Passwords and NOT Being Hacked
Over the past few weeks I have taken the time (and you do need to take time) to spring clean my online footprint as far as I can - here's what I did.
First of all I changed my main Google passwords - I have 2 accounts, a work one and a personal one (which feeds in my "spam" account, you know the one you use to sign up for shit you're not sure you'll ever actually use, the one that if all hell was unleashed upon it you'd merely delete it and create a new one, you have one of those, of course). Whilst my personal account's password changes fairly regularly as that's where the stuff I care about is saved (photos and contacts) my work one has been languishing with a strong but very old password - eek.
Changing a password is weird - you do it easily enough but then there's a good week or so of having to retrain muscle memory when using it. I discovered there are two memories though, the laptop keyboard memory and the phone memory - keep plugging away and you'll get there, yesterday was my day I noticed I "had it".
I suggest you use a passphrase as the basis of your password, "Is That Your Monocle Mr Jones" becomes something like &1TYmMJ76!. Remembering what's uppercase, what's a number and how many damned punctuation characters you used is fun at first but at least you've got some clue.
Ok, so main passwords changed AND unique - please don't reuse passwords.
Then there's aaaaallllll the services you've signed up to, from Twitter through your bank to ride sharing and oh so many more. Go change them all - I know, I know, it takes time so don't attempt to do it in one sitting, just quietly work your way through them.
First of all I changed my main Google passwords - I have 2 accounts, a work one and a personal one (which feeds in my "spam" account, you know the one you use to sign up for shit you're not sure you'll ever actually use, the one that if all hell was unleashed upon it you'd merely delete it and create a new one, you have one of those, of course). Whilst my personal account's password changes fairly regularly as that's where the stuff I care about is saved (photos and contacts) my work one has been languishing with a strong but very old password - eek.
Changing a password is weird - you do it easily enough but then there's a good week or so of having to retrain muscle memory when using it. I discovered there are two memories though, the laptop keyboard memory and the phone memory - keep plugging away and you'll get there, yesterday was my day I noticed I "had it".
I suggest you use a passphrase as the basis of your password, "Is That Your Monocle Mr Jones" becomes something like &1TYmMJ76!. Remembering what's uppercase, what's a number and how many damned punctuation characters you used is fun at first but at least you've got some clue.
Ok, so main passwords changed AND unique - please don't reuse passwords.
Then there's aaaaallllll the services you've signed up to, from Twitter through your bank to ride sharing and oh so many more. Go change them all - I know, I know, it takes time so don't attempt to do it in one sitting, just quietly work your way through them.
- Remember a service you're signed up to
- Ask yourself, "Do I still need this now?" - if not, DELETE the account*
- If yes then login, change your password using a STRONG password
I use a central store for all my passwords and it suggests a string of gobbledygook for new passwords that I use every time. - Go back to '1'
I also did a Gmail search for such phrases as, "account created", "password reset", and "welcome to" - my god there were a tonne of things I'd signed up for over the past decade or two that I had no recollection of. With these I either deleted the account* or, when I went to the site, it was gone anyway - I wonder who had away with all those juicy user details.
All of this took time, a serious amount of hours, that I spread over a week or so but once it was done I felt lighter and slightly less vulnerable - I don't know if that's an actual or just the feeling, time will tell.
I use the Google's Password Manager, others are LastPass, 1Password and more. Choose one you trust and integrates with the places you need it and USE IT!
With Google's service I also get to:
- Add Password Alert Chrome/ium extension.
"If you enter your Gmail or Google for Work password into anywhere other than accounts.google.com, you’ll receive an alert, so you can change your password if needed." - Proactively check the security of passwords saved to find out if they were compromised, see how strong they are and if I've used any more than once.
I don't know if other services do this, I hope so.
To make the computers do some of the work for me I use the Password Checkup Chrome/ium extension - "Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert."
Good luck with your password spring cleaning and let me know how it goes.
* A quick word on "deleting an account", this is an adventure fraught with dragons from The Suspension Beast (famously Facebook's approach), via The ContactUs Ogre (yes, you are an Ogre Trade Me), and most distressing of all, A HideButNotDelete Demon, I'm looking at you Patreon. My advice do a search for "delete XXX account" as you are not alone on this path and much advice is out there.
Comments
Post a Comment