It appears to me that data breaches are no longer an infrequent alarming event but rather, it has become a troubling trend in the digital world. If you are concerned about whether or not you password is strong enough or has appeared in a data breach here are some sources for you to check out to make your cyber-life a bit more secure. It is estimated that there are about 4,000 cyber attacks happening daily. Not all lead to data breaches but the volume of attacks means you need to stay vigilant. The internet is a scary place and you need to keep your head on a “virtual swivel” to keep yourself safe. For more reading on this by actual experts: https://www.sentinelone.com/cybersecurity-101/cybersecurity/cyber-security-statistics/
Check if your Email Address is in a Data Breach
For starters, see if your email has been a part of any data breaches. This isn’t the most alarming piece and there is nothing you can do about it but if you punch your email into here, you can find out with whom your email was a part of that was breached. It provides a GREAT timeline for you to see when and through whom.
Not a lot you can do about your email being out there. The best course of action is to go through those data breaches and change your password for those sites.
Passwords in Data Breaches
Data breaches hit more often than my inbox gets spam, the number is something like every 11 seconds. Hackers are out there speed-dating our data! To check if your password has been part of any data breaches and how my times it has been seen, you can check here:
https://haveibeenpwned.com/Passwords
Here you can enter your password and determine if it has been “pwned”. In this case “pwned” is a bad thing. If your password comes up here as being “pwned,” change it immediately.
I would recommend changing it even if it is a password you use internally, not on the scary internet but within your private network or on your personal computer or device. As inconvenient as it my be, you really need to change it.
I would also highly recommend you do not use the same password on different sites. Yes, it may be inconvenient to have to remember a different password per site but there are tricks I use for that. Another alternative would be to use a password manager. Personally and professionally, I use Bitwarden. I appreciate the web browser integration but use the standalone application quite often.
Password Security
Before you commit to a password, or if you want to audit your passwords, you can also check to see how long it would take to crack your password. Here is a great site for checking how secure your password is:
https://www.passwordmonster.com
Sometimes it’s just fun to see how long or short it will take to bruit force your password. Though, keep in mind, if your password was part of a data breach, the complexity of your password is now meaningless.
I’m going to go ahead and say that this password here should probably be changed. 11 days is probably a bit too short.
11 years is probably a bit better than 11 days and this can be achieved by adding symbols, numbers or changing case on the letters. For international character sets… you are probably doing to do quite well here.
Using a password generator from Bitwarden will provide you a password that does a great job of making it difficult to crack.
Using the password generator feature gives you a password that has a shot at being something remembered but not being just random symbols and numbers but something that can be remembered. In this case, Nutty-Cyclic6-Aftermost. It has symbols, numbers and mixed casing.
The result is a password that takes an impossibly long time to crack.
By that time, you will be dead, the computer system you are using will be dust and and the universe will have suffered its heat death. The argument here is that once quantum computing is a thing, that nothing is safe but until that point, to protect you from a bruit force attack, use a strong password.
Final Thoughts
Things to keep in mind. The Internet is not a safe place. You need to keep your data secure, strong passwords and regular auditing of your passwords or better yet, changing the passwords is a great way to ensure that your virtual assets are reasonably secured. Use a password manager like Bitwarden as a vault that not only keeps your passwords but also creates complex but also memorable passwords. Use Multi-Factor authentication wherever practical. That is another discussion but this will force a secondary form of authorization to make it more complex for hackers to gain access to systems.
Remember, of all the cyber attacking out there, the weakest link is you. Trust nothing. If an email or text message seems a little odd or too good to be true, ignore it, delete it or better yet, report the communication.
Your Email Provider
Most providers like Gmail, Outlook, or Yahoo have a “Report Phishing” or “Mark as Spam” button in their interface. For Gmail, it’s under the three-dot menu (“Report phishing”). Outlook has a similar option in the toolbar. This flags the email for their security teams to block similar attempts.
Your Workplace IT Team
If it’s a work email, forward it to your IT or cybersecurity team immediately. Many companies have internal reporting systems to track phishing targeting employees, as 68% of breaches involve human error like clicking phishing links.
Government Authorities
United States: Report to the Federal Trade Commission at reportfraud.ftc.gov or forward the email to spam@uce.gov (FTC’s spam database). For scams targeting personal data, file with the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov.
Canada: Use the Canadian Anti-Fraud Centre at antifraudcentre-centreantifraude.ca or email info@antifraudcentre.ca.
UK: Report to Action Fraud at actionfraud.police.uk or call 0300 123 2040.
Australia: Submit to Scamwatch@scamwatch.gov.au or via cyber.gov.au.
Anti-Phishing Organizations
Forward the email to the Anti-Phishing Working Group at reportphishing@apwg.org. This helps global security teams track and block malicious campaigns.
If It’s a Specific Brand Impersonation
If the email pretends to be from a company, like PayPal or Amazon, check their official website for a dedicated reporting address spoof@paypal.com or stop-spoofing@amazon.com.
If you have a tin-foil-hat wearing, paranoid friend to analyze a communication, you receive, ask for their analysis. The best thing you can do is to not click on any links from your email or even from text messages. There are other ways to gain control of a device besides just getting your passwords.
Bottom line: stay vigilant. The digital age has brought a lot of great new opportunities but has also provided a lot of avenues for bad people to do bad things. Keep your doors locked and your assets secured, physical or digital
Maybe, just turn it all off an go for a walk. It’s not like nature is going after to you too… or is it?
References
Bitwarden a Secure Password Manager on openSUSE
https://www.sentinelone.com/cybersecurity-101/cybersecurity/cyber-security-statistics/
https://haveibeenpwned.com
https://haveibeenpwned.com/Passwords
https://www.passwordmonster.com
Leave a Reply