/>
  1. Home
  2. Posts
  3. Online Security
  4. Why You Should Always Use Unique Passwords

Have you received this email recently?

I­­ ­­a­­m­­ ­­w­­e­­l­­l­­ ­­a­­w­­a­­r­­e­­­­ ­­YOUR-PASSWORD-REVEALED-HERE ­­­­i­­s­­­­ ­­y­­o­­u­­r­­ ­­­­p­­a­­s­­s­­ ­­w­­o­­r­­d­­s­­­­.­­ ­­L­­e­­t­­s­­ ­­g­­e­­t­­ ­­­­s­­t­­r­­a­­i­­g­­h­­t­­ ­­t­­o­­­­ ­­­­­­­­p­­o­­i­­n­­t­­­­.­­ ­­­­T­­h­­e­­r­­e­­ ­­i­­s­­ ­­n­­o­­ ­­o­­n­­e­­ ­­w­­h­­o­­­­ ­­h­­a­­s­­ ­­­­c­­o­­m­­p­­e­­n­­s­­a­­t­­e­­d­­­­ ­­m­­e­­ ­­t­­o­­ ­­­­i­­n­­v­­e­­s­­t­­i­­g­­a­­t­­e­­­­­­ ­­a­­b­­o­­u­­t­­­­ ­­y­­o­­u­­.­­ ­­­­Y­­o­­u­­ ­­m­­a­­y­­ ­­n­­o­­t­­­­ ­­k­­n­­o­­w­­ ­­m­­e­­ ­­­­a­­n­­d­­ ­­y­­o­­u­­’­­r­­e­­­­ ­­­­m­­o­­s­­t­­ ­­l­­i­­k­­e­­l­­y­­­­ ­­­­w­­o­­n­­d­­e­­r­­i­­n­­g­­­­ ­­w­­h­­y­­ ­­­­y­­o­­u­­ ­­a­­r­­e­­­­ ­­g­­e­­t­­t­­i­­n­­g­­ ­­t­­h­­i­­s­­ ­­­­e­­ ­­m­­a­­i­­l­­­­?­­ ­­

