Your Password will fail you. Here’s how you mitigate the damage.
Recently there has been a series of hacking attacks to several websites, and recently Tumblr released an update to their mobile app to address a security problem. Even if you follow their advice to update your password, the problems with most passwords is that they're insecure, and or they are used in a dangerous way.
Most people I've ever worked for or worked with keep very insecure passwords. But don't take it from me, check out the most used passwords for 2012. I often shake my head when someone gives me their password to work in their accounts. Their passwords are so weak! There are many ways of keeping your passwords safe and secure. But as attacks become more and more widespread, chances are that your password will be stolen or guessed at one point or another.
I recently had my Twitter account hacked and after investigating quite a bit, I still can't find how the perpetrators got a hold of my account. One more morning there were about 20 updates in Russian. I was alerted to this issue by a couple of friends in Twitter. Perhaps someone got a hold of my password, or maybe an account I granted permissions for in Twitter got hacked. For the record, I use passwords that are very "secure" with 12 - 20 characters using the full set of characters available, so I doubt that my Twitter passwords was guessed.
In any case I'm proud to say that this is the first successful hacking attempt at any of my online profiles or accounts. Ever. That's pretty good for someone that has been online for about 13 years I would say.
But obviously, nobody is exempt. You could be the target of the next attack, or simply be part of a database that will be stolen tomorrow. So how do you mitigate the damage, or at best prevent it from happening?
Use Lastpass. I've blogged about LastPass before, but I'll remind you what it is all about.
Lastpass is an easy to use, and free password manager application that works on any computer and with most web browsers. Its job is to give you a secure password whenever you need it and to save your username and password combinations for any website you use. Lastpass itself is highly encrypted and only your master password can unlock your account.
It is the best thing you can use to manage your passwords and keep unique passwords across all your accounts. Why use unique passwords? Most people use 2 - 5 passwords and they use them for all their accounts. This seems like a good idea, because you're using "different passwords right"? Wrong! Every user account should have its own password, unique from every other account. The reason is very simple in fact. Let's say you have six accounts; 2 bank accounts, 3 social media and a game you like to play online. If you share passwords between 3 accounts for example, a would be hacker only needs to break into one of your accounts to obtain the password.
The moment a hacker gets a hold of your password, you can be sure they're going to try that same password for all your known accounts, including email, instant messaging, banking, social media, etcetera. This is why you should always have unique passwords for every account. This seems like a daunting task, but if you use a good password manager then it should be very easy to achieve this goal.
Tumblr announced a security update to their software recently and they advised you to change your password. That's also a good idea, but if you had missed the announcement, you could rest assured that only one of your accounts would be compromised if your password got stolen by whatever means.
If you have a blog, social media profile, online bank account, instant messaging, even just a simple game. Use LastPass to access it. When you join a new website and create a new profile, use the lastpass password generator to create a random password that is strong. When you login, LastPass will ask if you want to save your username and password and you should.
Don't forget to keep the master password for LastPass really strong, and logout of the app, extension or website whenever you use it to minimize the risk of having your accounts hacked. Lastpass also has a security audit feature that gives you an overall grade on your accounts and helps you fix some of the most common problems.
I highly recommend this! If you aren't using a password manager already, you should and I strongly recommend you check out Lastpass. Set it up, use it. Just don't ever forget your master password.