“I changed my password everywhere to ‘incorrect.’ That way when I forget it, it always reminds me, ‘your password is incorrect.’” As funny as this is, people actually come up with equally ineffective passwords that are amongst the most used and easily guessed like “password”, “123456”, or “Star Wars.”
To make matters worse, they use the same login credentials across all their online accounts. What happens when someone uses the same password and email for everything online? Mark Zuckerberg is a great example. He used “dadada” and the same email across several social media accounts and they were briefly taken over. Luckily he was smarter with his company’s accounts and more sensitive sites.
It’s theorized that hackers gained access to Zuckerberg’s account via LinkedIn’s security breach that revealed 117 million unsalted logins from 2012. The real lesson is that no tech company is above reproach in these situations. Myspace, Tumbler and an agonizing list of other major sites have had leaks or will have leaks.
Here are some simple ways to thwart attacks or compartmentalize these holes in security to protect yourself:
- Check to see if your email was involved in a leak and get alerted of future leaks involving your email via haveibeenpwned.com so you can quickly change your password.
- Change your passwords once a year.
- Use different email addresses and strong passwords for all your accounts.
- Enable two-factor authentication where possible.
You can find out more about security strategies and simple online safety tactics by reading my series on how to protect your domains and other sensitive data where I explore the dangers and solutions to malicious applications, using unsecured connections, and plain bold social engineering.
If you have a cautionary tale about one of your accounts being hacked, and the controversy or hassle that ensued, please share it in the comments!