i­­n­­ ­­f­­a­­c­­t­­­­,­­ ­­­­i­­­­ ­­­­i­­n­­s­­t­­a­­l­­l­­e­­d­­­­ ­­a­­ ­­­­m­­a­­l­­w­­a­­r­­e­­­­ ­­o­­n­­ ­­t­­h­­e­­ ­­­­x­­x­­x­­­­ ­­­­s­­t­­r­­e­­a­­m­­i­­n­­g­­­­ ­­(­­­­p­­o­­r­­n­­­­)­­ ­­­­w­­e­­b­­ ­­s­­i­­t­­e­­­­ ­­a­­n­­d­­ ­­­­t­­h­­e­­r­­e­­’­­s­­ ­­m­­o­­r­­e­­­­,­­ ­­y­­o­­u­­ ­­v­­i­­s­­i­­t­­e­­d­­ ­­­­t­­h­­i­­s­­ ­­w­­e­­b­­s­­i­­t­­e­­­­ ­­­­t­­o­­ ­­e­­x­­p­­e­­r­­i­­e­­n­­c­­e­­­­ ­­f­­u­­n­­ ­­(­­y­­o­­u­­ ­­k­­n­­o­­w­­ ­­w­­h­­a­­t­­ ­­i­­ ­­m­­e­­a­­n­­)­­.­­ ­­­­W­­h­­e­­n­­­­ ­­y­­o­­u­­ ­­w­­e­­r­­e­­ ­­­­v­­i­­e­­w­­i­­n­­g­­­­ ­­­­v­­i­­d­­e­­o­­ ­­c­­l­­i­­p­­s­­­­,­­ ­­y­­o­­u­­r­­ ­­­­i­­n­­t­­e­­r­­n­­e­­t­­ ­­b­­r­­o­­w­­s­­e­­r­­­­ ­­­­b­­e­­g­­a­­n­­­­ ­­­­w­­o­­r­­k­­i­­n­­g­­­­ ­­a­­s­­ ­­a­­ ­­­­R­­D­­P­­­­ ­­­­h­­a­­v­­i­­n­­g­­ ­­a­­­­ ­­­­k­­e­­y­­ ­­l­­o­­g­­g­­e­­r­­­­ ­­w­­h­­i­­c­­h­­ ­­­­p­­r­­o­­v­­i­­d­­e­­d­­ ­­m­­e­­­­ ­­­­a­­c­­c­­e­­s­­s­­­­ ­­t­­o­­ ­­y­­o­­u­­r­­ ­­­­d­­i­­s­­p­­l­­a­­y­­­­ ­­­­a­­n­­d­­­­ ­­­­w­­e­­b­­ ­­c­­a­­m­­e­­r­­a­­­­.­­ ­­­­R­­i­­g­­h­­t­­ ­­a­­f­­t­­e­­r­­­­ ­­t­­h­­a­­t­­,­­ ­­m­­y­­ ­­­­s­­o­­f­­t­­w­­a­­r­­e­­­­ ­­­­o­­b­­t­­a­­i­­n­­e­­d­­­­ ­­­­a­­l­­l­­ ­­o­­f­­ ­­y­­o­­u­­r­­­­ ­­c­­o­­n­­t­­a­­c­­t­­s­­ ­­f­­r­­o­­m­­ ­­y­­o­­u­­r­­ ­­M­­e­­s­­s­­e­­n­­g­­e­­r­­,­­ ­­­­s­­o­­c­­i­­a­­l­­ ­­n­­e­­t­­w­­o­­r­­k­­s­­­­,­­ ­­­­a­­n­­d­­­­ ­­­­e­­m­­a­­i­­l­­­­­­ ­­­­.­­ ­­­­a­­f­­t­­e­­r­­ ­­t­­h­­a­­t­­­­ ­­i­­ ­­­­c­­r­­e­­a­­t­­e­­d­­ ­­a­­­­ ­­­­d­­o­­u­­b­­l­­e­­-­­s­­c­­r­­e­­e­­n­­ ­­­­v­­i­­d­­e­­o­­.­­ ­­­­F­­i­­r­­s­­t­­­­ ­­p­­a­­r­­t­­ ­­­­d­­i­­s­­p­­l­­a­­y­­s­­­­ ­­t­­h­­e­­ ­­v­­i­­d­­e­­o­­ ­­y­­o­­u­­ ­­w­­e­­r­­e­­ ­­­­v­­i­­e­­w­­i­­n­­g­­­­ ­­(­­­­y­­o­­u­­ ­­h­­a­­v­­e­­ ­­a­­­­ ­­­­n­­i­­c­­e­­­­ ­­t­­a­­s­­t­­e­­ ­­­­l­­o­­l­­­­)­­,­­ ­­a­­n­­d­­ ­­­­n­­e­­x­­t­­­­ ­­p­­a­­r­­t­­ ­­­­d­­i­­s­­p­­l­­a­­y­­s­­­­ ­­t­­h­­e­­ ­­­­r­­e­­c­­o­­r­­d­­i­­n­­g­­­­ ­­o­­f­­ ­­y­­o­­u­­r­­ ­­­­c­­a­­m­­­­,­­ ­­­­y­­e­­a­­h­­­­ ­­­­i­­t­­s­­­­ ­­­­u­­­­.­­ ­­ ­­

Y­­o­­u­­ ­­a­­c­­t­­u­­a­­l­­l­­y­­ ­­h­­a­­v­­e­­­­ ­­­­a­­ ­­p­­a­­i­­r­­ ­­o­­f­­­­ ­­­­p­­o­­s­­s­­i­­b­­i­­l­­i­­t­­i­­e­­s­­­­.­­ ­­­­L­­e­­t­­s­­­­ ­­­­r­­e­­a­­d­­ ­­u­­p­­ ­­o­­n­­­­ ­­­­t­­h­­e­­s­­e­­­­ ­­­­c­­h­­o­­i­­c­­e­­s­­­­ ­­i­­n­­ ­­­­a­­s­­p­­e­­c­­t­­s­­­­:­­ ­­

