Today is National Password Day! Take some time to evaluate your password schemes and savviness with some tips from ITS.
Have I Been Pwned
Each year, ITS plays host to student-tour groups and responds to invitations to attend career fairs and guest speaker events. One of our favorite things to share is the “Have I Been Pwned” website.
On this site, users are able to enter their email address and see if their email address has been included in any website hacks/breaches. If the site indicator turns red, this means that your email address and other associated data was/is vulnerable. It may have been a widely publicized hack, like the Target breach in 2013, or something much smaller and off the radar. At any rate, it helps us drive home our point to students: password safety matters.
If you try your addresses on the site and discover that you were part of a breach or paste, what should you do?
- Check the small details – what information was posted about you? Was it demographic information like your address, phone number, etc.? This information was likely sold to websites like whitepages.com, spokeo, etc. You can contact them directly to request that your information be delisted.
- If the hack included a password, you should change your password on any accounts that may have used the same password.
This brings us to the prevention conversation:
- If you are using the same password/username/email address combination in multiple locations, it is likely you will face multiple exposures. Hackers with your credentials will try them on multiple websites.
- Your personal data is valuable – when you answer Facebook quizzes and include the first model of your car, the city of your birth, etc., you are giving up valuable pieces of information to databases on the dark web.
- In our student presentations, we also illustrate how Facebook quiz data can be just as helpful as following Rumplestilskin home. Your favorite team is the Hawkeyes and you were born in 1980…is your password Hawkfan80?
- Your personal and demographic data can be just as valuable as your password.
- Hackers purchase information from these databases and compile information dossiers. Eventually, they have enough information to access your bank, steal your identity, answer your iTunes security questions, etc.
Password Safety Recommendations
- Consider using a password manager – Google and iCloud have built-in password managers, LastPass and 1Password are some additional options. When using a password manager, use the crazy passwords that it recommends for you!
- Use two-factor authentication where possible – this sends a text message or one-time password to a two-factor app on your phone.
- Use a combination of uppercase, lowercase, numbers, and special characters
- DO NOT REUSE PASSWORDS
- Try using letters that represent a memorable phrase: If I were Dorothy from the Wizard of Oz, maybe my password phrase would be There’s no place like home! Translated into password lingo with some added special characters: TnoPlH0m3!
- Take a look at some other fun password phrase schemes below: