News You Can Use
April 22 it was reported that Facebook recently realized they were accidentally storing hundreds of millions of Instagram users passwords, without any encryption, on an internal server for the past seven years. These passwords were accessible to over 20,000 Facebook employees. While there has fortunately been no identified misuse of the unencrypted Instagram passwords, if Facebook had been hacked within the past 7 years, the hacker would have had hundreds of millions of Instagram user login credentials at their fingertips. Security Boulevard’s 2018 poll of individuals around the world found that 59% of people use the same password for everything. While a hacker with an Instagram password may not be able to steal money or an identity with that information, there is a likely chance the user has the same password for many other accounts, such as their online banking, personal or work email, etc.
The fact that password security is in the news again, stresses the need for individuals to practice safe password habits.This is why it is incredibly important for users to practice safe password habits, such as creating unique passwords for every online account and updating those passwords periodically. This is especially important when working in the real estate industry and dealing with large sums of money on a daily basis. As much of a hassle it is to remember numerous passwords, update them, and then memorize the new passwords, it is really the simplest method for keeping your accounts secure from hackers or identity thieves.
One great example of hackers taking advantage of users reusing the same passwords is the recent “sextortion” email scam. Millions of people received an email that began with “I am aware that <user password> is your password”. The rest of the email proceeds by stating the sender has hacked the user’s computer recorded them while viewing inappropriate videos online with the computer’s webcam. The sender threatens to send the video to the user’s entire contact list unless a $1400 bitcoin ransom is paid within 24 hours. As of July 2018, the hackers have already made $50k from this scam.
This sextortion scam is tied to a LinkedIn breach from 2012 where over 100 million users’ passwords and private information was stolen. While the stolen information was used to scam users into sending money to the hackers, the stolen information has most likely been sold on the dark web to other hackers who plan to use the information for other scams and hack-tivities (i.e. identity theft).
91% of people are aware of the necessity for better password security, yet a majority of people prefer the convenience of a password they can remember over their account security.It is important to keep in mind, hackers are working 24/7 to compromise individual and corporate user accounts. Every time someone uses the same password for multiple accounts, they are making a hacker’s job easier and those accounts less secure.
Methods for Storing Passwords
There are a few methods that can help users create unique passwords and store them in a convenient method so they will not forget. My personal method is to hand write my passwords and login details in a password book (which looks a lot like an address book). This book can only be compromised if a hacker physically steals the book from me. For those who prefer a digital method for storing passwords,there are several applications that can be used, one of which that comes recommended is called “LastPass”.
LastPass is a free password vault and password generator. It uses multi-factor authentication,which means that in order to log in, your LastPass password is entered as the first form of authentication. Then, a second and maybe third measure is used, such as TouchID or FaceID, or a one-time code, that is texted to your cell phone or specified email address, must be entered to login. Once the user logs in, they can store their passwords within the application’s “vault”. The stored passwords are encrypted using a randomly generated key which is provided to the user; however is never shared with Lass Pass. This ensures the stored passwords are never accessible to Last Pass. Therefore, if Last Pass is ever hacked, the hackers will not be able to gain access to user passwords, as they do not have user’s encryption key.
In addition to Last Pass, PC Mag recommends Dashline, Keeper Password Manager and Digital Vault, and LogMeOnce have been reviewed as some of the best password management software of 2019. Click the button below to read further about how a weak password will get you hacked, along with 15 tips for better password security from McAfee Security's blog.