1­­s­­t­­­­ ­­­­o­­p­­t­­i­­o­­n­­­­ ­­i­­s­­ ­­t­­o­­ ­­­­j­­u­­s­­t­­ ­­i­­g­­n­­o­­r­­e­­­­ ­­t­­h­­i­­s­­ ­­­­e­­ ­­m­­a­­i­­l­­­­.­­ ­­­­i­­n­­ ­­t­­h­­i­­s­­ ­­s­­c­­e­­n­­a­­r­­i­­o­­­­,­­ ­­­­i­­ ­­w­­i­­l­­l­­­­ ­­­­s­­e­­n­­d­­ ­­o­­u­­t­­­­ ­­­­y­­o­­u­­r­­­­ ­­­­v­­i­­d­­e­­o­­ ­­r­­e­­c­­o­­r­­d­­i­­n­­g­­­­ ­­t­­o­­ ­­­­j­­u­­s­­t­­ ­­a­­b­­o­­u­­t­­ ­­a­­l­­l­­ ­­o­­f­­­­ ­­y­­o­­u­­r­­ ­­­­p­­e­­r­­s­­o­­n­­a­­l­­ ­­c­­o­­n­­t­­a­­c­­t­­s­­­­ ­­­­a­­n­­d­­ ­­t­­h­­e­­n­­­­ ­­­­i­­m­­a­­g­­i­­n­­e­­­­ ­­­­c­­o­­n­­c­­e­­r­­n­­i­­n­­g­­­­ ­­t­­h­­e­­ ­­­­s­­h­­a­­m­­e­­­­ ­­­­t­­h­­a­­t­­ ­­y­­o­­u­­ ­­r­­e­­c­­e­­i­­v­­e­­­­.­­ ­­­­N­­o­­t­­ ­­t­­o­­ ­­f­­o­­r­­g­­e­­t­­­­ ­­­­i­­n­­ ­­c­­a­­s­­e­­ ­­y­­o­­u­­ ­­a­­r­­e­­­­ ­­i­­n­­ ­­­­a­­n­­ ­­i­­n­­t­­i­­m­­a­­t­­e­­ ­­r­­e­­l­­a­­t­­i­­o­­n­­s­­h­­i­­p­­­­,­­ ­­­­h­­o­­w­­­­ ­­­­i­­t­­ ­­w­­i­­l­­l­­­­ ­­a­­f­­f­­e­­c­­t­­?­­ ­­

2­­n­­d­­­­ ­­­­o­­p­­t­­i­­o­­n­­­­ ­­­­i­­s­­ ­­t­­o­­­­ ­­­­g­­i­­v­­e­­­­ ­­m­­e­­ ­­­­$­­­­9­­­­9­­­­­­9­­­­.­­ ­­­­L­­e­­t­­ ­­u­­s­­­­ ­­­­n­­a­­m­­e­­ ­­i­­t­­ ­­a­­s­­­­ ­­a­­ ­­d­­o­­n­­a­­t­­i­­o­­n­­.­­ ­­­­i­­n­­ ­­t­­h­­i­­s­­ ­­c­­a­­s­­e­­­­,­­ ­­­­i­­ ­­w­­i­­l­­l­­­­ ­­­­w­­i­­t­­h­­o­­u­­t­­ ­­d­­e­­l­­a­­y­­­­ ­­­­e­­l­­i­­m­­i­­n­­a­­t­­e­­­­ ­­y­­o­­u­­r­­ ­­­­v­­i­­d­­e­­o­­ ­­f­­o­­o­­t­­a­­g­­e­­­­.­­ ­­­­Y­­o­­u­­ ­­c­­a­­n­­­­ ­­­­c­­a­­r­­r­­y­­ ­­o­­n­­­­ ­­­­y­­o­­u­­r­­ ­­d­­a­­i­­l­­y­­ ­­l­­i­­f­­e­­­­ ­­l­­i­­k­­e­­ ­­t­­h­­i­­s­­ ­­n­­e­­v­­e­­r­­ ­­­­h­­a­­p­­p­­e­­n­­e­­d­­­­ ­­a­­n­­d­­ ­­y­­o­­u­­ ­­­­n­­e­­v­­e­­r­­ ­­w­­i­­l­­l­­­­ ­­h­­e­­a­­r­­ ­­b­­a­­c­­k­­ ­­a­­g­­a­­i­­n­­ ­­f­­r­­o­­m­­ ­­m­­e­­.­­ ­­

