right password manager for your needs in this article.If you want to be a little more DIY, you might consider using the Pretty Good Password Generator to generate new passwords for all your accounts and then keep a list of these passwords in a locked iCloud Note. Of course, if upgrading your online security is too stressful or confusing to do alone, I can help! Drop me a line and we can arrange an appointment.