Life today seems to involve an ever-increasing number of passwords and usernames for the various sites, accounts, and online places we all have reason or need to visit. It can be overwhelming to keep track of them all and change them at the recommended intervals – even if we do understand the reason for passwords.
Unfortunately, breaches and attacks are all too common these days. When your data is involved in a breach, it can be released on the dark web and other foul places on the internet. Bad actors will then try combinations of usernames (often an email address) and passwords from the site they breached on other sites and platforms.
For example, say you used the same password for LinkedIn and your personal email. If they accessed your login information from a LinkedIn breach, a bad actor could then log into your Yahoo or Gmail account and begin spamming emails using your account, tricking your family, friends and even strangers.
In this month's security awareness article, Information Technology reminds us of the importance of using unique passwords and usernames for each site we visit, and to change our passwords at regular intervals.
Using unique passwords across different sites makes it harder to hack your whole digital life. For the same reason, consider using unique usernames, rather than your email address, for important accounts like banking and credit cards. If you have trouble remembering all those usernames and passwords, many free and premium password managers like Dashlane and LastPass can help you keep track of your accounts across multiple devices.
For particularly important accounts, like a social account you use to log into many places or an email account that is tied to your bank accounts, try using two-factor authentication, when available. Two-factor authentication requires that you confirm your identity by using something you know (a password) and a second factor other than something you have or something you are. You can also establish a customer-specific personal identification number (PIN) to help secure online access. These features are available for most banking sites and free email providers like Gmail, Microsoft, and Yahoo.
Also, pick an interval of time at which you will change your passwords, and set a reminder on your calendar. Even once a year is better than never. Sometimes breach information is not published until years after the breach. If you have already changed your password, you have limited the damage. If you are lucky, you changed your password before anyone even bought it!
If you want to check if your account info is for sale, security researcher Troy Hunt has set up a website,haveibeenpwned.com, that allows you to enter emails and usernames and check whether they appear on data breach lists.
Using unique usernames and passwords are two ways to help protect yourself in this online world in which we live.