Y­­o­­u­­’­­l­­l­­ ­­m­­a­­k­­e­­­­ ­­t­­h­­e­­ ­­p­­a­­y­­m­­e­­n­­t­­ ­­­­v­­i­­a­­­­ ­­B­­i­­t­­c­­o­­i­­n­­ ­­(­­­­i­­f­­ ­­y­­o­­u­­ ­­d­­o­­n­­’­­t­­­­ ­­k­­n­­o­­w­­ ­­t­­h­­i­­s­­,­­ ­­s­­e­­a­­r­­c­­h­­­­ ­­f­­o­­r­­­­ ­­’­­h­­o­­w­­ ­­t­­o­­ ­­b­­u­­y­­ ­­b­­i­­t­­c­­o­­i­­n­­’­­ ­­i­­n­­ ­­­­G­­o­­o­­g­­l­­e­­ ­­s­­e­­a­­r­­c­­h­­ ­­e­­n­­g­­i­­n­­e­­­­)­­.­­ ­­ ­­

B­­T­­C­­ ­­a­­d­­d­­r­­e­­s­­s­­­­­­:­­ 

1nY7QVUBd5si4eLpxmboa9cnWetcFP3VE 

[­­­­C­­a­­S­­e­­­­­­-­­­­­­S­­e­­N­­S­­i­­T­­i­­V­­e­­­­­­­­ ­­c­­o­­p­­y­­ ­­­­&­­­­ ­­p­­a­­s­­t­­e­­ ­­i­­t­­]­­ ­­

