Thursday, January 16, 2014

Securing Your Online Identity After Being Hacked

The other day my Twitter account @MikeKGibson was hacked.  The attacker sent out messages to everyone who follows me with URLs to other twitter users' status updates, which in turn were links to suspicious websites.

Luckily, I caught it within an hour before the hackers had a chance to tweet something like "I like to #SniffMyOwnButt" on my behalf.  I tweeted my followers warning them not to click on the links.

But, worst of all, the attackers now have access to my password, giving them easy access to any other website where I used the same password.  Let's be honest, many of us use the same or similar passwords on all our website accounts.

If your own passwords are ever compromised ("before your own passwords are compromised" may be more accurate) here are steps you can take to minimize the damage by using a password manager app like my own Easy Password Storage.

The idea is not only to create strong passwords that cannot be brute forced, but to use a unique password for every website you visit.  That way one stolen password cannot be used to access any account but the one that is hacked.  You never know which big company is going to be hacked, or which website stores your passwords in plain-text.

Here is how I use Easy Password Storage to deal with this:

  1. Each time I create an account on a website I open my password manager, Easy Password Storage
  2. I add the account to my list and use the password generator to generate a random password with as many characters as possible.  I aim for at least 36 random characters if it is allowed by the website.
  3. I turn off "Save password" features of the browser.  It's a pain to lose this feature, but it's so easy for a hacker to gain access to them (have you ever tried typing "chrome://settings/passwords" in Chrome, for example?)
  4. When I know I'm going to visit a website that will require a password, like my bank, I tab over to Easy Password Storage, select my bank entry, and click the Launch button.  This copies my long, random password to my clipboard and opens my bank's URL.  Now I can simply paste my password in.
  5. I have Easy Password Storage set to erase my clipboard 30 seconds after I copy my password for extra security.
I won't lie, it's more time consuming to create random passwords for each website, but I suspect it's nothing compared to the time I would have to spend changing passwords and recovering accounts after a major hack.

Once you have put a system like this in place it means you no longer know your own passwords from memory.  It's important that you have access to your passwords on all your devices.  That's why Easy Password Storage has cloud sync as well as offline import/export ability.  

As a developer I have all sorts of computers (Mac, Windows, iPad, Android Tablet, Android phone) where I need to have access to my passwords, and Easy Password Storage keeps them encrypted and synchronized automatically in the Cloud.  For more information, here is an article I wrote on Using Easy Password Storage in the Cloud.

Luckily, my Twitter password was unique and can't be used to hack my other accounts. I recommend you put a similar process in place with your own accounts now: it's much easier to deal with hackers now, before they have a chance to get into your bank account or trick people into thinking you #SniffYourOwnButt.

Easy Password Storage, by Rebrand Software, LLC is currently available at the following locations:

No comments:

Post a Comment