i­­f­­ ­­y­­o­­u­­ ­­m­­a­­y­­ ­­b­­e­­­­ ­­­­l­­o­­o­­k­­i­­n­­g­­ ­­a­­t­­­­ ­­g­­o­­i­­n­­g­­ ­­t­­o­­ ­­t­­h­­e­­ ­­­­l­­a­­w­­ ­­e­­n­­f­­o­­r­­c­­e­­m­­e­­n­­t­­ ­­o­­f­­f­­i­­c­­i­­a­­l­­s­­­­,­­ ­­­­l­­o­­o­­k­­­­,­­ ­­t­­h­­i­­s­­ ­­­­e­­m­­a­­i­­l­­ ­­m­­e­­s­­s­­a­­g­­e­­­­ ­­­­c­­a­­n­­n­­o­­t­­ ­­b­­e­­­­ ­­t­­r­­a­­c­­e­­d­­ ­­b­­a­­c­­k­­ ­­t­­o­­ ­­m­­e­­.­­ ­­I­­ ­­h­­a­­v­­e­­ ­­­­c­­o­­v­­e­­r­­e­­d­­­­ ­­m­­y­­ ­­­­m­­o­­v­­e­­s­­­­.­­ ­­­­i­­ ­­a­­m­­ ­­j­­u­­s­­t­­­­ ­­n­­o­­t­­ ­­­­a­­t­­t­­e­­m­­p­­t­­i­­n­­g­­ ­­t­­o­­­­ ­­­­a­­s­­k­­ ­­y­­o­­u­­ ­­f­­o­­r­­ ­­m­­o­­n­­e­­y­­­­ ­­­­a­­ ­­w­­h­­o­­l­­e­­ ­­l­­o­­t­­­­,­­ ­­i­­ ­­­­w­­o­­u­­l­­d­­ ­­l­­i­­k­­e­­ ­­t­­o­­­­ ­­b­­e­­ ­­­­p­­a­­i­­d­­­­.­­ ­­­­­­Y­­o­­u­­ ­­n­­o­­w­­ ­­h­­a­­v­­e­­­­ ­­­­4­­8­­ ­­h­­o­­u­­r­­s­­­­ ­­­­t­­o­­­­ ­­­­p­­a­­y­­­­.­­ ­­­­i­­’­­v­­e­­ ­­a­­­­ ­­­­s­­p­­e­­c­­i­­f­­i­­c­­­­ ­­p­­i­­x­­e­­l­­ ­­­­w­­i­­t­­h­­i­­n­­ ­­t­­h­­i­­s­­­­ ­­­­m­­a­­i­­l­­­­,­­ ­­a­­n­­d­­ ­­­­n­­o­­w­­­­ ­­i­­ ­­k­­n­­o­­w­­ ­­t­­h­­a­­t­­ ­­y­­o­­u­­ ­­h­­a­­v­­e­­ ­­­­r­­e­­a­­d­­ ­­t­­h­­r­­o­­u­­g­­h­­­­ ­­t­­h­­i­­s­­ ­­­­e­­-­­m­­a­­i­­l­­­­.­­­­ ­­i­­f­­ ­­i­­ ­­­­d­­o­­n­­’­­t­­­­ ­­­­g­­e­­t­­ ­­t­­h­­e­­­­ ­­B­­i­­t­­C­­o­­i­­n­­s­­,­­ ­­i­­ ­­­­w­­i­­l­­l­­ ­­d­­e­­f­­i­­n­­i­­t­­e­­l­­y­­­­ s­­e­­n­­d­­­­ ­­y­­o­­u­­r­­ ­­­­v­­i­­d­­e­­o­­ ­­r­­e­­c­­o­­r­­d­­i­­n­­g­­­­ ­­t­­o­­ ­­a­­l­­l­­ ­­o­­f­­ ­­y­­o­­u­­r­­ ­­c­­o­­n­­t­­a­­c­­t­­s­­ ­­i­­n­­c­­l­­u­­d­­i­­n­­g­­ ­­­­f­­a­­m­­i­­l­­y­­ ­­m­­e­­m­­b­­e­­r­­s­­­­,­­ ­­­­c­­o­­w­­o­­r­­k­­e­­r­­s­­­­,­­ ­­­­a­­n­­d­­ ­­s­­o­­ ­­f­­o­­r­­t­­h­­­­.­­ ­­­­N­­e­­v­­e­­r­­t­­h­­e­­l­­e­­s­­s­­­­,­­ ­­i­­f­­ ­­i­­ ­­­­r­­e­­c­­e­­i­­v­­e­­ ­­t­­h­­e­­ ­­p­­a­­y­­m­­e­­n­­t­­­­,­­ ­­­­i­­’­­l­­l­­­­ ­­­­d­­e­­s­­t­­r­­o­­y­­­­ ­­t­­h­­e­­ ­­­­v­­i­­d­­e­­o­­­­ ­­­­i­­m­­m­­e­­d­­i­­a­­t­­e­­l­­y­­­­.­­ ­­­­­­i­­t­­’­­s­­ ­­a­­­­ ­­n­­o­­n­­­­­­n­­e­­g­­o­­t­­i­­a­­b­­l­­e­­ ­­o­­f­­f­­e­­r­­­­­­ ­­­­a­­n­­d­­ ­­t­­h­­u­­s­­­­ ­­­­p­­l­­e­­a­­s­­e­­ ­­d­­o­­n­­’­­t­­­­ ­­w­­a­­s­­t­­e­­ ­­­­m­­y­­ ­­p­­e­­r­­s­­o­­n­­a­­l­­­­ ­­t­­i­­m­­e­­ ­­­­&­­­­ ­­y­­o­­u­­r­­s­­ ­­b­­y­­ ­­­­r­­e­­s­­p­­o­­n­­d­­i­­n­­g­­­­ ­­t­­o­­ ­­t­­h­­i­­s­­ ­­­­m­­a­­i­­l­­­­.­­ ­­i­­f­­ ­­y­­o­­u­­ ­­­­r­­e­­a­­l­­l­­y­­ ­­w­­a­­n­­t­­­­ ­­­­p­­r­­o­­o­­f­­­­,­­ ­­r­­e­­p­­l­­y­­ ­­­­w­­i­­t­­h­­­­ ­­­­Y­­e­­a­­h­­­­­­­­ ­­­­t­­h­­e­­n­­­­ ­­i­­ ­­­­w­­i­­l­­l­­­­ ­­­­s­­e­­n­­d­­ ­­o­­u­­t­­­­ ­­y­­o­­u­­r­­ ­­­­v­­i­­d­­e­­o­­ ­­r­­e­­c­­o­­r­­d­­i­­n­­g­­­­ ­­t­­o­­ ­­y­­o­­u­­r­­ ­­­­1­­0­­­­ ­­­­f­­r­­i­­e­­n­­d­­s­­­­.­­ ­­

If you have, please don’t take it seriously …

This email is just another in a growing list of extortion attempts centred around revealing a password you have used somewhere in the past.  Maybe it’s one of your favourite passwords which you use across lots of different websites?

The gist of the email is that somebody has hacked into your computer and used your webcam to capture compromising footage. If you don’t pay them a ransom, they’re going to send this footage out to your contacts …

The proof they are presenting? The smoking gun which proves beyond doubt that they are to be taken seriously?

They know one of your passwords.

That’s a worry and rightly so. But is the premise of the email to be given any credibility? No, it’s nonsense. You can safely ignore this email for the spam that it is.

However, one important question still remains to be answered …

How did they get my password? Have I been hacked?

Nope.

You haven’t been hacked.

Your email address and password have been exposed during a data breach – which is another way of saying some company or institution you hold an account with have been hacked.

It happens more often than you may realise …

Have you ever :-

  • Booked online to stay at a Marriott Hotel?
  • Researched your genealogy on Ancestry.com?
  • Had your Internet provided by AOL or TalkTalk?
  • Booked a ride in an Uber?
  • Had a Yahoo email address?

If the answer to any of these is yes, the email address and password you used with them may have been compromised. The companies above have all been hacked in recent years.

It’s not just those companies either.

According to ComputerWeekly.com – the personal information of more than a billion people was compromised in 2018 as companies holding the data failed to keep it safe.

How can I check if my details have been compromised?

If you’ve received the email at the start of this article (or a similar one) and it reveals a password which you recognise, then they definitely have 🙁

Microsoft MVP (Most Valuable Professional) & online security expert, Troy Hunt, has built a website, https://haveibeenpwned.com, where you can check if your email address and password are known to have been exposed in publicly available lists of compromised accounts.

Despite it’s odd sounding name (pwned is Internet speak for ‘owned’), it’s a legitimate website. In Troy’s own words …

“I created ‘Have I Been Pwned’ as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.”

Think of it as a search engine – where you search your email address against a database of known breaches. At the time of writing, the database contains nearly 7 billion email addresses from around 334 known hacked websites.

I encourage you to visit his site and enter your email address – it’s safe and the results may make for interesting reading.

https://haveibeenpwned.com

Have you been pwned?

I’m going to assume you’ve discovered that some of your login credentials have been compromised – which unfortunately means they may be circulating the interweb.

If you’ve used any of the sites identified since they were hacked, its likely that you’ve already changed the password on those sites – they should have forced you to do so.

If you haven’t accessed those sites in a long time and you no longer need them, you might want to consider closing them down. This will limit your exposure should they be compromised again in the future.

Have you re-used those credentials on other websites?

I did a search on one of my email addresses and discovered breaches of Bin Weevils, Dropbox, LinkedIn, Last.FM, CD Projekt Red (creators of The Witcher game series), Exactis, Forbes & MyFitnessPal.

LinkedIn is the only one of those which I still use, truth be told, I’d forgotten about the others.

Like many folks, I’ve got an old document of accounts and passwords I’ve held over the years.

Searching that document, I was able to determine which passwords I’d used on some of those breached sites. I then checked for other accounts where I’d used the same password and went about changing them, or closing them down (my kids used to love Bin Weevils many moons ago but they’d never use it now).

Imagine my surprise when I logged into Rockstar Games Social Club (another one I’d forgotten about and not used for many years) & discovered that somebody was using my Rockstar Games account to play Grand Theft Auto …

Shortly after removing their game data and changing my password, I received an email from the perpetrator in Russian which I ran through Google Translate. It was something along the lines of “You’ve made a terrible mistake and you will pay the consequences”. Charming …

Had I not re-used that password across a number of gaming sites I used to use, it’s likely that would never have happened. I probably opened some of these accounts 10 years ago and didn’t think too much about the passwords I used back then. I do now, but I’d forgotten about those accounts.

We all make mistakes.

Is it possible some shady character’s using one of your old accounts?

Fair enough, somebody playing my copy of Grand Theft Auto is no big deal, no harm done – but it hopefully illustrates a point …

The big problem with password re-use

You’ve probably been advised plenty of times not to re-use passwords across different websites. Have you ever stopped to consider why?

Credential Stuffing attacks happen when somebody (or more likely some script or software they have created) attempts to gain access to a site using an email and password combination exposed from a breach of a different site.

Working from massive lists of breached email addresses and passwords, hackers can automate logins across many different websites and see which sites let them in.

If you’re re-using passwords, this could leave your other accounts open to exposure too. Hackers are counting on you having a favourite password which you’ve used across multiple websites.

It’s human nature. Passwords can be difficult to remember – so folks have a favourite one they use everywhere.

So with this in mind …

If the password you use on Ancestry.com is the same password you use on Amazon or eBay, you’re leaving the door open for intruders should Ancestry.com ever get breached. Which, as I mentioned earlier, they have – in November 2015 – some 300,000 accounts were compromised and the data subsequently dumped publicly on the Internet.

Take a look at one of Troy’s videos below to see what he has to say on password re-use …

Meet your new friend – the password manager …

Password managers work together with your favourite web browser (Chrome, IE, Edge, Firefox etc). They generate very strong, unique passwords and then store them away in a secure encrypted “vault”, protected by a single master password.

Each time you visit a site you have stored in your vault, the password manager will automatically enter these login credentials for you.

You don’t even need to know those passwords, so you can let it generate random ones for you.

Using LastPass as an example, here’s a few random passwords I just had it generate …

aQFqdeGQodl0 – 7wQQYACiAA2U – atg3bcFuc16j

Effortlessly strong, unique passwords that I don’t even have to remember – which is just as well as I don’t think I could …

These passwords will sync between any of the devices you are using the password manager on – PC, laptop, phone, tablet. No problem.

There’s a question that might be running through your head …

If there’s only one password safe-guarding all my other passwords, isn’t that dangerous?

Providing you choose a strong, unique password to guard them all, it’s still better than the alternative of re-using weak & memorable passwords.

Password managers don’t have to be perfect, they just have to be better than not having one …

“Your brain is a very bad password manager. It’s incapable of storing more than a couple of genuinely random strings of reasonable length (apologies if you’re a savant and I’ve unfairly characterised you in with the rest of our weak human brains). That leads to compromises. If you’re one of these people who says “I’ve got a formula that always gives me unique passwords that are strong”, no you don’t, they probably aren’t and no they’re not. You’re making concessions on what we empirically know is best practice and you’re kidding yourself into thinking you aren’t … the only secure password is the one you can’t remember.”

Troy Hunt

 

If you’d like a little more information on password managers, here’s a useful article from the guys at HowToGeek – https://www.howtogeek.com/141500/why-you-should-use-a-password-manager-and-how-to-get-started/

Closing thoughts

The purpose of this article is to inform our customers of a widespread issue which they may not be aware of.

We’ve been asked by some of our customers about these recent spam emails, believing their personal computers may have been compromised as it appears somebody knows their password.

This article should put your mind at rest that your computer hasn’t been hacked and the claims made in these emails are fantasy. Hopefully it’s also raised awareness of issues with password re-use and some steps you can take to secure your accounts and manage your passwords better.

You will be doing something about those passwords won’t you? Promise?

Disclaimer. I acknowledge all references to any trade marks or copyrighted materials contained within this article as belonging to their respective owners. I have no affiliation with Troy Hunt or Have I Been Pwned and in no way claim that I have. I am sharing Troy’s work as I think he’s doing a great job in educating people on internet security and wanted to help share his message. Quotations provided in this article have been linked back to their source.

Have you found this article useful?

If you found this article useful, please consider sharing it with your friends using the share buttons on the left. You could also raise awareness in your local community by sharing this post on Nextdoor.

As ever, if you would like our help with any of your computer related problems, installations, repairs or support, please get in touch. We're here to help!